Gå til innhold
Trenger du hjelp med internett og nettverk? Still spørsmål her ×

Hvorfor blir jeg angrepet så mye?

Ernie

Av Ernie
i Internett og nettverk

Anbefalte innlegg

Ernie

Ernie

Skrevet
Skrevet

PC-cillin 2003 Log List

Type,"Time","Direction","Protocol","Source IP Address","Source Port","Destination IP Address","Destination Port","Description"

Firewall,"01:06:11","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:11","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:15","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:19","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:23","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:27","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:35","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:48","OUT","IGMP","80.213.131.10","N/A","224.0.0.22","N/A","Security rule matched"

Firewall,"01:06:48","OUT","UDP","80.213.131.10","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:48","OUT","UDP","80.213.131.10","68","255.255.255.255","67","Security rule matched"

Firewall,"01:06:48","OUT","UDP","80.213.131.10","3106","239.255.255.250","1900","Security rule matched"

Firewall,"01:06:48","OUT","UDP","80.213.131.10","3106","239.255.255.250","1900","Security rule matched"

Firewall,"01:06:51","OUT","UDP","0.0.0.0","68","255.255.255.255","67","Security rule matched"

Firewall,"01:16:52","IN","TCP","80.253.125.30","1179","80.213.131.10","1080","Security rule matched"

Firewall,"01:17:08","IN","TCP","80.253.125.30","1181","80.213.131.10","1180","Security rule matched"

Firewall,"09:50:20","OUT","IGMP","80.213.128.118","N/A","224.0.0.22","N/A","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3010","239.255.255.250","1900","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3010","239.255.255.250","1900","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","UDP","80.213.128.118","3012","130.67.15.198","53","Security rule matched"

Firewall,"09:50:20","OUT","IGMP","80.213.128.118","N/A","224.0.0.22","N/A","Security rule matched"

Firewall,"10:13:54","OUT","IGMP","80.213.129.5","N/A","224.0.0.22","N/A","Security rule matched"

Firewall,"10:13:54","OUT","UDP","80.213.129.5","3012","239.255.255.250","1900","Security rule matched"

Firewall,"10:13:54","OUT","UDP","80.213.129.5","3012","239.255.255.250","1900","Security rule matched"

Firewall,"10:13:54","OUT","UDP","80.213.129.5","3014","130.67.15.198","53","Security rule matched"

Firewall,"10:13:54","OUT","UDP","80.213.129.5","3014","130.67.15.198","53","Security rule matched"

Firewall,"10:13:54","OUT","IGMP","80.213.129.5","N/A","224.0.0.22","N/A","Security rule matched"

Trojan backdoor blocking,"10:29:11","OUT","TCP","80.213.129.5","3372","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:29:14","OUT","TCP","80.213.129.5","3372","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:31:25","OUT","TCP","80.213.129.5","3373","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:31:29","OUT","TCP","80.213.129.5","3373","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:31:35","OUT","TCP","80.213.129.5","3373","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:31:52","OUT","TCP","80.213.129.5","3374","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:31:54","OUT","TCP","80.213.129.5","3374","194.134.5.82","6667","Bionet"

Trojan backdoor blocking,"10:32:00","OUT","TCP","80.213.129.5","3374","194.134.5.82","6667","Bionet"

 

Det du ser over meg er et knøtt lite utdrag av de 48 siste angrepene på maskinen. Bare idag har det til nå vært 114 angrep, og igår var det 490 og det på bare 6minutter :o

Reinstallerte dessverre XP igår så jeg har ikke logger som går lenger tilbake, men jeg vet det var omtrent like ille.

Hvorfor skjer dette? og ikke minst, hva kan jeg gjøre for å unngå å bli å angrepet som dette? Godt at jeg har en software brannmur som stenger for dette (og neida det er ikke den i XP) :roll:

 

Edit: btw: de som er merket som trojaner er de gangene jeg har forsøkt å komme meg på mIRC, har rettet det problemet, men allikevel det er fortsatt en del igjen...

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
HawP

HawP

Skrevet
Skrevet

hmm.. enten så har du fått ny ip adr. ganske ofte, eller så er maskinen din schizofren (sourceip på utgående varierer en del)...

 

Og, dessuten mesteparten av dette er jo programmer som forsøker å gå ut på nettet fra din maskin... noen av disse er også legitime. Bl.a. så er UDP port 53 DNS...

Lenke til kommentar
rabagast3

rabagast3

Skrevet
Skrevet

Har du kazza gående? eller et annet sharing program ?.

 

Utdrag fra ei side om dette:

 

Port 1214 is used by Kazaa. Are you on a dynamic IP address? If so, perhaps you got a new IP that was formerly taken by a Kazaa user. These scans should slow down over time.
Lenke til kommentar
Ernie

Ernie

Skrevet
  • Forfatter
Skrevet
Har du kazza gående? eller et annet sharing program ?.

 

Utdrag fra ei side om dette:

 

Port 1214 is used by Kazaa. Are you on a dynamic IP address? If so, perhaps you got a new IP that was formerly taken by a Kazaa user. These scans should slow down over time.
der kan vi jo ha løsningen ja... vel, hvis det der stemmer så er det jo ikke mye å bekymre seg over...
Lenke til kommentar
Legion

Legion

Skrevet
Skrevet

en god del av det som blir fanget opp er bare forsinkede tcp pakker fra en browsersession, det er ikke noe å bry seg om.

udp og icmp pakkene ville jeg ha tatt en trace på bare for å være sikker, men mest sannsynlig så er det harmløst

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...