Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?

Niemand_0o · 22.10.2013, 22:43

Schönen guten Abend liebe Trojaner Community und Admins.
Ich habe schon desöfteren hier bei euch Hilfe gefunden durch heimliches mitlesen
diverser Posts, jedoch habe ich nun ein schwerwiegendes Problem welches sich über
mehrere Wochen hinweg durchzog und nun doch außartet.

Zum eigentlichen Problem. Ich habe mir vor knapp 4 Wochen einen NetGear WRN2200 Wireless Router zugelegt da ich vorher garkeinen hatte. Ich bin bei einem Internet Anbieter der seinen Kunden ein eigenes Modem zur verfügung stellt über welches ich dann mit einem Lan-HUB ans Internet gegangen bin. Seitdem ich den Router habe beobachte ich sehr viele komische Dinge in den Router logs. Hier erst einmal die Logs dieser Woche ( die ist zwar nicht lang aber der Log schon wieder voll)

Code:

ATTFilter

[admin login] from source 192.168.1.4, Tuesday, October 22,2013 22:14:58
[admin login failure] from source 192.168.1.4, Tuesday, October 22,2013 22:14:47
[Internet connected] IP address: xxx, Tuesday, October 22,2013 19:03:45
[UPnP set event: del_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 18:38:51
[UPnP set event: add_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 18:38:33
[Internet connected] IP address: xxx, Tuesday, October 22,2013 18:03:44
[DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Tuesday, October 22,2013 17:09:01
[Internet connected] IP address: xxx, Tuesday, October 22,2013 16:03:45
[DoS Attack: RST Scan] from source: 125.141.31.171, port 46403, Tuesday, October 22,2013 15:19:33
[Internet connected] IP address: xxx, Tuesday, October 22,2013 15:03:44
[UPnP set event: del_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 15:01:04
[UPnP set event: add_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 15:00:46
[UPnP set event: del_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 14:35:07
[LAN access from remote] from 85.176.76.135:6941 to 192.168.1.4:6881, Tuesday, October 22,2013 14:34:41
[LAN access from remote] from 84.79.8.146:6881 to 192.168.1.4:6881, Tuesday, October 22,2013 14:34:40
[UPnP set event: add_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 14:21:01
[DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Tuesday, October 22,2013 14:20:29
[Internet connected] IP address: xxx, Tuesday, October 22,2013 13:03:45
[DoS Attack: UDP Port Scan] from source: 184.22.131.58, port 5239, Tuesday, October 22,2013 12:53:35
[Internet connected] IP address: xxx, Tuesday, October 22,2013 12:03:44
[DoS Attack: RST Scan] from source: 85.99.183.66, port 23958, Tuesday, October 22,2013 11:05:25
[Internet connected] IP address: xxx, Tuesday, October 22,2013 11:03:44
[Time synchronized with NTP server] Tuesday, October 22,2013 10:20:34
[Internet connected] IP address: xxx, Monday, October 21,2013 21:03:43
[admin login] from source 192.168.1.4, Monday, October 21,2013 20:11:42
[Internet connected] IP address: xxx, Monday, October 21,2013 20:03:44
[UPnP set event: del_nat_rule] from source 192.168.1.4, Monday, October 21,2013 19:39:59
[UPnP set event: add_nat_rule] from source 192.168.1.4, Monday, October 21,2013 19:39:41
[admin login] from source 192.168.1.4, Monday, October 21,2013 19:38:13
[UPnP set event: add_nat_rule] from source 192.168.1.4, Monday, October 21,2013 19:32:07
[UPnP set event: del_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:43
[UPnP set event: add_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:40
[DHCP IP: 192.168.1.3] to MAC address f8:d0:ac:17:bd:d7, Monday, October 21,2013 19:27:39
[UPnP set event: del_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:28
[DHCP IP: 192.168.1.3] to MAC address f8:d0:ac:17:bd:d7, Monday, October 21,2013 19:27:17
[UPnP set event: add_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:08
[DHCP IP: 192.168.1.3] to MAC address f8:d0:ac:17:bd:d7, Monday, October 21,2013 19:22:39
[admin login] from source 192.168.1.4, Monday, October 21,2013 19:20:45
[Internet connected] IP address: xxx, Monday, October 21,2013 19:03:44
[DoS Attack: ACK Scan] from source: 199.9.255.242, port 1935, Monday, October 21,2013 18:56:42
[Internet connected] IP address: xxx, Monday, October 21,2013 16:03:43
[DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:18:44
[DoS Attack: RST Scan] from source: 211.208.2.188, port 22483, Monday, October 21,2013 15:17:27
[DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:16:44
[DoS Attack: RST Scan] from source: 211.208.2.188, port 22232, Monday, October 21,2013 15:15:22
[DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:08:42
[DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:06:52
[DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:06:45
[DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:06:23
[DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:06:03
[DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:06:00
[DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:05:51
[DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:05:46
[DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:05:37
[DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:05:21
[DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:05:17
[DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:05:14
[Internet connected] IP address: xxx, Monday, October 21,2013 15:03:42
[DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Monday, October 21,2013 15:01:41
[admin login] from source 192.168.1.4, Monday, October 21,2013 14:46:33
[DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Monday, October 21,2013 14:28:13
[Internet connected] IP address: xxx, Monday, October 21,2013 14:03:41
[DoS Attack: TCP/UDP Chargen] from source: 80.82.70.232, port 56175, Monday, October 21,2013 13:39:41
[Internet connected] IP address: xxx, Monday, October 21,2013 11:03:42
[Time synchronized with NTP server] Monday, October 21,2013 10:17:05
[Internet connected] IP address: xxx, Sunday, October 20,2013 21:03:42
[admin login] from source 192.168.1.4, Sunday, October 20,2013 20:13:04
[Internet connected] IP address: xxx, Sunday, October 20,2013 18:03:42
[admin login] from source 192.168.1.4, Sunday, October 20,2013 17:32:36
[Internet connected] IP address: xxx, Sunday, October 20,2013 17:03:41
[DoS Attack: TCP/UDP Chargen] from source: 80.82.65.49, port 32974, Sunday, October 20,2013 16:52:01
[DoS Attack: TCP/UDP Chargen] from source: 108.61.61.163, port 5555, Sunday, October 20,2013 16:48:48
[admin login] from source 192.168.1.4, Sunday, October 20,2013 16:37:46
[DoS Attack: TCP/UDP Chargen] from source: 80.82.65.49, port 52135, Sunday, October 20,2013 16:28:35
[Internet connected] IP address: xxx, Sunday, October 20,2013 15:03:42
[DoS Attack: TCP/UDP Chargen] from source: 80.82.65.49, port 49464, Sunday, October 20,2013 15:03:39
[Internet connected] IP address: xxx, Sunday, October 20,2013 14:03:41
[DoS Attack: RST Scan] from source: 88.70.182.65, port 17702, Sunday, October 20,2013 13:07:54
[DoS Attack: RST Scan] from source: 88.70.182.65, port 17646, Sunday, October 20,2013 13:06:54
[Internet connected] IP address: xxx, Sunday, October 20,2013 11:03:41
[Time synchronized with NTP server] Sunday, October 20,2013 10:17:04
[Internet connected] IP address: xxx, Sunday, October 20,2013 10:03:41
[DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Sunday, October 20,2013 09:33:57
[Internet connected] IP address: xxx, Sunday, October 20,2013 02:03:40
[Log Cleared] Sunday, October 20,2013 01:34:10

Die xxx habe ich ersetzt da das meine eigene IP adresse ist (denke ich

)

Wie man sehen kann erfolgen eine beachtliche Anzahl an Dos-Angriffen auf mein heimisches Netzwerk. Die IP Adressen habe ich natürlich mit UTrace überprüft und stammen allesamt aus umliegenden EU Ländern, also keine die ich kenne. ( auch nicht in Verbindung mit Programmen die ich benutze)

Was mich nun skeptisch macht ist der Eintrag

Zitat:

[LAN access from remote] from 85.176.76.135:6941 to 192.168.1.4:6881, Tuesday, October 22,2013 14:34:41
[LAN access from remote] from 84.79.8.146:6881 to 192.168.1.4:6881, Tuesday, October 22,2013 14:34:40

Wenn ich den Eintrag richtig deute hat es ja jemand in mein Lan geschafft und hat erfolgreich eine Verbinung zu meinem PC hergestellt ( der hat die 4 im Lan)

Zu meinen Versuchen der Lage Herr zu werden:

Ich habe im Router folgende Einstellungen gesetzt:

Portforwarding / Triggering aus
DDNS-Dienst deaktiviert
Statische Routen deaktiviert
Fernsteuerung deaktiviert
UPnP deaktiviert
WLAN Repeating deaktiviert

Maleware Antibytes findet nichts auf meinem Rechner genauso wie Antivir

Meine Frage ist nun, sind das wirklich Angriffe auf meinen PC / Netzwerk ( Meistens erfolgen die Portscans/Dos Angriffe während der PC aus ist ...)
Muss ich mir Sorgen machen und viel wichtiger, was kann ich tun um dem vorzubeugen???
Eventuell als Anmerkung, ich merke keinerlei Verbindungsabbrüche oder Einbrüche. Mir ist jedoch aufgefallen das mein Download seit geraumer Zeit von 1,6mb auf 1,3mb runtergegangen ist und mein Internet anbieter meint das liege an mir.

Ich bitte um schnelle Hilfe!

MfG Niemand

Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?

Log-Analyse und Auswertung: Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?

Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?

Ähnliche Themen: Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?