![]() |
|
Log-Analyse und Auswertung: Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 | |
| ![]() Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk? Schönen guten Abend liebe Trojaner Community und Admins. Ich habe schon desöfteren hier bei euch Hilfe gefunden durch heimliches mitlesen diverser Posts, jedoch habe ich nun ein schwerwiegendes Problem welches sich über mehrere Wochen hinweg durchzog und nun doch außartet. Zum eigentlichen Problem. Ich habe mir vor knapp 4 Wochen einen NetGear WRN2200 Wireless Router zugelegt da ich vorher garkeinen hatte. Ich bin bei einem Internet Anbieter der seinen Kunden ein eigenes Modem zur verfügung stellt über welches ich dann mit einem Lan-HUB ans Internet gegangen bin. Seitdem ich den Router habe beobachte ich sehr viele komische Dinge in den Router logs. Hier erst einmal die Logs dieser Woche ( die ist zwar nicht lang aber der Log schon wieder voll) Code:
ATTFilter [admin login] from source 192.168.1.4, Tuesday, October 22,2013 22:14:58 [admin login failure] from source 192.168.1.4, Tuesday, October 22,2013 22:14:47 [Internet connected] IP address: xxx, Tuesday, October 22,2013 19:03:45 [UPnP set event: del_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 18:38:51 [UPnP set event: add_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 18:38:33 [Internet connected] IP address: xxx, Tuesday, October 22,2013 18:03:44 [DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Tuesday, October 22,2013 17:09:01 [Internet connected] IP address: xxx, Tuesday, October 22,2013 16:03:45 [DoS Attack: RST Scan] from source: 125.141.31.171, port 46403, Tuesday, October 22,2013 15:19:33 [Internet connected] IP address: xxx, Tuesday, October 22,2013 15:03:44 [UPnP set event: del_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 15:01:04 [UPnP set event: add_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 15:00:46 [UPnP set event: del_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 14:35:07 [LAN access from remote] from 85.176.76.135:6941 to 192.168.1.4:6881, Tuesday, October 22,2013 14:34:41 [LAN access from remote] from 84.79.8.146:6881 to 192.168.1.4:6881, Tuesday, October 22,2013 14:34:40 [UPnP set event: add_nat_rule] from source 192.168.1.4, Tuesday, October 22,2013 14:21:01 [DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Tuesday, October 22,2013 14:20:29 [Internet connected] IP address: xxx, Tuesday, October 22,2013 13:03:45 [DoS Attack: UDP Port Scan] from source: 184.22.131.58, port 5239, Tuesday, October 22,2013 12:53:35 [Internet connected] IP address: xxx, Tuesday, October 22,2013 12:03:44 [DoS Attack: RST Scan] from source: 85.99.183.66, port 23958, Tuesday, October 22,2013 11:05:25 [Internet connected] IP address: xxx, Tuesday, October 22,2013 11:03:44 [Time synchronized with NTP server] Tuesday, October 22,2013 10:20:34 [Internet connected] IP address: xxx, Monday, October 21,2013 21:03:43 [admin login] from source 192.168.1.4, Monday, October 21,2013 20:11:42 [Internet connected] IP address: xxx, Monday, October 21,2013 20:03:44 [UPnP set event: del_nat_rule] from source 192.168.1.4, Monday, October 21,2013 19:39:59 [UPnP set event: add_nat_rule] from source 192.168.1.4, Monday, October 21,2013 19:39:41 [admin login] from source 192.168.1.4, Monday, October 21,2013 19:38:13 [UPnP set event: add_nat_rule] from source 192.168.1.4, Monday, October 21,2013 19:32:07 [UPnP set event: del_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:43 [UPnP set event: add_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:40 [DHCP IP: 192.168.1.3] to MAC address f8:d0:ac:17:bd:d7, Monday, October 21,2013 19:27:39 [UPnP set event: del_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:28 [DHCP IP: 192.168.1.3] to MAC address f8:d0:ac:17:bd:d7, Monday, October 21,2013 19:27:17 [UPnP set event: add_nat_rule] from source 192.168.1.3, Monday, October 21,2013 19:27:08 [DHCP IP: 192.168.1.3] to MAC address f8:d0:ac:17:bd:d7, Monday, October 21,2013 19:22:39 [admin login] from source 192.168.1.4, Monday, October 21,2013 19:20:45 [Internet connected] IP address: xxx, Monday, October 21,2013 19:03:44 [DoS Attack: ACK Scan] from source: 199.9.255.242, port 1935, Monday, October 21,2013 18:56:42 [Internet connected] IP address: xxx, Monday, October 21,2013 16:03:43 [DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:18:44 [DoS Attack: RST Scan] from source: 211.208.2.188, port 22483, Monday, October 21,2013 15:17:27 [DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:16:44 [DoS Attack: RST Scan] from source: 211.208.2.188, port 22232, Monday, October 21,2013 15:15:22 [DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:08:42 [DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:06:52 [DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:06:45 [DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:06:23 [DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:06:03 [DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:06:00 [DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:05:51 [DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:05:46 [DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:05:37 [DoS Attack: ACK Scan] from source: 87.248.217.253, port 80, Monday, October 21,2013 15:05:21 [DoS Attack: ACK Scan] from source: 85.239.127.10, port 80, Monday, October 21,2013 15:05:17 [DoS Attack: ACK Scan] from source: 87.248.217.254, port 80, Monday, October 21,2013 15:05:14 [Internet connected] IP address: xxx, Monday, October 21,2013 15:03:42 [DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Monday, October 21,2013 15:01:41 [admin login] from source 192.168.1.4, Monday, October 21,2013 14:46:33 [DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Monday, October 21,2013 14:28:13 [Internet connected] IP address: xxx, Monday, October 21,2013 14:03:41 [DoS Attack: TCP/UDP Chargen] from source: 80.82.70.232, port 56175, Monday, October 21,2013 13:39:41 [Internet connected] IP address: xxx, Monday, October 21,2013 11:03:42 [Time synchronized with NTP server] Monday, October 21,2013 10:17:05 [Internet connected] IP address: xxx, Sunday, October 20,2013 21:03:42 [admin login] from source 192.168.1.4, Sunday, October 20,2013 20:13:04 [Internet connected] IP address: xxx, Sunday, October 20,2013 18:03:42 [admin login] from source 192.168.1.4, Sunday, October 20,2013 17:32:36 [Internet connected] IP address: xxx, Sunday, October 20,2013 17:03:41 [DoS Attack: TCP/UDP Chargen] from source: 80.82.65.49, port 32974, Sunday, October 20,2013 16:52:01 [DoS Attack: TCP/UDP Chargen] from source: 108.61.61.163, port 5555, Sunday, October 20,2013 16:48:48 [admin login] from source 192.168.1.4, Sunday, October 20,2013 16:37:46 [DoS Attack: TCP/UDP Chargen] from source: 80.82.65.49, port 52135, Sunday, October 20,2013 16:28:35 [Internet connected] IP address: xxx, Sunday, October 20,2013 15:03:42 [DoS Attack: TCP/UDP Chargen] from source: 80.82.65.49, port 49464, Sunday, October 20,2013 15:03:39 [Internet connected] IP address: xxx, Sunday, October 20,2013 14:03:41 [DoS Attack: RST Scan] from source: 88.70.182.65, port 17702, Sunday, October 20,2013 13:07:54 [DoS Attack: RST Scan] from source: 88.70.182.65, port 17646, Sunday, October 20,2013 13:06:54 [Internet connected] IP address: xxx, Sunday, October 20,2013 11:03:41 [Time synchronized with NTP server] Sunday, October 20,2013 10:17:04 [Internet connected] IP address: xxx, Sunday, October 20,2013 10:03:41 [DHCP IP: 192.168.1.4] to MAC address 00:24:1d:8e:0e:9e, Sunday, October 20,2013 09:33:57 [Internet connected] IP address: xxx, Sunday, October 20,2013 02:03:40 [Log Cleared] Sunday, October 20,2013 01:34:10 ![]() Wie man sehen kann erfolgen eine beachtliche Anzahl an Dos-Angriffen auf mein heimisches Netzwerk. Die IP Adressen habe ich natürlich mit UTrace überprüft und stammen allesamt aus umliegenden EU Ländern, also keine die ich kenne. ( auch nicht in Verbindung mit Programmen die ich benutze) Was mich nun skeptisch macht ist der Eintrag Zitat:
Zu meinen Versuchen der Lage Herr zu werden: Ich habe im Router folgende Einstellungen gesetzt: Portforwarding / Triggering aus DDNS-Dienst deaktiviert Statische Routen deaktiviert Fernsteuerung deaktiviert UPnP deaktiviert WLAN Repeating deaktiviert Maleware Antibytes findet nichts auf meinem Rechner genauso wie Antivir Meine Frage ist nun, sind das wirklich Angriffe auf meinen PC / Netzwerk ( Meistens erfolgen die Portscans/Dos Angriffe während der PC aus ist ...) Muss ich mir Sorgen machen und viel wichtiger, was kann ich tun um dem vorzubeugen??? Eventuell als Anmerkung, ich merke keinerlei Verbindungsabbrüche oder Einbrüche. Mir ist jedoch aufgefallen das mein Download seit geraumer Zeit von 1,6mb auf 1,3mb runtergegangen ist und mein Internet anbieter meint das liege an mir. Ich bitte um schnelle Hilfe! MfG Niemand Geändert von Niemand_0o (22.10.2013 um 23:04 Uhr) |
Themen zu Dos Angriffe und Lan Access, verschafft sich da jemand Zugriff zu meinem Netzwerk? |
anzahl, download, einstellungen, forwarding, frage, internet, ip adresse, ip adressen, kunde, lan, mac, modem, netgear, netzwerk, port, problem, programme, rechner, remote, router, scan, server, trojaner, udp, verbindung, voll, wireless |