SYN_FLOODING ATTACK

  • 4 mei 2012
  • 8 reacties
  • 4657 keer bekeken

Badge +1
In het log staat SYN_FLOODING ATTACK met ipnummer.

Dat gaat de hele dag zo door.

Is dit een zgn dos attack naar mij?

En wat kan ik er aan doen?

Andere vraag kan ik het betreffende ipadres ergens in mijn modem blocken?

Modem is 2601HN-F1

8 reacties

Reputatie 8
Badge +16
Het ligt eraan wat het externe ip-adres is. Als het een Telfort server ofzo is, kan het gewoon een communicatieprobleempje zijn in plaats van een attack.
Badge +1
Het desination adres is mijn huidige ipadres.

De SRC adressen zijn verschillende die repeterend (zo lijkt het) terugkomen.

Omdat er alert voor staat en het woord attack krijg je automatisch argwaan.
Badge
Je bedoelt zoiets?
1 01 01 01:01:13 info DSL up down log: WAN Physical Link Down

2 01 01 01:02:01 info DSL up down log: WAN Physical Link Up. Upstream 2048 kbps Downstream 22012 kbps, DSL Type is VDSL2 .
3 01 01 01:02:13 info NTP new time: April 26 15:27:23
4 04 26 15:27:23 info Time initialized by NTP server
5 04 26 15:40:05 info DSL up down log: WAN Physical Link Down
6 04 26 15:40:43 info DSL up down log: WAN Physical Link Up. Upstream 2048 kbps Downstream 22016 kbps, DSL Type is VDSL2 .
7 04 26 15:48:24 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 14 times in 0 seconds]
8 04 26 15:48:24 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.1<1>PortScan ATTACK:IN=ptm0.34 OUT= MAC=cc:5d:4e:14:3b:b0:02:00:00:00:00:01:08:00:45:b8:00:c8 SRC=82.168.0.248 DST=82.169.xxx.xxx
9 04 26 15:48:24 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 239 times in 8 seconds]
10 04 26 15:48:32 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx
11 04 26 15:48:32 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 28 times in 1 seconds]
12 04 26 15:48:33 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx
13 04 26 16:04:58 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 59 times in 2 seconds]
14 04 26 16:05:00 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx
15 04 26 16:05:00 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 52 times in 2 seconds]
16 04 26 16:05:48 alert PortScan ATTACK:SRC=82.168.0.249 DST=82.169.xxx.xxx [last message repeated 25 times in 1 seconds]
17 04 27 15:27:27 info Time initialized fail
18 04 27 15:27:27 info NTP new time: April 27 15:27:33
19 04 27 15:27:33 info Time initialized by NTP server
20 04 28 00:49:09 alert SYN,FIN ATTACK:SRC=49.218.195.60 DST=82.169.xxx.xxx [last message repeated 5 times in 7 seconds]
21 04 28 11:12:54 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 15 times in 0 seconds]
22 04 28 12:14:52 alert PortScan ATTACK:SRC=82.168.0.249 DST=82.169.xxx.xxx [last message repeated 22 times in 1 seconds]
23 04 28 15:27:34 info Time initialized fail
24 04 28 15:27:34 info NTP new time: April 28 15:27:40
25 04 28 15:27:40 info Time initialized by NTP server
26 04 28 19:28:14 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 8 times in 0 seconds]
27 04 29 00:03:24 alert SYN,FIN ATTACK:SRC=81.234.121.49 DST=82.169.xxx.xxx [last message repeated 7 times in 20 seconds]
28 04 29 15:27:41 info Time initialized fail
29 04 29 15:27:41 info NTP new time: April 29 15:27:46
30 04 29 15:27:46 info Time initialized by NTP server
31 04 29 22:36:44 alert SYN,FIN ATTACK:SRC=121.212.145.66 DST=82.169.xxx.xxx [last message repeated 7 times in 19 seconds]
32 04 30 12:00:17 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
33 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
34 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx [last message repeated 1 times in 0 seconds]
35 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
36 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx [last message repeated 1 times in 0 seconds]
37 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
38 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx [last message repeated 1 times in 0 seconds]
39 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
40 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
41 04 30 12:00:19 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
42 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
43 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx [last message repeated 1 times in 0 seconds]
44 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
45 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx [last message repeated 1 times in 0 seconds]
46 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
47 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
48 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
49 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
50 04 30 12:00:21 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
51 04 30 12:00:22 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
52 04 30 12:00:22 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
53 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
54 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
55 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx [last message repeated 1 times in 0 seconds]
56 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
57 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
58 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
59 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
60 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
61 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.170 DST=82.169.xxx.xxx
62 04 30 12:00:24 alert PortScan ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
63 04 30 12:00:31 alert PingofDeath ATTACK:SRC=199.30.247.171 DST=82.169.xxx.xxx
64 04 30 15:27:47 info Time initialized fail
65 04 30 15:27:47 info NTP new time: April 30 15:27:53
66 04 30 15:27:53 info Time initialized by NTP server
67 04 30 20:54:09 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
68 04 30 20:54:21 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
69 04 30 20:54:22 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
70 04 30 20:54:22 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
71 04 30 20:54:24 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
72 04 30 20:54:25 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
73 04 30 20:54:25 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
74 04 30 20:54:25 alert SYN_FLOODING ATTACK:SRC=88.249.227.133 DST=82.169.xxx.xxx
75 05 01 02:18:00 alert SYN_FLOODING ATTACK:SRC=115.45.217.42 DST=82.169.xxx.xxx
76 05 01 03:21:36 alert SYN,FIN ATTACK:SRC=151.81.79.99 DST=82.169.xxx.xxx [last message repeated 5 times in 6 seconds]
77 05 01 03:21:47 alert SYN,FIN ATTACK:SRC=151.81.79.99 DST=82.169.xxx.xxx [last message repeated 1 times in 8 seconds]
78 05 01 03:22:12 alert SYN,FIN ATTACK:SRC=151.81.79.99 DST=82.169.xxx.xxx
79 05 01 15:27:54 info Time initialized fail
80 05 01 15:27:54 info NTP new time: May 01 15:28:00
81 05 01 15:28:00 info Time initialized by NTP server
82 05 02 00:23:01 alert LAN ATTACK:SRC=192.168.1.8 DST=82.169.xxx.xxx
83 05 02 01:52:41 info DSL up down log: WAN Physical Link Down
84 05 02 01:54:23 info DSL up down log: WAN Physical Link Up. Upstream 3072 kbps Downstream 27008 kbps, DSL Type is VDSL2 .
85 05 02 15:28:01 info Time initialized fail
86 05 02 15:28:01 info NTP new time: May 02 15:28:06
87 05 02 15:28:06 info Time initialized by NTP server
88 05 03 15:28:07 info Time initialized fail
89 05 03 15:28:07 info NTP new time: May 03 15:28:13
90 05 03 15:28:13 info Time initialized by NTP server
91 05 04 01:55:01 info DSL up down log: WAN Physical Link Down
92 05 04 01:55:57 info DSL up down log: WAN Physical Link Up. Upstream 3060 kbps Downstream 27016 kbps, DSL Type is VDSL2 .
93 05 04 15:28:14 info Time initialized fail
94 05 04 15:28:14 info NTP new time: May 04 15:28:20
95 05 04 15:28:20 info Time initialized by NTP server
96 05 04 17:29:47 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 104 times in 3 seconds]
97 05 04 17:30:10 alert PortScan ATTACK:SRC=82.168.0.248 DST=82.169.xxx.xxx [last message repeated 568 times in 19 seconds]
Badge +1
Bijna maar net niet helemaal :)



1 May 4 16:20:31 alert SYN_FLOODING ATTACK:SRC=87.208.162.237 DST=82.xxx.xxx.xxx
2 May 4 16:20:46 alert SYN_FLOODING ATTACK:SRC=81.11.214.129 DST=82.xxx.xxx.xxx
3 May 4 16:20:46 alert SYN_FLOODING ATTACK:SRC=84.9.38.60 DST=82.xxx.xxx.xxx [last message repeated 1 times in 3 seconds]
4 May 4 16:20:52 alert SYN_FLOODING ATTACK:SRC=83.82.35.41 DST=82.xxx.xxx.xxx
5 May 4 16:20:54 alert SYN_FLOODING ATTACK:SRC=81.11.214.129 DST=82.xxx.xxx.xxx [last message repeated 1 times in 8 seconds]
6 May 4 16:21:17 alert SYN_FLOODING ATTACK:SRC=87.208.162.237 DST=82.xxx.xxx.xxx
7 May 4 16:21:18 alert SYN_FLOODING ATTACK:SRC=109.98.231.31 DST=82.xxx.xxx.xxx
8 May 4 16:21:18 alert SYN_FLOODING ATTACK:SRC=81.11.214.129 DST=82.xxx.xxx.xxx
9 May 4 16:21:26 alert SYN_FLOODING ATTACK:SRC=87.208.162.237 DST=82.xxx.xxx.xxx
Badge +1
Kan iemand van Telfort iets met mijn vraag.

Is het schadelijk?

Kan ik de betreffende ipadressen blokkeren in het modem?
Ga eens naar www.speedtest.net en plaats het resultaat hier.
Als je namelijk aangevallen word door een DDoS of een SYN_FLOOD is je verbinding super traag.
Reputatie 8
Badge +16
Heb je iets van Torrents draaien of ben je aan het gamen?

Het kan zijn dat je computer probeert een groot aantal verbindingen op te zetten en dat je firewall dit tegenhoudt...
Badge +1
Nee geen torrents en geen games.

http://www.speedtest.net/result/2039133824.png

Reageer