作者kazamiakira (風見明)
看板NetSecurity
標題[請益] 我被種花警告說被當成跳板了
時間Thu Oct 14 17:13:40 2010
我收到種花電信來信警告
"貴客戶租用之中華電信帳號***** ,遭anti-spam組織uceprotect.net
檢舉透過IP:220.136.48.138 上線期間內,寄送廣告郵件。細詳內容,請您參閱
http://www.uceprotect.net/en/rblcheck.php?ipr=220.136.48.138。"
目前的網路結構是
種花adsl --d-link dir-300 --hub--- 電腦*10
經過掃毒似乎沒發現可以病毒 (江民+木馬期清除大師)
以下是小弟從dir-300取出的紀錄檔
有請大大協助解讀以下紀錄檔
"Oct 14 13:57:48 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:121.10.139.148) detected. Packet dropped."
"Oct 14 13:56:33 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:202.39.224.196) detected. Packet dropped."
"Oct 14 13:56:10 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:56:00 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:65.55.15.243) detected. Packet dropped."
"Oct 14 13:55:10 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:54:17 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:54:10 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:54:05 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:53:53 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:53:45 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:53:41 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:53:35 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:53:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.78.87) detected. Packet dropped."
"Oct 14 13:53:21 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:121.10.139.148) detected. Packet dropped."
"Oct 14 13:53:16 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:49 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:36 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:35 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:29 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:29 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:26 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:52:18 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.121.120) detected. Packet dropped."
"Oct 14 13:51:57 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:119.127.220.249) detected. Packet dropped."
"Oct 14 13:51:54 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.121.120) detected. Packet dropped."
"Oct 14 13:51:45 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.121.120) detected. Packet dropped."
"Oct 14 13:51:42 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.121.120) detected. Packet dropped."
"Oct 14 13:51:34 ","DHCP: Server sending ACK to 192.168.10.112. (Lease time
= 604800)"
"Oct 14 13:51:34 ","DHCP: Server receive REQUEST from 00:1d:e0:ae:78:b7."
"Oct 14 13:51:33 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:124.237.121.120) detected. Packet dropped."
"Oct 14 13:51:26 ","DHCP: Server sending ACK to 192.168.10.112. (Lease time
= 604800)"
"Oct 14 13:51:26 ","DHCP: Server receive REQUEST from 00:1d:e0:ae:78:b7."
"Oct 14 13:50:28 ","DHCP: Server sending ACK to 192.168.10.112. (Lease time
= 604800)"
"Oct 14 13:50:28 ","DHCP: Server receive REQUEST from 00:1d:e0:ae:78:b7."
"Oct 14 13:49:57 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:65.55.15.243) detected. Packet dropped."
"Oct 14 13:48:56 ","DROP: 001. Drop TCP Packet from WAN,
src:220.132.152.183:2156, dst:220.136.40.49:80."
"Oct 14 13:48:50 ","DROP: 001. Drop TCP Packet from WAN,
src:220.132.152.183:2156, dst:220.136.40.49:80."
"Oct 14 13:48:47 ","DROP: 001. Drop TCP Packet from WAN,
src:220.132.152.183:2156, dst:220.136.40.49:80."
"Oct 14 13:46:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:202.39.224.196) detected. Packet dropped."
"Oct 14 13:46:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:202.39.224.196) detected. Packet dropped."
"Oct 14 13:46:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:202.39.224.196) detected. Packet dropped."
"Oct 14 13:46:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:202.39.224.196) detected. Packet dropped."
"Oct 14 13:46:24 ","DHCP: Server sending ACK to 192.168.10.112. (Lease time
= 604800)"
"Oct 14 13:46:24 ","DHCP: Server receive REQUEST from 00:1d:e0:ae:78:b7."
"Oct 14 13:45:44 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:202.39.224.60) detected. Packet dropped."
"Oct 14 13:43:20 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:121.10.139.147) detected. Packet dropped."
"Oct 14 13:41:09 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.218) detected. Packet dropped."
"Oct 14 13:40:17 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.207) detected. Packet dropped."
"Oct 14 13:39:54 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.118) detected. Packet dropped."
"Oct 14 13:39:28 ","DROP: 001. Drop TCP Packet from WAN,
src:220.130.128.113:63599, dst:220.136.40.49:80."
"Oct 14 13:39:22 ","DROP: 001. Drop TCP Packet from WAN,
src:220.130.128.113:63599, dst:220.136.40.49:80."
"Oct 14 13:39:19 ","DROP: 001. Drop TCP Packet from WAN,
src:220.130.128.113:63599, dst:220.136.40.49:80."
"Oct 14 13:36:57 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:119.127.220.249) detected. Packet dropped."
"Oct 14 13:35:09 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.154) detected. Packet dropped."
"Oct 14 13:34:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:119.127.220.249) detected. Packet dropped."
"Oct 14 13:34:09 ","DROP: 001. Drop TCP Packet from WAN,
src:220.135.80.155:1218, dst:220.136.40.49:80."
"Oct 14 13:34:03 ","DROP: 001. Drop TCP Packet from WAN,
src:220.135.80.155:1218, dst:220.136.40.49:80."
"Oct 14 13:34:00 ","DROP: 001. Drop TCP Packet from WAN,
src:220.135.80.155:1218, dst:220.136.40.49:80."
"Oct 14 13:32:15 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:119.127.220.249) detected. Packet dropped."
"Oct 14 13:31:56 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.167) detected. Packet dropped."
"Oct 14 13:27:59 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.112) detected. Packet dropped."
"Oct 14 13:26:27 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.103) detected. Packet dropped."
"Oct 14 13:14:45 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.109) detected. Packet dropped."
"Oct 14 13:13:06 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.161) detected. Packet dropped."
"Oct 14 13:11:35 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.159) detected. Packet dropped."
"Oct 14 13:09:00 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:121.10.139.149) detected. Packet dropped."
"Oct 14 13:08:51 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:119.127.220.249) detected. Packet dropped."
"Oct 14 13:07:32 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.206) detected. Packet dropped."
"Oct 14 13:06:06 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:05:06 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:04:13 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:209.90.125.254) detected. Packet dropped."
"Oct 14 13:04:06 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:03:12 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:02:45 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:02:32 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:02:31 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:02:25 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:02:25 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:02:22 ","ATTACK Detected: 001[SYN-ACK] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
"Oct 14 13:01:28 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:65.55.15.243) detected. Packet dropped."
"Oct 14 12:59:10 ","DHCP: Server sending ACK to 192.168.10.112. (Lease time
= 604800)"
"Oct 14 12:59:10 ","DHCP: Server receive REQUEST from 00:1d:e0:ae:78:b7."
"Oct 14 12:59:10 ","DHCP: Server sending OFFER of 192.168.10.112."
"Oct 14 12:59:08 ","DHCP: Server receive DISCOVER from 00:1d:e0:ae:78:b7."
"Oct 14 12:58:03 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:58.9.120.5) detected. Packet dropped."
"Oct 14 12:51:29 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.5.119) detected. Packet dropped."
"Oct 14 12:50:44 ","DROP: 001. Drop TCP Packet from WAN,
src:220.137.65.72:50597, dst:220.136.40.49:80."
"Oct 14 12:50:38 ","DROP: 001. Drop TCP Packet from WAN,
src:220.137.65.72:50597, dst:220.136.40.49:80."
"Oct 14 12:50:35 ","DROP: 001. Drop TCP Packet from WAN,
src:220.137.65.72:50597, dst:220.136.40.49:80."
"Oct 14 12:49:20 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:65.55.15.243) detected. Packet dropped."
"Oct 14 12:47:29 ","ATTACK Detected: 001[Xmas] attack from WAN
(ip:168.95.192.1) detected. Packet dropped."
被種花警告的時段
"Oct 11 17:46:45 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14549, dst:220.136.48.138:80."
"Oct 11 17:46:28 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:46:07 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14549, dst:220.136.48.138:80."
"Oct 11 17:45:48 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14549, dst:220.136.48.138:80."
"Oct 11 17:45:40 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:45:38 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14549, dst:220.136.48.138:80."
"Oct 11 17:45:33 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14549, dst:220.136.48.138:80."
"Oct 11 17:45:16 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:45:04 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:44:52 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:44:40 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:44:35 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:44:34 ","DROP: 001. Drop TCP Packet from WAN,
src:117.47.127.237:14481, dst:220.136.48.138:80."
"Oct 11 17:43:04 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.222.220:1093, dst:220.136.48.138:80."
"Oct 11 17:42:58 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.222.220:1093, dst:220.136.48.138:80."
"Oct 11 17:42:55 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.222.220:1093, dst:220.136.48.138:80."
"Oct 11 17:02:25 ","DROP: 001. Drop TCP Packet from WAN,
src:220.143.20.224:3622, dst:220.136.48.138:80."
"Oct 11 17:02:18 ","DROP: 001. Drop TCP Packet from WAN,
src:220.143.20.224:3622, dst:220.136.48.138:80."
"Oct 11 17:02:16 ","DROP: 001. Drop TCP Packet from WAN,
src:220.143.20.224:3622, dst:220.136.48.138:80."
"Oct 11 15:42:44 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.149.171:54443, dst:220.136.48.138:80."
"Oct 11 15:42:38 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.149.171:54443, dst:220.136.48.138:80."
"Oct 11 15:42:35 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.149.171:54443, dst:220.136.48.138:80."
"Oct 11 15:02:05 ","DROP: 001. Drop TCP Packet from WAN,
src:119.120.71.42:3513, dst:220.136.48.138:80."
"Oct 11 15:01:59 ","DROP: 001. Drop TCP Packet from WAN,
src:119.120.71.42:3513, dst:220.136.48.138:80."
"Oct 11 15:01:56 ","DROP: 001. Drop TCP Packet from WAN,
src:119.120.71.42:3513, dst:220.136.48.138:80."
"Oct 11 14:52:38 ","DROP: 001. Drop TCP Packet from WAN,
src:199.86.17.72:4711, dst:220.136.48.138:80."
"Oct 11 14:52:32 ","DROP: 001. Drop TCP Packet from WAN,
src:199.86.17.72:4712, dst:220.136.48.138:80."
"Oct 11 14:52:29 ","DROP: 001. Drop TCP Packet from WAN,
src:199.86.17.72:4711, dst:220.136.48.138:80."
"Oct 11 13:43:00 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.208.94:4702, dst:220.136.48.138:80."
"Oct 11 13:42:36 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.208.94:4702, dst:220.136.48.138:80."
"Oct 11 13:42:24 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.208.94:4702, dst:220.136.48.138:80."
"Oct 11 13:42:18 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.208.94:4702, dst:220.136.48.138:80."
"Oct 11 13:42:15 ","DROP: 001. Drop TCP Packet from WAN,
src:58.114.208.94:4702, dst:220.136.48.138:80."
"Oct 11 13:01:44 ","DROP: 001. Drop TCP Packet from WAN,
src:220.130.129.91:62445, dst:220.136.48.138:80."
"Oct 11 13:01:38 ","DROP: 001. Drop TCP Packet from WAN,
src:220.130.129.91:62445, dst:220.136.48.138:80."
--
體驗磨練不要一味求快,是否體驗磨練,就像白切肉和滷肉的差別~~~!
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 220.136.40.49
1F:→ ohaha:format.. 10/16 22:52
2F:→ DirkC:當跳板的資訊沒有在這裡的紀錄檔裏面 10/21 16:22
3F:推 hukhuk:這十台的pc都掃過毒了嗎? 11/08 20:08
4F:→ firedrake:試試Symantec吧! 02/10 04:24