这些网络活动都是做什么的?

显示全部楼层 · 发表于 2009-8-19 11:34:27

这些网络活动都是做什么的?
为什么来的这么频繁重复
请具体每一个分析一下
这些都是网络攻击还是啥
这些对网络流量有影响吗有必要关闭这些记录的log吗

8/16/2009 2:26:36 PM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:3014 UDP
8/16/2009 12:03:55 PM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:7635 UDP
8/16/2009 12:03:55 PM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:7635 UDP
8/16/2009 12:03:54 PM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:7635 UDP
8/16/2009 12:03:54 PM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:7635 UDP
8/16/2009 12:03:54 PM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:7635 UDP
8/16/2009 12:03:54 PM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:7635 UDP
8/16/2009 12:03:48 PM Detected covert channel exploit in ICMP packet 192.168.1.3 207.46.18.94 ICMP
8/16/2009 11:38:15 AM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:1146 UDP
8/16/2009 11:38:15 AM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:1146 UDP
8/16/2009 11:38:14 AM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:1146 UDP
8/16/2009 11:38:14 AM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:1146 UDP
8/16/2009 11:38:14 AM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:1146 UDP
8/16/2009 11:38:14 AM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:1146 UDP
8/16/2009 11:38:08 AM Detected covert channel exploit in ICMP packet 192.168.1.3 207.46.18.94 ICMP
8/16/2009 11:29:43 AM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:8693 UDP
8/16/2009 11:29:42 AM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:8693 UDP
8/16/2009 11:29:42 AM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:8693 UDP
8/16/2009 11:29:42 AM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:8693 UDP
8/16/2009 11:29:42 AM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:8693 UDP
8/16/2009 11:29:41 AM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:8693 UDP

8/19/2009 11:17:29 AM Detected covert channel exploit in ICMP packet 192.168.1.3 221.201.230.1 ICMP

8/19/2009 10:45:32 AM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:7521 UDP
8/19/2009 10:45:31 AM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:3379 UDP
8/19/2009 10:45:31 AM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:3379 UDP
8/19/2009 10:45:31 AM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:3379 UDP
8/19/2009 10:45:31 AM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:3379 UDP
8/19/2009 10:45:17 AM Detected covert channel exploit in ICMP packet 192.168.1.3 221.201.230.1 ICMP
8/19/2009 10:45:16 AM Detected covert channel exploit in ICMP packet 192.168.1.3 221.201.230.1 ICMP
8/19/2009 10:44:46 AM Detected covert channel exploit in ICMP packet 192.168.1.3 221.201.230.1 ICMP

8/19/2009 10:25:19 AM Detected DNS cache poisoning attack 208.67.220.220:53 192.168.1.3:8225 UDP
8/16/2009 11:29:35 AM Detected covert channel exploit in ICMP packet 192.168.1.3 207.46.18.94 ICMP
8/16/2009 11:07:09 AM Detected TCP Flooding attack 61.238.55.96:56470 192.168.1.3:19077 TCP
8/16/2009 10:14:22 AM Detected TCP Flooding attack 61.238.55.96:26906 192.168.1.3:19077 TCP
8/16/2009 9:25:44 AM Incorrect IP packet checksum 0
8/16/2009 9:08:32 AM Detected TCP Flooding attack 61.238.55.96:56998 192.168.1.3:19077 TCP
8/16/2009 9:08:22 AM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:7273 UDP
8/16/2009 9:08:22 AM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:7273 UDP
8/16/2009 9:08:22 AM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:7273 UDP
8/16/2009 9:08:22 AM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:7273 UDP
8/16/2009 9:08:22 AM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:7273 UDP
8/16/2009 9:08:21 AM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:7273 UDP
8/16/2009 9:08:16 AM Detected covert channel exploit in ICMP packet 192.168.1.3 207.46.18.94 ICMP
8/16/2009 7:52:55 AM Detected TCP Flooding attack 61.238.55.96:25863 192.168.1.3:19077 TCP
8/16/2009 7:44:25 AM Incorrect IP packet checksum 0
8/16/2009 6:32:31 AM Detected TCP Flooding attack 61.238.55.96:3301 192.168.1.3:19077 TCP
8/16/2009 6:05:37 AM Incorrect IP packet checksum 0
8/16/2009 4:57:16 AM Incorrect IP packet checksum 0
8/16/2009 3:54:31 AM Detected Port Scanning attack 61.238.55.96:11857 192.168.1.3:8225 TCP
8/16/2009 2:42:23 AM Incorrect IP packet checksum 0
8/16/2009 2:39:12 AM Detected TCP Flooding attack 61.238.55.96:21089 192.168.1.3:19077 TCP
8/16/2009 1:28:30 AM Detected TCP Flooding attack 61.238.55.96:13293 192.168.1.3:19077 TCP
8/16/2009 12:33:23 AM Detected Port Scanning attack 61.238.55.96:53409 192.168.1.3:8225 TCP
8/16/2009 12:09:36 AM Detected TCP Flooding attack 94.75.222.245:54832 192.168.1.3:19077 TCP
8/16/2009 12:09:12 AM Detected TCP Flooding attack 58.214.36.249:46135 192.168.1.3:19077 TCP
8/16/2009 12:09:10 AM Detected TCP Flooding attack 116.127.145.146:46563 192.168.1.3:19077 TCP
8/15/2009 11:21:21 PM Detected TCP Flooding attack 61.238.55.96:20566 192.168.1.3:19077 TCP
8/15/2009 10:55:31 PM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:2651 UDP
8/15/2009 10:55:31 PM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:2651 UDP
8/15/2009 10:55:31 PM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:2651 UDP
8/15/2009 10:55:31 PM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:2651 UDP
8/15/2009 10:55:31 PM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:2651 UDP
8/15/2009 10:55:30 PM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:2651 UDP
8/15/2009 10:55:25 PM Detected covert channel exploit in ICMP packet 192.168.1.3 207.46.18.94 ICMP
8/15/2009 10:36:10 PM Detected TCP Flooding attack 61.238.55.96:54180 192.168.1.3:19077 TCP
8/15/2009 10:21:16 PM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:3838 UDP
8/15/2009 10:21:16 PM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:9529 UDP
8/15/2009 10:20:31 PM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:7594 UDP
8/15/2009 10:20:31 PM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:7594 UDP
8/15/2009 10:20:30 PM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:7594 UDP
8/15/2009 10:20:30 PM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:7594 UDP
8/15/2009 10:20:30 PM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:7594 UDP
8/15/2009 10:20:30 PM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:7594 UDP
8/15/2009 10:20:16 PM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:7589 UDP
8/15/2009 10:20:16 PM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:7589 UDP
8/15/2009 10:20:16 PM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:7589 UDP
8/15/2009 10:20:16 PM Detected DNS cache poisoning attack 203.236.33.105:53 192.168.1.3:7589 UDP
8/15/2009 10:20:16 PM Detected DNS cache poisoning attack 210.239.46.2:53 192.168.1.3:7589 UDP
8/15/2009 10:20:16 PM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:7589 UDP
8/15/2009 9:57:14 PM Detected DNS cache poisoning attack 213.219.245.120:53 192.168.1.3:5138 UDP
8/15/2009 9:57:14 PM Detected DNS cache poisoning attack 202.222.18.86:53 192.168.1.3:5138 UDP
8/15/2009 9:57:14 PM Detected DNS cache poisoning attack 61.121.200.48:53 192.168.1.3:5138 UDP
8/15/2009 9:57:13 PM Detected DNS cache poisoning attack 12.130.42.6:53 192.168.1.3:5138 UDP
8/15/2009 9:57:08 PM Detected covert channel exploit in ICMP packet 192.168.1.3 207.46.18.94 ICMP
8/15/2009 9:48:19 PM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:9560 UDP
8/15/2009 9:47:57 PM Detected DNS cache poisoning attack 208.67.222.222:53 192.168.1.3:2265 UDP
8/15/2009 9:39:33 PM Detected TCP Flooding attack 61.238.55.96:24410 192.168.1.3:19077 TCP
8/15/2009 8:59:09 PM Detected TCP Flooding attack 58.214.36.249:35404 192.168.1.3:19077 TCP
8/15/2009 8:53:43 PM Detected TCP Flooding attack 116.127.145.146:54607 192.168.1.3:19077 TCP
8/15/2009 8:50:56 PM Detected unexpected data in protocol 77.53.74.159 192.168.1.3:19077 UDP

8/15/2009 7:26:08 PM Detected TCP Flooding attack 61.238.55.96:17143 192.168.1.3:19077 TCP
8/15/2009 5:27:00 PM Detected covert channel exploit in ICMP packet 192.168.1.3 60.213.43.105 ICMP
8/15/2009 5:27:00 PM Detected covert channel exploit in ICMP packet 192.168.1.3 60.213.43.105 ICMP
8/15/2009 5:26:59 PM Detected covert channel exploit in ICMP packet 192.168.1.3 60.210.170.1 ICMP

8/15/2009 5:11:17 PM Detected TCP Flooding attack 116.127.145.146:40185 192.168.1.3:19077 TCP
8/15/2009 4:57:33 PM Detected TCP Flooding attack 58.214.36.249:40773 192.168.1.3:19077 TCP
8/15/2009 4:57:32 PM Detected TCP Flooding attack 116.127.145.146:45313 192.168.1.3:19077 TCP
8/15/2009 4:49:39 PM Detected TCP Flooding attack 61.238.55.96:1829 192.168.1.3:19077 TCP
8/15/2009 3:48:24 PM Detected Port Scanning attack 61.238.55.96:33150 192.168.1.3:8225 TCP
8/15/2009 3:17:22 PM Detected TCP Flooding attack 58.214.36.249:37599 192.168.1.3:19077 TCP
8/15/2009 3:17:20 PM Detected TCP Flooding attack 116.127.145.146:56501 192.168.1.3:19077 TCP

[ 本帖最后由 maxmara2 于 2009-8-19 10:36 编辑 ]

显示全部楼层 · 发表于 2009-8-19 11:44:58

Detected DNS cache poisoning attack--------------检测到DNS缓存中毒攻击
Detected TCP Flooding attack-----------------检测到TCP洪水攻击
Detected covert channel exploit in ICMP packet-----------------检测到利用隐蔽通道中的ICMP包
Detected unexpected data in protocol ---------------检测到意外的数据协议
Detected Port Scanning attack --------检测到端口扫描攻击
Incorrect IP packet checksum-----检测到异常IP数据包校验

显示全部楼层 · 发表于 2009-8-19 11:46:12

楼主惹了谁？你用什么墙？

[ 本帖最后由 strawman0719 于 2009-8-19 11:47 编辑 ]

显示全部楼层 · 发表于 2009-8-19 11:54:17

我谁也没惹啊而且这些log只是1/50

有更多的都贴不上来

不过我用bt下载还有用迅雷下载

是不是这些造成的啊?

显示全部楼层 · 发表于 2009-8-19 11:54:50

windows自己的防火墙我关了服务都关了

然后就开这个 ess4.0的这个防火墙

显示全部楼层 · 发表于 2009-8-19 11:55:13

Detected DNS cache poisoning attack
侦测到基于域名系统缓存中毒的攻击

Detected TCP Flooding attack
侦测到TCP洪水攻击

显示全部楼层 · 发表于 2009-8-19 11:55:57

太可怕了啊

想想看我之前都一直用2.7的裸奔啊无防火墙的

显示全部楼层 · 发表于 2009-8-19 11:56:23

你先停掉那些下载观察下日志的变化
也有可能是下载上传的IP记录

显示全部楼层 · 发表于 2009-8-19 11:56:43

那为什么会有这些东西呢? 怎么造成的呢

我用的是opendns

显示全部楼层 · 发表于 2009-8-19 12:00:24

不过我记得UDP跟BT下载有关
下载软件设置里有的
也许仅仅是IP连接记录而已

[讨论] 这些网络活动都是做什么的?

回复 4楼 maxmara2 的帖子

回复 6楼 lomo 的帖子