收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 COMODO 毛豆防火墙提示拦截好几百入侵
12下一页
返回列表 发新帖
查看: 7314|回复: 12
收起左侧

[求助] 毛豆防火墙提示拦截好几百入侵

[复制链接]
ning1999
发表于 2009-11-2 11:27:16 | 显示全部楼层 |阅读模式
高手帮忙分析一下
日期/时间程序行为源IP源端口目标IP目标端口协议[/td]
11/01/09 22:20:45System阻止190.176.246.1891783122.239.11.212139TCP
11/01/09 22:30:05System阻止219.159.67.1796000122.239.11.212445TCP
11/01/09 22:31:06C:\Windows\System32\svchost.exe阻止61.147.99.726000122.239.11.212135TCP
11/01/09 22:38:16D:\QQ\Bin\QQ.exe阻止59.74.42.1094000122.239.11.2129000UDP
11/01/09 22:54:03System阻止60.191.145.1666000122.239.11.212445TCP
11/01/09 22:54:50System阻止67.134.208.132137122.239.11.212137UDP
11/01/09 22:54:53System阻止67.134.208.132137122.239.11.212137UDP
11/01/09 22:55:00C:\Windows\System32\svchost.exe阻止67.134.208.1323332122.239.11.212135TCP
11/01/09 22:55:03C:\Windows\System32\svchost.exe阻止67.134.208.1323442122.239.11.212135TCP
11/01/09 22:55:06System阻止67.134.208.1321458122.239.11.212137UDP
11/01/09 22:57:57System阻止4.79.142.20159840122.239.11.212137UDP
11/01/09 23:03:25C:\Windows\System32\svchost.exe阻止61.160.251.506000122.239.11.212135TCP
11/01/09 23:03:46System阻止195.131.4.1644757122.239.11.212138TCP
11/01/09 23:03:49System阻止195.131.4.1644757122.239.11.212138TCP
11/01/09 23:03:52System阻止195.131.4.1644757122.239.11.212138TCP
11/01/09 23:03:55System阻止195.131.4.1644757122.239.11.212138TCP
11/01/09 23:03:58System阻止195.131.4.1644757122.239.11.212138TCP
11/01/09 23:04:01System阻止195.131.4.1644757122.239.11.212138TCP
11/02/09 09:01:32D:\QQ\Bin\QQ.exe阻止118.123.234.1568000122.239.17.10627880UDP
11/02/09 09:01:34D:\QQ\Bin\QQ.exe阻止118.123.234.1568000122.239.17.10627880UDP
11/02/09 09:03:14D:\QQ\Bin\QQ.exe阻止124.115.5.1854000122.239.17.1069000UDP
11/02/09 09:09:29C:\Windows\System32\svchost.exe阻止61.160.217.2426000122.239.17.106135TCP
11/02/09 09:11:31D:\QQ\Bin\QQ.exe阻止118.123.234.1568000122.239.17.10626427UDP
11/02/09 09:11:33D:\QQ\Bin\QQ.exe阻止118.123.234.1568000122.239.17.10626427UDP
11/02/09 09:11:45C:\Windows\System32\svchost.exe阻止61.147.99.726000122.239.17.106135TCP
11/02/09 09:12:15D:\QQ\Bin\QQ.exe阻止222.223.156.613044122.239.17.10613282UDP
11/02/09 09:12:27D:\QQ\Bin\QQ.exe阻止60.220.243.1323166122.239.17.10613282UDP
11/02/09 09:12:44D:\QQ\Bin\QQ.exe阻止219.159.103.1013621122.239.17.10613282UDP
11/02/09 09:12:54D:\QQ\Bin\QQ.exe阻止121.30.224.15063613122.239.17.10613282UDP
11/02/09 09:12:57D:\QQ\Bin\QQ.exe阻止121.30.224.15063613122.239.17.10613282UDP
11/02/09 09:13:00D:\QQ\Bin\QQ.exe阻止116.235.58.2435968122.239.17.10613282UDP
11/02/09 09:13:01D:\QQ\Bin\QQ.exe阻止116.235.58.2435968122.239.17.10613282UDP
11/02/09 09:13:03D:\QQ\Bin\QQ.exe阻止222.171.134.9713384122.239.17.10613282UDP
11/02/09 09:13:05D:\QQ\Bin\QQ.exe阻止222.171.134.9713384122.239.17.10613282UDP
11/02/09 09:13:07D:\QQ\Bin\QQ.exe阻止222.171.134.9713384122.239.17.10613282UDP
11/02/09 09:13:12D:\QQ\Bin\QQ.exe阻止121.30.224.15063613122.239.17.10613282UDP
11/02/09 09:13:13D:\QQ\Bin\QQ.exe阻止121.30.224.15063613122.239.17.10613282UDP
11/02/09 09:13:16D:\QQ\Bin\QQ.exe阻止121.30.224.15063613122.239.17.10613282UDP
11/02/09 09:13:21D:\QQ\Bin\QQ.exe阻止59.37.160.11313242122.239.17.10613282UDP
11/02/09 09:13:47D:\QQ\Bin\QQ.exe阻止218.82.203.14948517122.239.17.10613282UDP
11/02/09 09:14:13D:\QQ\Bin\QQ.exe阻止222.74.181.13034940122.239.17.10613282UDP
11/02/09 09:14:26D:\QQ\Bin\QQ.exe阻止115.192.185.7962302122.239.17.10613282UDP
11/02/09 09:14:28D:\QQ\Bin\QQ.exe阻止115.192.185.7962302122.239.17.10613282UDP
11/02/09 09:14:30D:\QQ\Bin\QQ.exe阻止115.192.185.7962302122.239.17.10613282UDP
11/02/09 09:14:45System阻止60.191.145.1666000122.239.17.106445TCP
11/02/09 09:15:06D:\QQ\Bin\QQ.exe阻止222.208.17.16913447122.239.17.10613282UDP
11/02/09 09:15:10D:\QQ\Bin\QQ.exe阻止125.93.31.25031262122.239.17.10613282UDP
11/02/09 09:15:19D:\QQ\Bin\QQ.exe阻止220.249.144.15413220122.239.17.10613282UDP
11/02/09 09:15:39D:\QQ\Bin\QQ.exe阻止60.216.104.11429310122.239.17.10613282UDP
11/02/09 09:16:05D:\QQ\Bin\QQ.exe阻止123.152.141.23613126122.239.17.10613282UDP
11/02/09 09:16:07D:\QQ\Bin\QQ.exe阻止222.85.116.2634748122.239.17.10613282UDP
11/02/09 09:16:09D:\QQ\Bin\QQ.exe阻止123.152.141.23613126122.239.17.10613282UDP
11/02/09 09:16:44D:\QQ\Bin\QQ.exe阻止117.59.58.413609122.239.17.10613282UDP
11/02/09 09:16:50D:\QQ\Bin\QQ.exe阻止59.55.195.17321935122.239.17.10613282UDP
11/02/09 09:17:14D:\QQ\Bin\QQ.exe阻止116.4.141.11011356122.239.17.10613282UDP
11/02/09 09:17:16D:\QQ\Bin\QQ.exe阻止116.4.141.11011356122.239.17.10613282UDP
11/02/09 09:17:17D:\QQ\Bin\QQ.exe阻止222.240.170.613234122.239.17.10613282UDP
11/02/09 09:17:26D:\QQ\Bin\QQ.exe阻止113.143.143.3713792122.239.17.10613282UDP
11/02/09 09:17:28D:\QQ\Bin\QQ.exe阻止113.143.143.3713792122.239.17.10613282UDP
11/02/09 09:17:35D:\QQ\Bin\QQ.exe阻止218.107.194.261425122.239.17.10613282UDP
11/02/09 09:17:37D:\QQ\Bin\QQ.exe阻止218.107.194.261425122.239.17.10613282UDP
11/02/09 09:17:43D:\QQ\Bin\QQ.exe阻止221.233.19.5713770122.239.17.10613282UDP
11/02/09 09:17:45D:\QQ\Bin\QQ.exe阻止221.233.19.5713770122.239.17.10613282UDP
11/02/09 09:17:47D:\QQ\Bin\QQ.exe阻止221.233.19.5713770122.239.17.10613282UDP
11/02/09 09:18:13D:\QQ\Bin\QQ.exe阻止218.0.70.18725797122.239.17.10613282UDP
11/02/09 09:18:24D:\QQ\Bin\QQ.exe阻止117.15.167.23113898122.239.17.10613282UDP
都是这样的程序,怎么回事···

[ 本帖最后由 ning1999 于 2009-11-2 11:28 编辑 ]
回复

举报

悠柚
发表于 2009-11-2 11:30:40 | 显示全部楼层
可能是端口扫描一类的吧,阻止了就行了
回复

举报

积累
发表于 2009-11-2 11:46:00 | 显示全部楼层
- -HIps规矩会更多
回复

举报

穿越星空
发表于 2009-11-2 12:16:36 | 显示全部楼层
  感觉不仅是端口扫描,1024一下的高位端口要小心点了,至于QQ相关的5位端口如果不影响使用就没关系,嫌麻烦可以去掉日志记录。
回复

举报

樱. 该用户已被删除
发表于 2009-11-2 12:34:56 | 显示全部楼层
我的SYSTEM也有访问137端口
进程名     协议     源网络地址     源端口   目的网络地址        目的端口
SYSTEM         UDP       192.168.0.1       137             192.168.0.255                137

这个要紧吗???
回复

举报

smith203
发表于 2009-11-2 12:54:02 | 显示全部楼层
这还算正常吧?
回复

举报

ning1999
 楼主| 发表于 2009-11-2 13:09:51 | 显示全部楼层
原帖由 穿越星空 于 2009-11-2 12:16 发表
  感觉不仅是端口扫描,1024一下的高位端口要小心点了,至于QQ相关的5位端口如果不影响使用就没关系,嫌麻烦可以去掉日志记录。
  哎...那到底有没问题呢,看着实在是闹心啊···
回复

举报

穿越星空
发表于 2009-11-2 21:12:23 | 显示全部楼层

回复 5楼 樱. 的帖子

  137端口与NetBIOS有关,除非必要,否则建议关闭,日志出现表示已被拦截,但是从日志看IP都是内网中的,所以如果发现存在问题,则放行,否则关闭。
回复

举报

穿越星空
发表于 2009-11-2 21:14:06 | 显示全部楼层

回复 7楼 ning1999 的帖子

  如果显示是阻止的话则没有问题
回复

举报

guohouzuo
发表于 2009-11-3 09:17:48 | 显示全部楼层
一般问这类问题的用户~都是开了端口隐身向导第三项导致的~呵呵~
就是一些主动传入的连接嘛,咱们常用的程序,除了一些依靠p2p技术的程序,都不需要接收主动传入的连接,所以忽略就ok了
如果嫌麻烦,关闭防火墙全局规则中的日志或者禁用防火墙日志
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-18 04:36 , Processed in 0.121561 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表