Częste "DoS attack", czy to normalne?


(Rybka5) #1

Witam serdecznie. Posiadam neostradę 10Mb/s, korzystam z routera Netgear DGN2200v3. Mianowicie nie pokoi mnie jedna rzecz, w dzienniku mam takie coś:

[admin login] from source 192.168.0.2, Saturday, June 02,2012 13:07:31         

[DoS attack: ACK Scan] from source: 69.63.189.70:80, Saturday, June 02,2012 13:04:14         

[DoS attack: ACK Scan] from source: 69.63.189.70:80, Saturday, June 02,2012 13:00:04         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:56:06         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:55:28         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:53:40         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:53:02         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:50:36         

[DoS attack: ACK Scan] from source: 69.63.189.70:80, Saturday, June 02,2012 12:48:22         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:47:32         

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Saturday, June 02,2012 12:46:53         

[DoS attack: RST Scan] from source: 188.165.251.96:80, Saturday, June 02,2012 12:43:57         

[admin login] from source 192.168.0.2, Saturday, June 02,2012 12:40:31         

[DoS attack: ACK Scan] from source: 213.186.33.87:80, Saturday, June 02,2012 11:52:39         

[DoS attack: ACK Scan] from source: 69.197.18.194:80, Saturday, June 02,2012 11:20:11         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 10:35:25         

[DoS attack: ACK Scan] from source: 199.91.125.193:80, Saturday, June 02,2012 10:32:56         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 10:07:12         

[DoS attack: ACK Scan] from source: 69.197.18.194:80, Saturday, June 02,2012 09:44:10         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 09:10:17         

[DoS attack: ACK Scan] from source: 87.98.239.3:80, Saturday, June 02,2012 08:58:42         

[admin login] from source 192.168.0.2, Saturday, June 02,2012 08:42:35         

[DoS attack: RST Scan] from source: 97.107.142.183:80, Saturday, June 02,2012 08:36:25         

[DoS attack: ACK Scan] from source: 66.220.158.70:80, Saturday, June 02,2012 08:22:06         

[DoS attack: ACK Scan] from source: 216.34.181.71:80, Saturday, June 02,2012 08:21:10         

[admin login] from source 192.168.0.2, Saturday, June 02,2012 08:13:50         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 08:05:27         

[DoS attack: ACK Scan] from source: 115.84.178.17:80, Saturday, June 02,2012 07:55:10         

[DoS attack: ACK Scan] from source: 103.28.249.232:80, Saturday, June 02,2012 07:31:16         

[DoS attack: ACK Scan] from source: 61.135.169.105:80, Saturday, June 02,2012 07:10:45         

[DoS attack: ACK Scan] from source: 184.168.89.133:80, Saturday, June 02,2012 07:09:00         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 07:02:54         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 06:32:17         

[DoS attack: ACK Scan] from source: 194.145.208.20:80, Saturday, June 02,2012 06:23:10         

[DoS attack: ACK Scan] from source: 50.116.94.152:80, Saturday, June 02,2012 06:10:27         

[DoS attack: ACK Scan] from source: 199.91.125.193:80, Saturday, June 02,2012 04:44:05         

[DoS attack: ACK Scan] from source: 199.91.125.193:80, Saturday, June 02,2012 04:42:34         

[DoS attack: ACK Scan] from source: 184.168.89.133:80, Saturday, June 02,2012 04:14:45         

[DoS attack: ACK Scan] from source: 69.197.18.194:80, Saturday, June 02,2012 01:53:39         

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:49:47           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:47:19           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:45:25           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:43:24           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:42:07           

[DoS attack: ACK Scan] from source: 69.63.189.74:80, Friday, June 01,2012 23:41:23           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:40:57           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:39:16           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:37:23           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:36:15           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:33:01           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:29:56           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:28:42           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:25:11           

[DoS attack: RST Scan] from source: 74.114.28.110:80, Friday, June 01,2012 23:18:47           

[DoS attack: ACK Scan] from source: 184.168.89.133:80, Friday, June 01,2012 23:16:19           

[DoS attack: ACK Scan] from source: 69.63.189.74:80, Friday, June 01,2012 23:10:53           

[DoS attack: ACK Scan] from source: 199.59.150.43:80, Friday, June 01,2012 23:09:21           

[DoS attack: ACK Scan] from source: 91.207.15.105:80, Friday, June 01,2012 23:07:15           

[DoS attack: ACK Scan] from source: 173.244.195.83:1935, Friday, June 01,2012 23:05:42           

[DoS attack: ACK Scan] from source: 66.220.153.74:80, Friday, June 01,2012 23:03:55           

[DoS attack: ACK Scan] from source: 66.220.153.74:80, Friday, June 01,2012 22:58:29           

[DoS attack: ACK Scan] from source: 193.203.222.16:80, Friday, June 01,2012 22:56:24           

[DoS attack: ACK Scan] from source: 69.63.189.74:80, Friday, June 01,2012 22:53:59           

[DoS attack: ACK Scan] from source: 69.63.189.74:80, Friday, June 01,2012 22:50:47           

[DoS attack: ACK Scan] from source: 69.63.189.74:80, Friday, June 01,2012 22:46:39           

[DoS attack: ACK Scan] from source: 66.220.153.74:80, Friday, June 01,2012 22:45:11           

[DoS attack: ACK Scan] from source: 217.74.65.69:80, Friday, June 01,2012 22:44:48           

[DoS attack: ACK Scan] from source: 217.74.65.69:80, Friday, June 01,2012 22:44:14           

[DoS attack: ACK Scan] from source: 199.59.149.235:80, Friday, June 01,2012 22:43:48           

[DoS attack: ACK Scan] from source: 66.220.153.74:80, Friday, June 01,2012 22:35:21           

[DoS attack: ACK Scan] from source: 66.220.153.74:80, Friday, June 01,2012 22:34:56           

[DoS attack: ACK Scan] from source: 66.220.153.74:80, Friday, June 01,2012 22:34:15           

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Friday, June 01,2012 22:30:25           

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Friday, June 01,2012 22:29:46           

[DoS attack: ACK Scan] from source: 108.162.192.58:80, Friday, June 01,2012 22:25:35           

[DoS attack: ACK Scan] from source: 199.91.125.193:80, Friday, June 01,2012 21:44:06           

[DoS attack: ACK Scan] from source: 199.91.125.193:80, Friday, June 01,2012 21:43:37           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:58:35           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:58:06           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:57:44           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:57:19           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:56:19           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:55:50           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:55:29           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:53:38           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:53:16           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:52:55           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:52:33           

[DoS attack: ACK Scan] from source: 213.180.150.25:80, Friday, June 01,2012 20:52:00           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:51:37           

[DoS attack: ACK Scan] from source: 213.180.150.24:80, Friday, June 01,2012 20:51:02           

[DoS attack: ACK Scan] from source: 213.180.150.25:80, Friday, June 01,2012 20:50:31           

[DoS attack: ACK Scan] from source: 213.180.150.25:80, Friday, June 01,2012 20:50:10           

[DoS attack: ACK Scan] from source: 213.180.150.25:80, Friday, June 01,2012 20:49:45           

[DoS attack: ACK Scan] from source: 213.180.150.25:80, Friday, June 01,2012 20:49:23           

[DoS attack: ACK Scan] from source: 184.168.89.133:80, Friday, June 01,2012 20:41:46           

[DoS attack: ACK Scan] from source: 91.206.6.188:80, Friday, June 01,2012 20:40:00           

[DoS attack: ACK Scan] from source: 193.23.48.26:80, Friday, June 01,2012 20:38:57           

[DoS attack: ACK Scan] from source: 69.63.190.70:80, Friday, June 01,2012 20:29:02           

[DoS attack: ACK Scan] from source: 193.203.222.16:80, Friday, June 01,2012 20:25:28           

[DoS attack: ACK Scan] from source: 69.63.190.70:80, Friday, June 01,2012 20:23:09           

[DoS attack: ACK Scan] from source: 69.63.190.70:80, Friday, June 01,2012 20:22:04           

[DoS attack: ACK Scan] from source: 69.63.190.70:80, Friday, June 01,2012 20:18:12           

[DoS attack: ACK Scan] from source: 193.203.222.16:80, Friday, June 01,2012 20:05:19           

[DoS attack: ACK Scan] from source: 193.203.222.16:80, Friday, June 01,2012 20:01:55           

[DoS attack: ACK Scan] from source: 199.59.150.43:80, Friday, June 01,2012 19:58:27           

[DoS attack: ACK Scan] from source: 66.220.147.93:80, Friday, June 01,2012 19:49:45           

[DoS attack: ACK Scan] from source: 199.59.149.235:80, Friday, June 01,2012 19:45:22           

[DoS attack: ACK Scan] from source: 199.59.149.200:80, Friday, June 01,2012 19:43:18           

[DoS attack: ACK Scan] from source: 66.220.147.93:80, Friday, June 01,2012 19:42:52           

[DoS attack: ACK Scan] from source: 193.111.38.244:80, Friday, June 01,2012 19:41:55           

[DoS attack: ACK Scan] from source: 66.220.149.93:80, Friday, June 01,2012 19:40:30           

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Friday, June 01,2012 19:35:27           

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Friday, June 01,2012 19:34:49           

[DoS attack: ACK Scan] from source: 66.220.146.100:80, Friday, June 01,2012 19:34:11

Słyszałem że takie ataki to normalna rzecz ale u mnie zdarzają się co minutę (czasami częściej), czy to normalne? Ostatnio mam problem z prędkościami łącza, czy to może być spowodowane tymi atakami? Nie wiem czy to ma znaczenie ale dodam że ataki są nawet przy wyłączonym kompie, kiedy włączony jest sam router.


(Drobok) #2

Jeśli nie masz serwera to zwyczajnie banuj to wszystko i będzie ok :slight_smile:


(Rybka5) #3

Możesz mi wyjaśnić w jaki sposób bo nie jestem w temacie sieci komputerowych :slight_smile:


(Abecikxp) #4

Jeśli nie udostępniasz zasobów swojego komputera innym użytkownikom za pomocą określonych usług/programów (np serwer jakiejś gry typu lineage2 , samp itd lub serwer plików ftp) To dodaj te adresy ip do zapory sieciowej routera w celu ich zablokowania.


(Rybka5) #5

Ale to ma jakiś sens kiedy te adresy codziennie się zmieniają? Więc te ataki to normalna rzecz i poza blokadą ip nic na to nie poradzę tak?


(Drobok) #6

Tobie jako posiadaczowi neo też te ip powinno się zmieniać. Nic więcej poza blokadą nie zrobisz :slight_smile:


(scripter1) #7

Tak, to wysoce prawdopodobne ale samego faktu ataków nie nazwałbym czymś normalnym (częstym tak ale nie normalnym).

Też mam routera Netgear (ale inny model i innego dostawcę neta) i też miałem taką sytuację że naglę net zwolnił a gdy zalogowałem się do routera to w logu były właśnie takie wpisy o atakach.

A gdy ataki ustały również szybkość neta wróciła do normy.

Blokowanie dodatkowo w firewallu w kompie ani nie ma większego sensu bo te ataki i tak już zostały zablokowane przez routera więc nie ma już czego blokować.

Poza tym dodatkowe blokowanie w firewallu w kompie nie da ci to też pełnej prędkości łącza w trakcie trwania ataku, faktem jest że w tym czasie przez twoje łącze (na odcinku net -> router) płyną ofensywne pakiety które zapychają na tym odcinku twoje łącze i nic tu nie zmieni że są one blokowane przez router.

Musiały by być one blokowane przez twojego operatora w miejscu gdzie łącze ma większą przepustowość niż to przydzielone tobie aby były szanse żebyś nie odczuł spadku prędkości.


(silvver) #8

również miałem router Netgear, ale inny model.. internet co jakiś czas zwalniał, a w logu routera pokazywało takie ataki z prawie całego świata :stuck_out_tongue: Z tego co się naczytałem wtedy o tym, to praktycznie sam nie jesteś w stanie nic zrobić.

Rozwiązałem to dość radykalnie - zakup nowego routera, TL-WR1043ND i problem całkowicie zniknął.


(Drobok) #9

Zmieniaj ip do czasu kiedy ataków nie będzie :stuck_out_tongue:


(Rybka5) #10

Lol to mnie pocieszyliście :frowning: . Co ciekawe korzystałem przez rok z neo bez żadnych problemów na standardowym ZTE ZXV10 i od początku maja (czyli od kiedy kupiłem netgeara) mam takie problemy. Dziś zamontowałem ponownie zte dla porównania ale problem z zamulonym łączem niestety pozostał. Chyba tylko sporadyczna zmiana ip mi pozostała :slight_smile: bo 200zł na kolejny router to na pewno nie wyłożę. No i będę dzwonił do neo niech mi abonament obniżają bo za 10Mb/s nie będę płacił kiedy nawet połowy z tego nie osiągam.