Cosa sta succedendo sul mio wifi? Attacchi NTP e ACK STORM.

6

Mi chiedo se questi attacchi siano qualcosa di cui preoccuparsi o che il mio router sia un router.

[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:12:13
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:11:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:11:29
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:11:05
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:10:32
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:09:57
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:09:15
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:08:46
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:07:31
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:06:52
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:06:23
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:05:42
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:04:43
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:04:02
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:03:38
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:02:55
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:02:24
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:01:10
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:00:47
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:00:20
[Time synchronized with NTP server] Friday, May 06,2016 19:39:13
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 19:39:28
[DoS attack: STORM] attack packets in last 20 sec from ip [24.150.13.71], Friday, May 06,2016 18:29:19
[DoS attack: STORM] attack packets in last 20 sec from ip [24.150.13.71], Friday, May 06,2016 18:28:59

Generalmente non ci penso troppo, ma anche questo è stato un po 'sfuggente.

[Time synchronized with NTP server] Friday, May 06,2016 05:49:10
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:49:10
[Time synchronized with NTP server] Friday, May 06,2016 05:34:01
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:34:01
[Time synchronized with NTP server] Friday, May 06,2016 05:18:51
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:18:51
[Time synchronized with NTP server] Friday, May 06,2016 05:03:43
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:03:43
[Time synchronized with NTP server] Friday, May 06,2016 04:48:41
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:48:41
[Time synchronized with NTP server] Friday, May 06,2016 04:33:37
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:33:37
[Time synchronized with NTP server] Friday, May 06,2016 04:18:36
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:18:36
[Time synchronized with NTP server] Friday, May 06,2016 04:03:35
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:03:36
[Time synchronized with NTP server] Friday, May 06,2016 03:48:34
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:48:34
[Time synchronized with NTP server] Friday, May 06,2016 03:33:34
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:33:34
[Time synchronized with NTP server] Friday, May 06,2016 03:18:31
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:18:31
[Time synchronized with NTP server] Friday, May 06,2016 03:03:28
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:03:28
[Time synchronized with NTP server] Friday, May 06,2016 02:48:25
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:48:26
[Time synchronized with NTP server] Friday, May 06,2016 02:33:24
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:33:24
[Time synchronized with NTP server] Friday, May 06,2016 02:18:23
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:18:24
[Time synchronized with NTP server] Friday, May 06,2016 02:03:23
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:03:23
[Time synchronized with NTP server] Friday, May 06,2016 01:48:21
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 01:48:22
[Time synchronized with NTP server] Friday, May 06,2016 01:33:20
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 01:33:20
[Time synchronized with NTP server] Friday, May 06,2016 01:18:18
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 01:18:19
[Time synchronized with NTP server] Friday, May 06,2016 01:03:17

Ho spento l'orologio automatico dal mio portatile, sono l'unico utente su questa rete. Il tutto sembra solo un po 'bizzarro. Qualsiasi intuizione sarebbe molto apprezzata.

    
posta Policks 07.05.2016 - 17:13
fonte

1 risposta

1

Il "DoS attack: STORM" attacca i pacchetti negli ultimi 20 secondi da ip [24.150.13.71] "dal tuo ISP (Cogeco Cable, Burlington, Ontario, Canada (CA). La "[attacco DoS: scansione ACK] attacca i pacchetti negli ultimi 20 secondi da ip [60.221.254.230]", è una scansione o "stampa a piedi" dalla Cina. Per quanto riguarda l'NTP; potrebbe essere necessario cercare l'IP del server NTP per assicurarsi che sia valido. Ho usato il link per risolvere l'IP e geo-localizzare. Ci sono alcune vulnerabilità in alcune delle implementazioni di NTP, ma non vorrei saltare a quello perché il tuo sistema potrebbe essere impostato per l'aggiornamento ogni 15 minuti e non sono in grado di verificare l'IP NTP come non è stato fornito. Se vuoi saperne di più sul traffico IP sul tuo sistema, posso suggerire un pacchetto più rigido come Wire shark. Ti fornirà maggiori dettagli sul traffico da e verso il tuo sistema. Detto questo, sembra che tu abbia acquisito la porta dalla Cina. L'ISP di China Unicom Shanxi, Città: Taiyuan, Regione: Shanxi, Paese: Cina. Succede sempre.

    
risposta data 21.07.2016 - 16:18
fonte

Leggi altre domande sui tag