Il livello del traffico è normale rispetto alle mie porte bloccate?

Question

Il livello del traffico è normale rispetto alle mie porte bloccate?

#1 da (2 voti)
#2 da (2 voti)

2

Mi è stato consigliato da mio fratello di indirizzare la domanda qui sul livello di traffico che ho contro molte delle mie porte bloccate.

Corro pfsense 1.2.3, router in bridge .

Dietro pfsense ho:

1x desktop windows 7

1x Ubuntu web in esecuzione Linux (circa 50 MB trasferiti / giorno) e servizio ftp (filtrato) e mumble (utilizzato da circa 10 utenti)

Nelle scorse settimane ho notato un aumento degli host che tentano di inviare pacchetti UDP principalmente a 1 porta alla volta. All'improvviso, la porta che cercano di inviare è cambiata e io noto a mala pena il traffico verso la porta precedente.

Non ho notato un aumento del traffico sulle mie porte web. Snort ha bloccato solo 2 host in un periodo di 1 settimana (ma non correlato in quanto non riesco a trovare l'host nei miei registri fw).

Una rappresentazione grafica (splunk) di dove proviene il traffico: link

Rappresentazione grafica delle porte di destinazione (da pfsense): link

Finestra di log del firewall Pfsense 10 sec: Myip = my ip pubblico

Act Time If Source Destination Proto

block
Jun 2 18:06:29  WAN     64.138.215.209:51006    myip:39742  UDP

block
Jun 2 18:06:29  WAN     75.74.191.228:56536     myip:39742  UDP

block
Jun 2 18:06:29  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:29  WAN     200.66.22.53:64460  myip:14330  TCP:S

block
Jun 2 18:06:29  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:29  WAN     190.19.28.235:51596     myip:39742  UDP

block
Jun 2 18:06:29  WAN     71.81.141.168:55162     myip:39742  UDP

block
Jun 2 18:06:29  WAN     174.22.195.82:56563     myip:39742  UDP

block
Jun 2 18:06:29  WAN     173.10.101.85:64192     myip:39742  UDP

block
Jun 2 18:06:29  WAN     173.10.101.85:64192     myip:8421   UDP

block
Jun 2 18:06:29  WAN     71.183.199.18:61628     myip:59926  UDP

block
Jun 2 18:06:29  WAN     174.117.250.116:51043   myip:61456  UDP

block
Jun 2 18:06:29  WAN     174.17.103.40:63717     myip:39742  UDP

block
Jun 2 18:06:29  WAN     88.112.30.149:50687     myip:39742  UDP

block
Jun 2 18:06:29  WAN     77.255.52.131:64571     myip:21562  UDP

block
Jun 2 18:06:28  WAN     88.193.136.78:52641     myip:39742  UDP

block
Jun 2 18:06:28  WAN     178.233.159.4:54898     myip:19292  UDP

block
Jun 2 18:06:28  WAN     41.178.85.161:51807     myip:33120  UDP

block
Jun 2 18:06:28  WAN     94.75.217.65:50811  myip:39742  UDP

block
Jun 2 18:06:28  WAN     80.216.224.177:53614    myip:39742  UDP

block
Jun 2 18:06:28  WAN     213.250.20.37:64348     myip:36679  UDP

block
Jun 2 18:06:28  WAN     213.250.20.37:64348     myip:39742  UDP

block
Jun 2 18:06:28  WAN     69.125.208.145:55006    myip:5578   UDP

block
Jun 2 18:06:28  WAN     217.211.20.50:33997     myip:39742  UDP

block
Jun 2 18:06:28  WAN     82.24.89.58:49503   myip:39742  UDP

block
Jun 2 18:06:28  WAN     81.167.166.54:54849     myip:39742  UDP

block
Jun 2 18:06:28  WAN     64.138.215.209:51006    myip:39742  UDP

block
Jun 2 18:06:28  WAN     207.81.19.175:28173     myip:39742  UDP

block
Jun 2 18:06:27  WAN     85.224.132.107:55287    myip:39742  UDP

block
Jun 2 18:06:27  WAN     188.25.158.197:50577    myip:39742  UDP

block
Jun 2 18:06:27  WAN     86.145.253.68:51761     myip:39742  UDP

block
Jun 2 18:06:27  WAN     81.232.117.179:50028    myip:11821  UDP

block
Jun 2 18:06:27  WAN     174.17.103.40:63717     myip:39742  UDP

block
Jun 2 18:06:27  WAN     85.246.187.226:51806    myip:47479  UDP

block
Jun 2 18:06:27  WAN     85.246.187.226:51806    myip:47479  UDP

block
Jun 2 18:06:27  WAN     201.239.118.50:51314    myip:31642  UDP

block
Jun 2 18:06:27  WAN     190.19.28.235:51596     myip:39742  UDP

block
Jun 2 18:06:27  WAN     174.22.195.82:56563     myip:39742  UDP

block
Jun 2 18:06:27  WAN     173.10.101.85:64192     myip:8421   UDP

block
Jun 2 18:06:27  WAN     173.10.101.85:64192     myip:39742  UDP

block
Jun 2 18:06:27  WAN     71.183.199.18:61628     myip:59926  UDP

block
Jun 2 18:06:27  WAN     88.112.30.149:50687     myip:39742  UDP

block
Jun 2 18:06:27  WAN     94.209.63.79:49212  myip:39742  UDP

block
Jun 2 18:06:27  WAN     207.81.19.175:28173     myip:39742  UDP

block
Jun 2 18:06:27  WAN     85.246.187.226:51806    myip:47479  UDP

block
Jun 2 18:06:26  WAN     81.216.152.237:53794    myip:39742  UDP

block
Jun 2 18:06:26  WAN     88.193.136.78:52641     myip:39742  UDP

block
Jun 2 18:06:26  WAN     86.27.166.14:58647  myip:39742  UDP

block
Jun 2 18:06:26  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:26  WAN     178.233.159.4:54898     myip:19292  UDP

block
Jun 2 18:06:26  WAN     99.7.194.178:58149  myip:63805  UDP

block
Jun 2 18:06:26  WAN     41.178.85.161:51807     myip:33120  UDP

block
Jun 2 18:06:26  WAN     46.22.108.9:59119   myip:39742  UDP

block
Jun 2 18:06:26  WAN     213.250.20.37:64348     myip:36679  UDP

block
Jun 2 18:06:26  WAN     213.250.20.37:64348     myip:39742  UDP

block
Jun 2 18:06:26  WAN     80.216.224.177:53614    myip:39742  UDP

block
Jun 2 18:06:26  WAN     69.125.208.145:55006    myip:5578   UDP

block
Jun 2 18:06:26  WAN     82.24.89.58:49503   myip:39742  UDP

block
Jun 2 18:06:26  WAN     81.167.236.82:49879     myip:39742  UDP

block
Jun 2 18:06:26  WAN     64.138.215.209:51006    myip:39742  UDP

block
Jun 2 18:06:25  WAN     69.60.239.30:58926  myip:39742  UDP

block
Jun 2 18:06:25  WAN     85.224.132.107:55287    myip:39742  UDP

block
Jun 2 18:06:25  WAN     188.25.158.197:50577    myip:39742  UDP

block
Jun 2 18:06:25  WAN     86.145.253.68:51761     myip:39742  UDP

block
Jun 2 18:06:25  WAN     83.248.112.103:61403    myip:39742  UDP

block
Jun 2 18:06:25  WAN     174.22.195.82:56563     myip:39742  UDP

block
Jun 2 18:06:25  WAN     65.95.191.25:54535  myip:39742  UDP

block
Jun 2 18:06:25  WAN     71.183.199.18:61628     myip:59926  UDP

block
Jun 2 18:06:25  WAN     201.239.118.50:51314    myip:31642  UDP

block
Jun 2 18:06:25  WAN     213.216.240.106:63529   myip:39742  UDP

block
Jun 2 18:06:25  WAN     212.127.175.2:62522     myip:39742  UDP

block
Jun 2 18:06:25  WAN     94.209.63.79:49212  myip:39742  UDP

block
Jun 2 18:06:24  WAN     68.111.150.38:55780     myip:39742  UDP

block
Jun 2 18:06:24  WAN     67.212.10.165:53884     myip:39742  UDP

block
Jun 2 18:06:24  WAN     81.216.152.237:53794    myip:39742  UDP

block
Jun 2 18:06:24  WAN     86.27.166.14:58647  myip:39742  UDP

block
Jun 2 18:06:24  WAN     188.126.95.87:56225     myip:59544  TCP:S

block
Jun 2 18:06:24  WAN     69.11.67.190:55308  myip:30954  UDP

block
Jun 2 18:06:24  WAN     41.178.85.161:51807     myip:33120  UDP

block
Jun 2 18:06:24  WAN     178.233.159.4:54898     myip:19292  UDP

block
Jun 2 18:06:24  WAN     46.22.108.9:59119   myip:39742  UDP

block
Jun 2 18:06:24  WAN     80.216.224.177:53614    myip:39742  UDP

block
Jun 2 18:06:24  WAN     69.125.208.145:55006    myip:5578   UDP

block
Jun 2 18:06:24  WAN     82.24.89.58:49503   myip:39742  UDP

block
Jun 2 18:06:24  WAN     81.167.236.82:49879     myip:39742  UDP

block
Jun 2 18:06:24  WAN     14.200.71.237:58390     myip:39742  UDP

block
Jun 2 18:06:24  WAN     113.159.45.49:60668     myip:39742  UDP

block
Jun 2 18:06:23  WAN     69.60.239.30:58926  myip:39742  UDP

block
Jun 2 18:06:23  WAN     82.226.63.164:54431     myip:32876  UDP

block
Jun 2 18:06:23  WAN     85.224.132.107:55287    myip:39742  UDP

block
Jun 2 18:06:23  WAN     188.25.158.197:50577    myip:39742  UDP

block
Jun 2 18:06:23  WAN     86.145.253.68:51761     myip:39742  UDP

block
Jun 2 18:06:23  WAN     83.248.112.103:61403    myip:39742  UDP

block
Jun 2 18:06:23  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:23  WAN     173.171.72.148:62866    myip:43189  UDP

block
Jun 2 18:06:23  WAN     217.211.20.50:33997     myip:39742  UDP

block
Jun 2 18:06:23  WAN     65.95.191.25:54535  myip:39742  UDP

block
Jun 2 18:06:23  WAN     98.234.156.149:50360    myip:36672  UDP

block
Jun 2 18:06:23  WAN     91.152.224.218:57511    myip:39742  UDP

block
Jun 2 18:06:23  WAN     212.127.175.2:62522     myip:39742  UDP

block
Jun 2 18:06:23  WAN     46.9.191.184:51688  myip:39742  UDP

block
Jun 2 18:06:23  WAN     213.216.240.106:63529   myip:39742  UDP

block
Jun 2 18:06:23  WAN     82.20.25.96:57124   myip:39742  UDP

block
Jun 2 18:06:23  WAN     94.209.63.79:49212  myip:39742  UDP

block
Jun 2 18:06:22  WAN     77.45.54.72:33674   myip:25998  UDP

block
Jun 2 18:06:22  WAN     68.111.150.38:55780     myip:39742  UDP

block
Jun 2 18:06:22  WAN     77.45.54.72:33552   myip:25998  UDP

block
Jun 2 18:06:22  WAN     67.212.10.165:53884     myip:39742  UDP

block
Jun 2 18:06:22  WAN     81.216.152.237:53794    myip:39742  UDP

block
Jun 2 18:06:22  WAN     213.227.110.194:64370   myip:39742  UDP

block
Jun 2 18:06:22  WAN     83.254.247.72:52170     myip:39742  UDP

block
Jun 2 18:06:22  WAN     95.176.138.42:64914     myip:39742  UDP

block
Jun 2 18:06:22  WAN     86.27.166.14:58647  myip:39742  UDP

block
Jun 2 18:06:22  WAN     202.71.88.116:56045     myip:39742  UDP

block
Jun 2 18:06:22  WAN     201.239.118.50:51314    myip:31642  UDP

block
Jun 2 18:06:22  WAN     202.71.88.116:56045     myip:34798  UDP

block
Jun 2 18:06:22  WAN     202.71.88.116:56045     myip:39742  UDP

block
Jun 2 18:06:22  WAN     213.243.140.160:53709   myip:6027   UDP

block
Jun 2 18:06:22  WAN     46.22.108.9:59119   myip:39742  UDP

block
Jun 2 18:06:22  WAN     75.74.191.228:56536     myip:39742  UDP

block
Jun 2 18:06:22  WAN     64.228.157.39:59376     myip:39742  UDP

block
Jun 2 18:06:22  WAN     201.239.118.50:51314    myip:31642  UDP

block
Jun 2 18:06:22  WAN     81.167.236.82:49879     myip:39742  UDP

block
Jun 2 18:06:22  WAN     14.200.71.237:58390     myip:39742  UDP

block
Jun 2 18:06:22  WAN     76.126.240.94:62943     myip:39198  UDP

block
Jun 2 18:06:22  WAN     113.159.45.49:60668     myip:39742  UDP

block
Jun 2 18:06:21  WAN     69.60.239.30:58926  myip:39742  UDP

block
Jun 2 18:06:21  WAN     82.226.63.164:54431     myip:32876  UDP

block
Jun 2 18:06:21  WAN     83.248.112.103:61403    myip:39742  UDP

block
Jun 2 18:06:21  WAN     188.126.95.87:56225     myip:59544  TCP:S

block
Jun 2 18:06:21  WAN     76.126.240.94:62943     myip:38231  UDP

block
Jun 2 18:06:21  WAN     217.211.20.50:33997     myip:39742  UDP

block
Jun 2 18:06:21  WAN     65.95.191.25:54535  myip:39742  UDP

block
Jun 2 18:06:21  WAN     71.81.141.168:55162     myip:39742  UDP

block
Jun 2 18:06:21  WAN     98.234.156.149:50360    myip:36672  UDP

block
Jun 2 18:06:21  WAN     213.216.240.106:63529   myip:39742  UDP

block
Jun 2 18:06:21  WAN     91.152.224.218:57511    myip:39742  UDP

block
Jun 2 18:06:21  WAN     46.9.191.184:51688  myip:39742  UDP

block
Jun 2 18:06:21  WAN     82.20.25.96:57124   myip:39742  UDP

block
Jun 2 18:06:21  WAN     212.127.175.2:62522     myip:39742  UDP

block
Jun 2 18:06:21  WAN     77.255.52.131:64571     myip:21562  UDP

block
Jun 2 18:06:21  WAN     85.226.13.36:54604  myip:28364  UDP

block
Jun 2 18:06:21  WAN     85.226.13.36:54604  myip:28364  UDP

block
Jun 2 18:06:20  WAN     77.45.54.72:33674   myip:25998  UDP

block
Jun 2 18:06:20  WAN     77.45.54.72:33553   myip:25998  UDP

block
Jun 2 18:06:20  WAN     68.111.150.38:55780     myip:39742  UDP

block
Jun 2 18:06:20  WAN     67.212.10.165:53884     myip:39742  UDP

block
Jun 2 18:06:20  WAN     70.72.51.17:60899   myip:28211  UDP

block
Jun 2 18:06:20  WAN     83.254.247.72:52170     myip:39742  UDP

block
Jun 2 18:06:20  WAN     95.176.138.42:64914     myip:39742  UDP

block
Jun 2 18:06:20  WAN     213.227.110.194:64370   myip:39742  UDP

block
Jun 2 18:06:20  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:20  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:20  WAN     70.72.51.17:60899   myip:9022   UDP

block
Jun 2 18:06:20  WAN     85.226.13.36:54604  myip:28364  UDP

block
Jun 2 18:06:20  WAN     71.97.88.119:60280  myip:39964  UDP

block
Jun 2 18:06:20  WAN     202.71.88.116:56045     myip:34798  UDP

block
Jun 2 18:06:20  WAN     202.71.88.116:56045     myip:39742  UDP

block
Jun 2 18:06:20  WAN     94.75.217.65:50811  myip:39742  UDP

block
Jun 2 18:06:20  WAN     75.74.191.228:56536     myip:39742  UDP

block
Jun 2 18:06:20  WAN     64.228.157.39:59376     myip:39742  UDP

block
Jun 2 18:06:20  WAN     81.167.166.54:54849     myip:39742  UDP

block
Jun 2 18:06:20  WAN     14.200.71.237:58390     myip:39742  UDP

La porta è cambiata in 39742 2 giorni fa. Non ricordo il porto prima, ma era diverso. Curioso quando le richieste cambieranno nuovamente la porta.

Dovrei essere preoccupato per questo? È normale? Qualsiasi aiuto molto apprezzato

Grazie

network firewalls

posta connery 02.06.2011 - 18:40

fonte

2 risposte

2

Finché il firewall blocca le connessioni, non hai nulla di cui preoccuparti. Le connessioni Internet di fronte pubblico saranno sempre bombardate da scansioni, ping e tentativi di intrusione casuali e automatizzati.

risposta data 02.06.2011 - 19:47

fonte

Leggi altre domande sui tag network firewalls

quando sei phishing, cosa ottengono? Esiste uno strumento che mette su un server web alcuni file .html o .php pieni di malware diffusi come java drive-bys o altri payload di exploit del browser? [chiuso]

score 2 · Accepted Answer

Per ottenere informazioni generali sulle porte di destinazione più comuni, puoi consultare SANS Internet Storm Center.

The SANS Internet Storm Center (ISC) uses advanced data correlation and visualization techniques to analyze data collected from thousands of sensors in over sixty countries.

Top 10 target: link

Per verificare i rapporti di attacchi contro la porta 39742, puoi eseguire questa query:
link