9,505
社区成员
发帖
与我相关
我的任务
分享请各位高手帮我指点一下,看我是不是遇到黑客攻击了。
前两天,公司的代理服务器出了点问题,我装的是WINROUTE代理服务程序,前一个月挺好的,前两天突然除了服务器,工作站都不能上网了。我后来换了最新的WINROUTE PRO,结果WIN98和WINME的工作站可以上网,WIN2000和WINXP的机了不能上网。没办法,我只有买了一个宽带路由器,是腾达6609的,刚开始上网很正常,速度很快,可今天上午10点以后,速度变得很慢,后来干脆上不了网了。把路由器重启后,又可以正常上一下网,过了一会儿又不行了。我把路由器的日志在这里公布一下:
------------------------------------------------
System Logs
-------------------------------------------------
Mon Aug 25 11:23:35 2003 Unrecognized access from 61.145.120.17:137 to UDP port 137
Mon Aug 25 11:23:36 2003 Unrecognized access from 61.145.120.17:137 to UDP port 137
Mon Aug 25 11:23:41 2003 Unrecognized access from 61.145.119.76:500 to UDP port 500
Mon Aug 25 11:23:42 2003 Unrecognized access from 61.145.120.17:3156 to UDP port 137
Mon Aug 25 11:24:03 2003 Unrecognized access from 61.145.119.77:500 to UDP port 500
Mon Aug 25 11:24:06 2003 Unrecognized access from 61.145.120.17:3156 to UDP port 137
Mon Aug 25 11:24:13 2003 Unrecognized access from 61.145.119.76:500 to UDP port 500
Mon Aug 25 11:24:20 2003 Dos Attack type : Teardrop!!
Mon Aug 25 11:24:40 2003 Unrecognized access from 61.145.120.17:3156 to UDP port 137
Mon Aug 25 11:24:56 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:24:57 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:24:59 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:03 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:10 2003 Unrecognized access from 12.30.188.114:4302 to TCP port 1080
Mon Aug 25 11:25:11 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:13 2003 Unrecognized access from 12.30.188.114:4302 to TCP port 1080
Mon Aug 25 11:25:19 2003 Unrecognized access from 12.30.188.114:4302 to TCP port 1080
Mon Aug 25 11:25:27 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:32 2003 Unrecognized access from 218.108.160.129:2202 to TCP port 139
Mon Aug 25 11:25:35 2003 Unrecognized access from 218.108.160.129:2202 to TCP port 139
Mon Aug 25 11:25:41 2003 Unrecognized access from 218.108.160.129:2202 to TCP port 139
Mon Aug 25 11:25:47 2003 Unrecognized access from 12.30.188.114:3048 to TCP port 1080
Mon Aug 25 11:25:50 2003 Unrecognized access from 12.30.188.114:3048 to TCP port 1080
Mon Aug 25 11:25:56 2003 Unrecognized access from 12.30.188.114:3048 to TCP port 1080
Mon Aug 25 11:25:59 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:26:05 2003 Unrecognized access from 12.30.188.117:1610 to TCP port 1080
Mon Aug 25 11:26:08 2003 Unrecognized access from 12.30.188.117:1610 to TCP port 1080
Mon Aug 25 11:26:14 2003 Unrecognized access from 12.30.188.117:1610 to TCP port 1080
Mon Aug 25 11:26:15 2003 Dos Attack type : Spoofing!!
Mon Aug 25 11:27:01 2003 Unrecognized access from 12.30.188.114:1293 to TCP port 1080
Mon Aug 25 11:27:03 2003 Admin from 192.168.0.103 login successful
Mon Aug 25 11:27:04 2003 Unrecognized access from 12.30.188.114:1293 to TCP port 1080
Mon Aug 25 11:27:10 2003 Unrecognized access from 12.30.188.114:1293 to TCP port 1080
Mon Aug 25 11:27:19 2003 Unrecognized access from 12.30.188.114:2293 to TCP port 1080
Mon Aug 25 11:27:22 2003 Unrecognized access from 12.30.188.114:2293 to TCP port 1080
Mon Aug 25 11:27:28 2003 Unrecognized access from 12.30.188.114:2293 to TCP port 1080
Mon Aug 25 11:27:40 2003 Unrecognized access from 24.87.231.113:2025 to TCP port 1080
Mon Aug 25 11:27:43 2003 Unrecognized access from 24.87.231.113:2025 to TCP port 1080
Mon Aug 25 11:27:49 2003 Unrecognized access from 24.87.231.113:2025 to TCP port 1080
Mon Aug 25 11:27:51 2003 Unrecognized access from 12.30.188.117:1830 to TCP port 1080
Mon Aug 25 11:27:53 2003 Unrecognized access from 12.30.188.117:1830 to TCP port 1080
Mon Aug 25 11:27:59 2003 Unrecognized access from 12.30.188.117:1830 to TCP port 1080
Mon Aug 25 11:31:18 2003 Unrecognized access from 24.164.133.8:3724 to TCP port 1080
Mon Aug 25 11:31:21 2003 Unrecognized access from 24.164.133.8:3724 to TCP port 1080
这些IP地址都不是我们公司的。
望各位高手指点迷津
------------------------------------------------
System Logs
-------------------------------------------------
Mon Aug 25 11:23:35 2003 Unrecognized access from 61.145.120.17:137 to UDP port 137
Mon Aug 25 11:23:36 2003 Unrecognized access from 61.145.120.17:137 to UDP port 137
Mon Aug 25 11:23:41 2003 Unrecognized access from 61.145.119.76:500 to UDP port 500
Mon Aug 25 11:23:42 2003 Unrecognized access from 61.145.120.17:3156 to UDP port 137
Mon Aug 25 11:24:03 2003 Unrecognized access from 61.145.119.77:500 to UDP port 500
Mon Aug 25 11:24:06 2003 Unrecognized access from 61.145.120.17:3156 to UDP port 137
Mon Aug 25 11:24:13 2003 Unrecognized access from 61.145.119.76:500 to UDP port 500
Mon Aug 25 11:24:20 2003 Dos Attack type : Teardrop!!
Mon Aug 25 11:24:40 2003 Unrecognized access from 61.145.120.17:3156 to UDP port 137
Mon Aug 25 11:24:56 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:24:57 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:24:59 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:03 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:10 2003 Unrecognized access from 12.30.188.114:4302 to TCP port 1080
Mon Aug 25 11:25:11 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:13 2003 Unrecognized access from 12.30.188.114:4302 to TCP port 1080
Mon Aug 25 11:25:19 2003 Unrecognized access from 12.30.188.114:4302 to TCP port 1080
Mon Aug 25 11:25:27 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:25:32 2003 Unrecognized access from 218.108.160.129:2202 to TCP port 139
Mon Aug 25 11:25:35 2003 Unrecognized access from 218.108.160.129:2202 to TCP port 139
Mon Aug 25 11:25:41 2003 Unrecognized access from 218.108.160.129:2202 to TCP port 139
Mon Aug 25 11:25:47 2003 Unrecognized access from 12.30.188.114:3048 to TCP port 1080
Mon Aug 25 11:25:50 2003 Unrecognized access from 12.30.188.114:3048 to TCP port 1080
Mon Aug 25 11:25:56 2003 Unrecognized access from 12.30.188.114:3048 to TCP port 1080
Mon Aug 25 11:25:59 2003 Unrecognized access from 61.145.136.16:500 to UDP port 500
Mon Aug 25 11:26:05 2003 Unrecognized access from 12.30.188.117:1610 to TCP port 1080
Mon Aug 25 11:26:08 2003 Unrecognized access from 12.30.188.117:1610 to TCP port 1080
Mon Aug 25 11:26:14 2003 Unrecognized access from 12.30.188.117:1610 to TCP port 1080
Mon Aug 25 11:26:15 2003 Dos Attack type : Spoofing!!
Mon Aug 25 11:27:01 2003 Unrecognized access from 12.30.188.114:1293 to TCP port 1080
Mon Aug 25 11:27:03 2003 Admin from 192.168.0.103 login successful
Mon Aug 25 11:27:04 2003 Unrecognized access from 12.30.188.114:1293 to TCP port 1080
Mon Aug 25 11:27:10 2003 Unrecognized access from 12.30.188.114:1293 to TCP port 1080
Mon Aug 25 11:27:19 2003 Unrecognized access from 12.30.188.114:2293 to TCP port 1080
Mon Aug 25 11:27:22 2003 Unrecognized access from 12.30.188.114:2293 to TCP port 1080
Mon Aug 25 11:27:28 2003 Unrecognized access from 12.30.188.114:2293 to TCP port 1080
Mon Aug 25 11:27:40 2003 Unrecognized access from 24.87.231.113:2025 to TCP port 1080
Mon Aug 25 11:27:43 2003 Unrecognized access from 24.87.231.113:2025 to TCP port 1080
Mon Aug 25 11:27:49 2003 Unrecognized access from 24.87.231.113:2025 to TCP port 1080
Mon Aug 25 11:27:51 2003 Unrecognized access from 12.30.188.117:1830 to TCP port 1080
Mon Aug 25 11:27:53 2003 Unrecognized access from 12.30.188.117:1830 to TCP port 1080
Mon Aug 25 11:27:59 2003 Unrecognized access from 12.30.188.117:1830 to TCP port 1080
Mon Aug 25 11:31:18 2003 Unrecognized access from 24.164.133.8:3724 to TCP port 1080
Mon Aug 25 11:31:21 2003 Unrecognized access from 24.164.133.8:3724 to TCP port 1080
这些IP地址都不是我们公司的。
望各位高手指点迷津
...全文
请发表友善的回复…
发表回复
xfong 2003-08-26
- 打赏
- 举报
看看在winnt\system32\wins下面有没有这两个文件
dllhost.exe svchost.exe
有就删除
停止两服务
network coin..... sharing
wins client
dllhost.exe svchost.exe
有就删除
停止两服务
network coin..... sharing
wins client
AK_huang 2003-08-26
- 打赏
- 举报
强烈关注
yishao 2003-08-26
- 打赏
- 举报
搞好你的安全
二进制空间安全 2003-08-26
- 打赏
- 举报
2000和XP不能上网?会不会是因为前段日子的冲击波病毒带来的影响呢?此病毒对98和Me无效!
fewind2100 2003-08-26
- 打赏
- 举报
对付DDOS还是用硬件防火墙比较彻底
imfree 2003-08-25
- 打赏
- 举报
楼上的老兄,有没有办法解决这个问题呀 ,望赐教。
zhllwarez 2003-08-25
- 打赏
- 举报
DOS攻击常见方法-----IP spoofing(IP欺骗)的攻击
最近浙江和广东有些家伙简直就是趁火打劫,冲击波还没完全平息,成天搞国内的机器,以上的IP地址有几个肯定是被人利用的肉鸡。
最近浙江和广东有些家伙简直就是趁火打劫,冲击波还没完全平息,成天搞国内的机器,以上的IP地址有几个肯定是被人利用的肉鸡。
lover2001 2003-08-25
- 打赏
- 举报
顶一下啊,我要好好学习!!!
ptys 2003-08-25
- 打赏
- 举报
中毒了
imfree 2003-08-25
- 打赏
- 举报
先谢谢你了,
zhllwarez 2003-08-25
- 打赏
- 举报
对付拒绝服务攻击比较难办,这是很让人头痛的问题,cisco可以防范一些这种攻击,但效果也不太理想,腾达6609有没有相关设置就不清楚了
你可以参考一下
http://www.chinaitlab.com/www/special/ciwddos.asp
不过我个人认为这都是些文章而已,对于实际应用没有多大意义。
你可以参考一下
http://www.chinaitlab.com/www/special/ciwddos.asp
不过我个人认为这都是些文章而已,对于实际应用没有多大意义。
