UDP Flood

NigelM

Pingvin
19. avg 2007
17.286
4
36
ena vas naprej od Jest-a
OK, prebral sem, da gre za DoS.

Na mojem (prastarem) routerju (LevelOne FBR 1405TX) je security log sledeč:
05/24/2008 00:03:16 **UDP Flood Stop** (from PPPoE Outbound)
05/24/2008 00:03:15 **UDP flood** 192.168.2.200, 1038->> 193.189.160.13, 53 (from PPPoE Outbound)
05/24/2008 00:03:15 **UDP flood** 81.104.166.144, 55474->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:14 **UDP flood** 59.117.71.214, 17464->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:13 **UDP flood** 78.106.238.229, 59451->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:13 **UDP flood** 192.168.2.200, 25770->> 212.235.175.38, 32484 (from PPPoE Outbound)
05/24/2008 00:03:13 **UDP flood** 192.168.2.200, 25770->> 82.192.55.109, 23746 (from PPPoE Outbound)
05/24/2008 00:03:13 **UDP flood** 192.168.2.200, 25770->> 212.30.223.249, 51328 (from PPPoE Outbound)
05/24/2008 00:03:13 **UDP flood** 192.168.2.200, 25770->> 89.142.185.78, 56790 (from PPPoE Outbound)
05/24/2008 00:03:08 **UDP flood** 217.132.215.109, 61601->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:08 **UDP flood** 192.168.2.200, 1038->> 193.189.160.23, 53 (from PPPoE Outbound)
05/24/2008 00:03:08 **UDP flood** 192.168.2.200, 1038->> 193.189.160.13, 53 (from PPPoE Outbound)
05/24/2008 00:03:08 **UDP flood** 82.217.34.195, 43868->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:05 **UDP flood** 85.134.16.242, 27500->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:05 **UDP flood** 86.1.191.39, 19187->> 192.168.2.201, 56023 (from PPPoE Inbound)
05/24/2008 00:03:04 **UDP flood** 192.168.2.200, 25770->> 213.143.82.80, 7192 (from PPPoE Outbound)
05/24/2008 00:03:04 **UDP flood** 192.168.2.200, 25770->> 194.152.9.24, 38952 (from PPPoE Outbound)
05/24/2008 00:03:04 **UDP flood** 192.168.2.201, 1035->> 193.189.160.23, 53 (from PPPoE Outbound)
05/24/2008 00:03:04 **UDP flood** 192.168.2.201, 1035->> 193.189.160.13, 53 (from PPPoE Outbound)
...

V mreži sta 2 računalnika (200 in 201). Če je UDP Flood DoS napad, zakaj se mi potem pojavlja tudi Outbound?
 

erikson

Guru
25. avg 2007
22.370
6.153
113
P2P programi komunicirajo tudi preko UDP paketov in očitno tvoj router povečano število teh paketov zazna kot napad.

Kot napad je zabeležil tudi DNS zahteve, ki jih tvoj računalnik pošilja na SiOL-ova DNS strežnika.
 

stein

Fizikalc
16. sep 2007
19.575
1
36
Poglej kateri program na tvojem PC uporablja navedene porte in potem izhajaj iz tega.

(ukaz : netstat -n -b ( ali netstat -n -b -a za malo več, če v prvem spisklu ni ))