Имеем роутер с адресом aaa.bbb.ccc.ddd на WAN интерфейсе - белый IP адрес.
Со стороны LAN имеем парочку машин, одна из который выступает в роли сервера. На роутере настроены Virtual Server FTP, HTTP и FTP-Data с диапазоном портов 10000-11023.
Со стороны WAN была проведена атака, сначала порт-скан, потом сканилка сервисов на этих портах.
Все закончилось тем, что роутер с наружи не подавал ни каких признаков жизни, до сервера через Virtual Server достучаться было невозможно.
Запись логов в его внутреннем хранилище заканчивалось 11 станицами, хотя роутер через веб интерфейс говорил, что их там до фига. Благо настроена запись логов в syslog на серваке и что видим:
Цитата:
[router.advnet] Blocked access attempt from 83.199.237.31:1522 to TCP port 1982
[router.advnet] Blocked access attempt from 83.199.237.31:1523 to TCP port 1983
[router.advnet] Blocked access attempt from 83.199.237.31:1524 to TCP port 1984
[router.advnet] Blocked access attempt from 83.199.237.31:1525 to TCP port 1985
[router.advnet] Blocked access attempt from 83.199.237.31:1526 to TCP port 1986
[router.advnet] Blocked access attempt from 83.199.237.31:1527 to TCP port 1987
[router.advnet] Blocked access attempt from 83.199.237.31:1528 to TCP port 1988
[router.advnet] Blocked access attempt from 83.199.237.31:1529 to TCP port 1989
[router.advnet] Blocked access attempt from 83.199.237.31:1530 to TCP port 1990
[router.advnet] Blocked access attempt from 83.199.237.31:1531 to TCP port 1991
[router.advnet] Blocked access attempt from 83.199.237.31:1532 to TCP port 1992
[router.advnet] Blocked access attempt from 83.199.237.31:1533 to TCP port 1993
[router.advnet] Blocked access attempt from 83.199.237.31:1534 to TCP port 1994
[router.advnet] Blocked access attempt from 83.199.237.31:1543 to TCP port 2003
[router.advnet] Blocked access attempt from 83.199.237.31:1544 to TCP port 2004
[router.advnet] ose() in wrong state!!0
[router.advnet] nn_close: calling conn_close() in wrong state!!0
[router.advnet] lling conn_close() in wrong state!!0
[router.advnet] Blocked access attempt from 83.199.237.31:1746 to TCP port 3438
[router.advnet] Blocked access attempt from 83.199.237.31:1745 to TCP port 3428
[router.advnet] ose() in wrong state!!0
[router.advnet] nn_close: calling conn_close() in wrong state!!0
[router.advnet] Blocked access attempt from 83.199.237.31:1808 to TCP port 4501
[router.advnet] Blocked access attempt from 83.199.237.31:1799 to TCP port 4401
[router.advnet] ng state!!0
[router.advnet] nn_close: calling conn_close() in wrong state!!0
[router.advnet] lling conn_close() in wrong state!!0
[router.advnet] lose() in wrong state!!0
[router.advnet] Blocked access attempt from 83.199.237.31:2176 to TCP port 9989
[router.advnet] Blocked access attempt from 83.199.237.31:2176 to TCP port 9989
[router.advnet] ng state!!0
[router.advnet] calling conn_close() in wrong state!!0
[router.advnet] onn_close: calling conn_close() in wrong state!!0
[router.advnet] g state!!0
[router.advnet] Blocked access attempt from 83.199.237.31:2374 to TCP port 31339
[router.advnet] Blocked access attempt from 83.199.237.31:2374 to TCP port 31339
[router.advnet] g state!!0
[router.advnet] onn_close: calling conn_close() in wrong state!!0
[router.advnet] g state!!0
[router.advnet] Blocked access attempt from 83.199.237.31:2402 to TCP port 32785
[router.advnet] Blocked access attempt from 83.199.237.31:2413 to TCP port 32796
[router.advnet] calling conn_close() in wrong state!!0
[router.advnet] Restarted by 192.168.1.3
[router.advnet] USB printer : Canon S450
[router.advnet] Blocked access attempt from 207.25.253.31:20 to TCP port 57441
[router.advnet] Blocked access attempt from 213.234.241.211:80 to TCP port 57509
[router.advnet] Blocked access attempt from 213.234.241.211:80 to TCP port 57507
[router.advnet] Blocked access attempt from 213.234.241.211:80 to TCP port 57505
На сканировании веб-сервиса роутер замолчал и перестал пропускать пакеты.
как быть, что делать?
Вход
Регистрация
FAQ
Поиск
