PDA

Visualizza versione completa : Tentativi di accesso?


Fabbio
22-04-2004, 02.13.54
Ciao a tutti, un mio amico mi ha dato il suo log per capire chi gli stia tentando di accedere. Non conosco il nome del firewall comunque vi mando il log
-----
The firewall has blocked Internet access to your computer (NetBIOS Session) from 41.255.59.46 (TCP Port 4244) [TCP Flags: S].

The firewall has blocked Internet access to your computer (TCP Port 135) from 41.255.59.46 (TCP Port 2617) [TCP Flags: S].

type,date,time,source,destination,transport

FWIN,2004/04/20,21:25:08 +2:00 GMT,41.255.59.46:3655,41.255.59.37:135,TCP (flags:S)<--- qui ed in tutte quelle sotto invece della faccia c dovrebbe essere :"s senza la " eh eh
FWIN,2004/04/20,21:25:08 +2:00 GMT,41.255.59.46:3663,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,21:25:08 +2:00 GMT,41.255.59.46:3672,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,21:25:11 +2:00 GMT,41.255.59.46:4380,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,21:25:25 +2:00 GMT,41.255.69.190:2889,41.255.59.37:139,TCP (flags)
FWROUTE,2004/04/20,21:59:27 +2:00 GMT,41.255.59.46:4152,41.255.59.37:135,TCP (flags)
FWROUTE,2004/04/20,21:59:27 +2:00 GMT,41.255.59.46:4167,41.255.59.37:445,TCP (flags)
FWROUTE,2004/04/20,21:59:27 +2:00 GMT,41.255.59.46:4203,41.255.59.37:139,TCP (flags)
FWROUTE,2004/04/20,21:59:58 +2:00 GMT,41.255.59.46:2788,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:03:37 +2:00 GMT,41.255.59.46:1568,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:03:43 +2:00 GMT,41.255.59.46:4307,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:03:43 +2:00 GMT,41.255.59.46:4299,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:03:43 +2:00 GMT,41.255.59.46:4317,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:06:47 +2:00 GMT,41.255.59.46:4024,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:06:47 +2:00 GMT,41.255.59.46:4027,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:06:47 +2:00 GMT,41.255.59.46:4046,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:06:47 +2:00 GMT,41.255.59.46:4077,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:07:06 +2:00 GMT,41.255.18.13:3871,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:07:31 +2:00 GMT,41.255.17.181:2658,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:08:16 +2:00 GMT,41.255.59.46:3112,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:08:16 +2:00 GMT,41.255.59.46:3117,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:08:16 +2:00 GMT,41.255.59.46:3132,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:08:16 +2:00 GMT,41.255.59.46:3200,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:08:35 +2:00 GMT,41.255.59.46:1206,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:10:09 +2:00 GMT,41.255.59.46:2370,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:10:09 +2:00 GMT,41.255.59.46:2377,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:10:09 +2:00 GMT,41.255.59.46:2402,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:10:09 +2:00 GMT,41.255.59.46:2414,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:11:22 +2:00 GMT,41.255.59.46:2436,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:11:38 +2:00 GMT,41.255.59.46:3821,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:11:38 +2:00 GMT,41.255.59.46:3827,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:11:38 +2:00 GMT,41.255.59.46:3835,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:11:38 +2:00 GMT,41.255.59.46:3892,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:12:29 +2:00 GMT,41.255.247.157:4643,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:14:07 +2:00 GMT,41.255.59.46:3322,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:14:07 +2:00 GMT,41.255.59.46:3317,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:14:07 +2:00 GMT,41.255.59.46:4033,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:15:48 +2:00 GMT,41.255.59.46:4963,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:15:48 +2:00 GMT,41.255.59.46:4969,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:15:48 +2:00 GMT,41.255.59.46:4991,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:15:48 +2:00 GMT,41.255.59.46:1088,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:16:43 +2:00 GMT,41.255.59.46:4200,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:16:43 +2:00 GMT,41.255.59.46:4227,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:16:43 +2:00 GMT,41.255.59.46:4244,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:16:43 +2:00 GMT,41.255.59.46:4579,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:18:51 +2:00 GMT,41.255.59.46:2456,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:18:51 +2:00 GMT,41.255.59.46:2463,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:18:51 +2:00 GMT,41.255.59.46:2475,41.255.59.37:139,TCP (flags)
FWIN,2004/04/20,22:18:51 +2:00 GMT,41.255.59.46:2617,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:21:03 +2:00 GMT,41.255.59.46:4070,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:21:03 +2:00 GMT,41.255.59.46:4074,41.255.59.37:445,TCP (flags)
FWIN,2004/04/20,22:21:03 +2:00 GMT,41.255.59.46:4083,41.255.59.37:135,TCP (flags)
FWIN,2004/04/20,22:21:18 +2:00 GMT,41.255.107.57:3907,41.255.59.37:139,TCP (flags)

------

M ha detto che ha avuto pi d 70 "attacchi" in poco tempo. Gli ho detto comunque x sicurezza di lanciare AdWare o chi per lui e di aggiornare all'ultima versione il suo antivirus. Secondo voi che pu essere? E' entrato un trojan e gli stanno tentando di accedere? Grazie

Ciao

Fabio

PS. Il mio amico ha windows xp professional

Sfigato
22-04-2004, 11.26.19
TUTTO NORMALISSIMO
Se si installato 1 firewall logico che voleva essere protetto dagli attacchi ed ancor piu' logico che il firewall,ricevendo un attacco e bloccandolo,DESCRIVA NEI LOG IL TIPO DI ATTACCO,LA PORTA ECC...ECC...
Di al tuo amico di non preoccuparsi(Y)

Fabbio
22-04-2004, 20.14.08
OK, ma 70 attacchi in meno di un'ora io non lo trovo normale! Mi sembra un accanimento!!