Søg
Avatar billede henrik84 Nybegynder
15. november 2007 - 11:19 Der er 1 løsning

Port scanning fra lokal IP.

Da jeg tændte min computer tidligere i dag kunne jeg ikke komme på internettet. Et minut efter opstart får jeg en besked fra Bullgard at nogen har prøvet at skaffe sig adgang til min computer gennem portscanning.

IPen er opgivet til at være 192.168.1.50.

Jeg ved en smule omkring netværk, og jeg er da kommet til den konklusion at det nok er nogen i min egen opgang som har prøvet at hacke min computer. Og jeg tror det er lykkedes, for et par dage siden kunne jeg ikke logge ind på min WoW konto, fordi den ikke kunne genkende mit password.

Mit spørgsmål er så hvad jeg skal gøre ved det? Er der en måde at finde ud hvor i bygningen den person sidder? Det eneste alternativ jeg kan komme på er at melde det til politiet, men det er måske lige drastisk nok i første omgang....

En oversigt over firewall loggen:

10:31:04 - Profile "Brugertilpasset sikkerhed" applied. {3}
10:31:24 - ALLOWED Connection OUT TCP 0.0.0.0:1025 -> 207.46.19.190:80  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:31:24 - CLOSED Connection (by local host) TCP 0.0.0.0:1025 -> 207.46.19.190:80  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:31:37 - ALLOWED Connection IN TCP 127.0.0.1:27015 <- 127.0.0.1:1027  (C:\PROGRAMMER\FÆLLES FILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE). {0}
10:31:37 - ALLOWED Connection OUT TCP 0.0.0.0:1027 -> 127.0.0.1:27015  (J:\PROGRAMMER\ITUNES\ITUNESHELPER.EXE). {0}
10:31:42 - ALLOWED Connection OUT TCP 0.0.0.0:1029 -> 65.54.239.140:1863  (C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE). {0}
10:31:43 - CLOSED Connection (by remote host) TCP 0.0.0.0:1029 <- 65.54.239.140:1863  (C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE). {0}
10:31:43 - ALLOWED Connection OUT TCP 0.0.0.0:1030 -> 207.46.108.19:1863  (C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE). {0}
10:31:57 - ALLOWED Connection OUT TCP 0.0.0.0:1038 -> 212.143.22.63:80  (J:\PROGRAMMER\DAP\DAP.EXE). {0}
10:31:59 - CLOSED Connection (by remote host) TCP 0.0.0.0:1038 <- 212.143.22.63:80  (J:\PROGRAMMER\DAP\DAP.EXE). {0}
10:31:59 - ALLOWED Connection OUT TCP 0.0.0.0:1040 -> 193.164.155.89:6001  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:31:59 - CLOSED Connection (by remote host) TCP 0.0.0.0:1040 <- 193.164.155.89:6001  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:31:59 - Profile "Brugertilpasset sikkerhed" applied. {3}
10:32:12 - ALLOWED Packet (Send) ICMP (3 - destination unreachable) 127.0.0.1 -> 192.168.1.31 by "ICMP rules" (0x3FFFFF08). {0}
10:32:12 - ALLOWED Packet (Received) ICMP (3 - destination unreachable) 192.168.1.31 <- 127.0.0.1 by "ICMP rules" (0x3FFFFF08). {0}
10:32:23 - ALLOWED Connection OUT TCP 0.0.0.0:1044 -> 4.23.54.126:80  (C:\WINDOWS\SYSTEM32\SVCHOST.EXE). {0}
10:32:24 - ALLOWED Connection OUT TCP 0.0.0.0:1045 -> 64.4.21.61:80  (C:\WINDOWS\SYSTEM32\SVCHOST.EXE). {0}
10:32:31 - ALLOWED Connection OUT TCP 0.0.0.0:1046 -> 64.4.21.61:443  (C:\WINDOWS\SYSTEM32\SVCHOST.EXE). {0}
10:32:43 - CLOSED Connection (by remote host) TCP 0.0.0.0:1044 <- 4.23.54.126:80  (C:\WINDOWS\SYSTEM32\SVCHOST.EXE). {0}
10:32:51 - CLOSED Connection (by remote host) TCP 0.0.0.0:1030 <- 207.46.108.19:1863  (C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE). {0}
10:32:59 - ALLOWED Connection OUT TCP 0.0.0.0:1047 -> 207.46.19.254:80  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:32:59 - CLOSED Connection (by local host) TCP 0.0.0.0:1047 -> 207.46.19.254:80  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:33:11 - Single scan from a remote host detected: TCP 192.168.1.50:1049, Registered packets: 1, Packet Weight: 1, Total attacker weight: 1. {2}
10:33:11 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:33:11 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:33:28 - Single scan from a remote host detected: TCP 192.168.1.50:1051, Registered packets: 2, Packet Weight: 1, Total attacker weight: 2. {2}
10:33:28 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:33:28 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:33:28 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:33:28 - Single scan from a remote host detected: TCP 192.168.1.50:1053, Registered packets: 3, Packet Weight: 1, Total attacker weight: 3. {2}
10:33:28 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:33:36 - CLOSED Connection (by remote host) TCP 0.0.0.0:1045 <- 64.4.21.61:80  (C:\WINDOWS\SYSTEM32\SVCHOST.EXE). {0}
10:33:46 - CLOSED Connection (by remote host) TCP 0.0.0.0:1046 <- 64.4.21.61:443  (C:\WINDOWS\SYSTEM32\SVCHOST.EXE). {0}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1055, Registered packets: 1, Packet Weight: 1, Total attacker weight: 1. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1056, Registered packets: 2, Packet Weight: 1, Total attacker weight: 2. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1057, Registered packets: 3, Packet Weight: 1, Total attacker weight: 3. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1058, Registered packets: 4, Packet Weight: 1, Total attacker weight: 4. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1059, Registered packets: 5, Packet Weight: 1, Total attacker weight: 5. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1060, Registered packets: 6, Packet Weight: 1, Total attacker weight: 6. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1061, Registered packets: 7, Packet Weight: 1, Total attacker weight: 7. {2}
10:34:43 - Single scan from a remote host detected: TCP 192.168.1.50:1062, Registered packets: 8, Packet Weight: 1, Total attacker weight: 8. {2}
10:34:45 - Single scan from a remote host detected: TCP 192.168.1.26:1064, Registered packets: 1, Packet Weight: 1, Total attacker weight: 1. {2}
10:34:45 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.26 by "ICMP rules" (0x3FFFFF08). {0}
10:34:45 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.26 by "ICMP rules" (0x3FFFFF08). {0}
10:34:45 - Single scan from a remote host detected: TCP 192.168.1.26:1063, Registered packets: 2, Packet Weight: 1, Total attacker weight: 2. {2}
10:34:46 - Single scan from a remote host detected: TCP 192.168.1.26:1065, Registered packets: 3, Packet Weight: 1, Total attacker weight: 3. {2}
10:34:46 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.26 by "ICMP rules" (0x3FFFFF08). {0}
10:34:46 - Single scan from a remote host detected: TCP 192.168.1.26:1067, Registered packets: 4, Packet Weight: 1, Total attacker weight: 4. {2}
10:34:46 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.26 by "ICMP rules" (0x3FFFFF08). {0}
10:34:46 - Single scan from a remote host detected: TCP 192.168.1.26:1066, Registered packets: 5, Packet Weight: 1, Total attacker weight: 5. {2}
10:34:46 - Single scan from a remote host detected: TCP 192.168.1.50:1068, Registered packets: 9, Packet Weight: 1, Total attacker weight: 9. {2}
10:34:51 - ALLOWED Packet (Send) ICMP (3 - destination unreachable) 192.168.1.31 -> 192.168.1.1 by "ICMP rules" (0x3FFFFF08). {0}
10:34:51 - ALLOWED Packet (Send) ICMP (3 - destination unreachable) 192.168.1.31 -> 192.168.1.1 by "ICMP rules" (0x3FFFFF08). {0}
10:34:55 - Single scan from a remote host detected: TCP 192.168.1.50:1071, Registered packets: 10, Packet Weight: 1, Total attacker weight: 10. {2}
10:34:55 - Single scan from a remote host detected: TCP 192.168.1.50:1072, Registered packets: 11, Packet Weight: 1, Total attacker weight: 11. {2}
10:34:55 - Single scan from a remote host detected: TCP 192.168.1.50:1072. {2}
10:34:55 - The attacker 192.168.1.50 was banned for 300 seconds. {2}
10:34:56 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1074 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:34:56 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1075 -> 192.168.1.50:139 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:34:59 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1074 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:34:59 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1075 -> 192.168.1.50:139 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:35:05 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1074 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:35:05 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1075 -> 192.168.1.50:139 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:33 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:35 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:38 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1076 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:38 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:40 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:41 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1076 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:43 - BLOCKED Packet UDP 192.168.1.31:137 -> 192.168.1.50:137 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10) (\SYSTEM). {0}
10:36:47 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1076 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:36:59 - ALLOWED Connection OUT TCP 0.0.0.0:1078 -> 207.46.193.254:80  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:36:59 - CLOSED Connection (by local host) TCP 0.0.0.0:1078 -> 207.46.193.254:80  (C:\PROGRAMMER\BULLGUARD SOFTWARE\BULLGUARD\BULLGUARD.EXE). {0}
10:39:00 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:02 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:05 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1079 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:05 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:08 - BLOCKED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:08 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1079 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:14 - BLOCKED Packet (Send) TCP (SYN) 192.168.1.31:1079 -> 192.168.1.50:445 by "Blocked by Ban Intruders for 300 seconds" (0x3FFFFF10). {0}
10:39:28 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.26 by "ICMP rules" (0x3FFFFF08). {0}
10:39:28 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.26 by "ICMP rules" (0x3FFFFF08). {0}
10:39:28 - Single scan from a remote host detected: TCP 192.168.1.26:1082, Registered packets: 1, Packet Weight: 1, Total attacker weight: 1. {2}
10:39:28 - Single scan from a remote host detected: TCP 192.168.1.26:1081, Registered packets: 2, Packet Weight: 1, Total attacker weight: 2. {2}
10:39:28 - Single scan from a remote host detected: TCP 192.168.1.26:1083, Registered packets: 3, Packet Weight: 1, Total attacker weight: 3. {2}
10:39:28 - Single scan from a remote host detected: TCP 192.168.1.26:1084, Registered packets: 4, Packet Weight: 1, Total attacker weight: 4. {2}
10:39:28 - Single scan from a remote host detected: TCP 192.168.1.26:1085, Registered packets: 5, Packet Weight: 1, Total attacker weight: 5. {2}
10:40:04 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:04 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:05 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:05 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:06 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:06 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:07 - ALLOWED Packet (Send) ICMP (8 - echo request) 192.168.1.31 -> 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:40:07 - ALLOWED Packet (Received) ICMP (0 - echo reply) 192.168.1.31 <- 192.168.1.50 by "ICMP rules" (0x3FFFFF08). {0}
10:41:02 - CLOSED Connection (by local host) TCP 0.0.0.0:1027 -> 127.0.0.1:27015  (). {0}
10:41:02 - CLOSED Connection (by remote host) TCP 127.0.0.1:27015 <- 127.0.0.1:1027  (C:\PROGRAMMER\FÆLLES FILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE). {0}

10:42:23 - Profile "Brugertilpasset sikkerhed" applied. {3}
10:43:10 - ALLOWED Connection IN TCP 127.0.0.1:27015 <- 127.0.0.1:1033  (C:\PROGRAMMER\FÆLLES FILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE). {0}
10:43:10 - ALLOWED Connection OUT TCP 0.0.0.0:1033 -> 127.0.0.1:27015  (J:\PROGRAMMER\ITUNES\ITUNESHELPER.EXE). {0}
10:43:17 - Profile "Brugertilpasset sikkerhed" applied. {3}
Avatar billede bufferzone Praktikant
15. november 2007 - 12:18 #1
Det er ganske rigtigt en portscanning der er foretaget, men ikke en regulær portscanning idet der scannes noget icpm også og det vil en normal portscannet ikke.

Måden den scanner portene på indikerer også at der er tale om en eller anden form for automatisk scanning/angrebs script/programmel, der er kørt af mod dig.

Du kan ikke selv finde synderen via IP adressen, men henvend dig hos dem der administrere jeres net, send dem evt din logfil og anmod dem så om at gøre det fornødne alternativt opgive navn og adresse på synderen så du selv kan tage dig af tingene. mit råd vil dog vær at lade udbyderen håndterer tingene så du slipper for at afsløre hvem du er. Indtil nu ved personen jo kun at der sidder et system på din IP adresse, han ved måske(forhåbentlig) ikke hvem der sidder bag denne ip adresse
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »