PFSense'de mi problem var. Yoksa Local Ağda mı?
-
Arkadaşlar makineyi sabah yeniden kurdum. Tertemiz format attım.
Hiçbir ayar yapmadan, firewall log'larına bir bakarmısınız…Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:28 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:28 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:28 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:28 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:28 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:29 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:29 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:30 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:31 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:31 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:31 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:32 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:32 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:32 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:32 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:33 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:34 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:35 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:35 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:35 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:35 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:35 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:35 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:36 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:36 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:37 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:37 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:37 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:37 WAN 112.216.83.69:25345 46.196.128.103:53 UDP Nov 2 05:44:37 WAN 112.216.83.69:25345 46.196.128.103:53 UDP
Yaklaşık bu olayla 15 gün önce karşılaştım. Turksat Merkez'den Ankaradan aradılar.
Adamın söyledikleri aynen şu şekilde.
Ya saldırı yapıyorsunuz ya da sisteminizde bir problem var. Dün geceden beri 2 TB civarında DNS sorgusu yaptınız. Lütfen bu durumla ilgilenin. Yoksa internetinizi kesmek zorunda kalacağız…Switch'leri tek tek sökerek hangi kısımda sorun bulayım dedim. Ama hepsini sökmeme rağmen local ağ'da çıkmadı. PFSensedeki ana bağlantıyı söktüğümde direkt olay durdu dediler.
PFSense de bir açık olabilme ve üzerinden botnet tarzı saldırı yapabilmeleri veya kullanabilmeleri mümkün mü? Ki mümkün görünüyor...
Ve olay sadece bu kadar da değil, engellediğim ip'lerden birisi de ona da 443 nolu SSL portundan yoğun istek gidiyordu. B D P denilen şerefsizlerin sitesi...
-
Selam,
sistem loglarını kontrol ettiniz mi? Onlarında bir çıktısını paylaşır mısınız?
Sevgilerle,
SGTR -
System log'u da burada…
Nov 3 09:18:04 check_reload_status: Syncing firewall Nov 3 09:16:52 syslogd: kernel boot file is /boot/kernel/kernel Nov 3 09:16:52 syslogd: exiting on signal 15 Nov 3 09:16:52 check_reload_status: Syncing firewall Nov 3 09:16:30 syslogd: kernel boot file is /boot/kernel/kernel Nov 3 09:16:30 syslogd: exiting on signal 15 Nov 3 09:16:30 check_reload_status: Syncing firewall Nov 3 09:16:10 syslogd: kernel boot file is /boot/kernel/kernel Nov 3 09:16:10 syslogd: exiting on signal 15 Nov 3 09:15:40 php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.0.57 Nov 3 09:15:40 php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.0.57 Nov 3 09:14:57 dhclient: Creating resolv.conf Nov 3 09:14:57 dhclient: RENEW Nov 3 09:14:56 dhclient: Creating resolv.conf Nov 3 09:14:56 dhclient: RENEW Nov 3 09:12:54 dhclient: Creating resolv.conf Nov 3 09:12:54 dhclient: RENEW Nov 3 08:52:27 dhclient: Creating resolv.conf Nov 3 08:52:27 dhclient: RENEW Nov 3 08:52:26 dhclient: Creating resolv.conf Nov 3 08:52:26 dhclient: RENEW Nov 3 08:50:24 dhclient: Creating resolv.conf Nov 3 08:50:24 dhclient: RENEW Nov 3 08:29:57 dhclient: Creating resolv.conf Nov 3 08:29:57 dhclient: RENEW Nov 3 08:29:56 dhclient: Creating resolv.conf Nov 3 08:29:56 dhclient: RENEW Nov 3 08:27:54 dhclient: Creating resolv.conf Nov 3 08:27:54 dhclient: RENEW Nov 3 08:13:11 kernel: nfe0: link state changed to DOWN Nov 3 08:13:11 check_reload_status: Linkup starting nfe0 Nov 3 08:09:54 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s. Nov 3 08:09:54 apinger: Error while feeding rrdtool: Broken pipe Nov 3 08:09:13 check_reload_status: Reloading filter Nov 3 08:09:12 sshlockout[42788]: sshlockout/webConfigurator v3.0 starting up Nov 3 08:09:12 login: login on ttyv0 as root Nov 3 08:09:11 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing. Nov 3 08:09:08 squid[33734]: Squid Parent: child process 34297 started Nov 3 08:09:08 php: : Starting Squid Nov 3 08:09:06 squid[21514]: Squid Parent: child process 21713 exited with status 1 Nov 3 08:09:06 squid[21713]: The url_rewriter helpers are crashing too rapidly, need help! Nov 3 08:09:05 check_reload_status: Syncing firewall Nov 3 08:09:05 php: : Reloading Squid for configuration sync Nov 3 08:09:04 check_reload_status: Syncing firewall Nov 3 08:09:02 check_reload_status: Reloading filter Nov 3 08:09:02 php: : Reloading Squid for configuration sync Nov 3 08:09:01 check_reload_status: Reloading filter Nov 3 08:09:01 php: : Reloading Squid for configuration sync Nov 3 08:09:00 php: : Reloading Squid for configuration sync Nov 3 08:08:59 php: : Reloading Squid for configuration sync Nov 3 08:08:59 php: : Not calling package sync code for dependency squid of squid because some include files are missing. Nov 3 08:08:59 php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/11/03 08:08:59| aclParseAclLine: WARNING: empty ACL: acl ext_manager_3 src squid: ERROR: No running copy' Nov 3 08:08:59 php: : Reloading Squid for configuration sync Nov 3 08:08:58 php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/11/03 08:08:58| aclParseAclLine: WARNING: empty ACL: acl ext_manager_3 src squid: ERROR: No running copy' Nov 3 08:08:58 php: : Reloading Squid for configuration sync Nov 3 08:08:58 squid[21514]: Squid Parent: child process 21713 started Nov 3 08:08:58 php: : Starting Squid Nov 3 08:08:57 php: : Restarting/Starting all packages. Nov 3 08:08:57 php: : Creating rrd update script Nov 3 08:08:54 check_reload_status: Restarting ipsec tunnels Nov 3 08:08:54 dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface Nov 3 08:08:54 dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface Nov 3 08:08:54 dnsmasq[18836]: using nameserver 62.248.80.164#53 Nov 3 08:08:54 dnsmasq[18836]: using nameserver 62.248.80.162#53 Nov 3 08:08:54 dnsmasq[18836]: reading /etc/resolv.conf Nov 3 08:08:54 apinger: Starting Alarm Pinger, apinger(52631) Nov 3 08:08:53 php: : SQUID is installed but not started. Not installing "filter" rules. Nov 3 08:08:53 php: : SQUID is installed but not started. Not installing "pfearly" rules. Nov 3 08:08:53 php: : SQUID is installed but not started. Not installing "nat" rules. Nov 3 08:08:53 php: : Gateways status could not be determined, considering all as up/active. Nov 3 08:08:53 php: : Gateways status could not be determined, considering all as up/active. Nov 3 08:08:53 php: : Gateways status could not be determined, considering all as up/active. Nov 3 08:08:53 apinger: Exiting on signal 15. Nov 3 08:08:53 php: : rc.newwanip: on (IP address: 176.240.218.20) (interface: opt2) (real interface: bge2). Nov 3 08:08:53 php: : rc.newwanip: Informational is starting bge2. Nov 3 08:08:52 php: : OpenNTPD is starting up. Nov 3 08:08:52 php: : SQUID is installed but not started. Not installing "filter" rules. Nov 3 08:08:52 php: : SQUID is installed but not started. Not installing "pfearly" rules. Nov 3 08:08:52 php: : SQUID is installed but not started. Not installing "nat" rules. Nov 3 08:08:52 dnsmasq[18836]: read /etc/hosts - 2 addresses Nov 3 08:08:52 dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface Nov 3 08:08:52 dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface Nov 3 08:08:52 dnsmasq[18836]: using nameserver 62.248.80.164#53 Nov 3 08:08:52 dnsmasq[18836]: using nameserver 62.248.80.162#53 Nov 3 08:08:52 dnsmasq[18836]: reading /etc/resolv.conf Nov 3 08:08:52 dnsmasq[18836]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP Nov 3 08:08:52 dnsmasq[18836]: started, version 2.55 cachesize 10000 Nov 3 08:08:52 check_reload_status: Updating all dyndns Nov 3 08:08:51 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Nov 3 08:08:51 dhcpd: All rights reserved. Nov 3 08:08:51 dhcpd: Copyright 2004-2011 Internet Systems Consortium. Nov 3 08:08:51 dhcpd: Internet Systems Consortium DHCP Server 4.2.3 Nov 3 08:08:51 php: : ROUTING: setting default route to 46.196.128.1 Nov 3 08:08:51 apinger: Starting Alarm Pinger, apinger(2479) Nov 3 08:08:51 check_reload_status: Reloading filter Nov 3 08:08:50 apinger: Exiting on signal 15. Nov 3 08:08:49 apinger: Starting Alarm Pinger, apinger(62086) Nov 3 08:08:49 php: : rc.newwanip: on (IP address: 176.240.218.40) (interface: opt1) (real interface: bge3). Nov 3 08:08:49 php: : rc.newwanip: Informational is starting bge3. Nov 3 08:08:48 apinger: Exiting on signal 15.
-
Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP
Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP
Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDP
Nov 2 05:44:27 WAN 112.216.83.69:25345 46.196.128.103:53 UDPEldeki verilere bakarak şöyle bir komplo teorisi yazabilirim ancak eldeki veriler ile doğruluğunu kanıtlayamam. :)
Anladığım kadarıyla pfSense doğrudan bridge modda çalışıyor ve 46.196.128.103 IP adresi doğrudan pfSense üzerinde. Diğer adres olan 112.216.83.69 adresi is Güney Korede görünüyor.
İlk adres Turksat'a kayıtlı olduğu için sizin adresiniz olduğunu ve sizin Koredeki bir sistemi yönetmediğinizi varsayıyorum…Kayıtlara göre Koredeki bir IP adresi, pfSense cihazına WAN tarafından DNS istekleri gönderiyor gibi görünüyor. Büyük olasılıkla sizin sisteminzi DNS olarak kullanıyorlar gibi görünüyor.
Bu durumda benim aklıma bir kaç seçenek getiriyor...0- Başka bir sisteme at DNS sunucuna saldırı yapmak maksadı ile sizi aracı olarak kullanıyor olabilir.
1- Birileri pfSense sisteminiz üzerinden DNS tünel yöntemi ile kendi trafiğini geçiriyor olabilir.
2- Koreden birilerini çok kızdırdınız DNS servisinizi pert edip işlerinizi aksatmak için size DOS saldırısı yapıyor.PFSense de bir açık olabilme ve üzerinden botnet tarzı saldırı yapabilmeleri veya kullanabilmeleri mümkün mü? Ki mümkün görünüyor…
Açık olma ihtimali her zaman vardır. :) Eğer sisteminiz bir şekilde kırılmış ise botnetin parçası haline gelmiş olabilir…
Ama olmayabilir de... Trafik logundan gördüğüm kadarıyla TCP/UDP-53 portunuz WAN tarafında izinli ve birileri WAN tarafından sizi DNS olarak kullanma eğiliminde.
Firewall kurallarında WAN tarafından DNS sorularını engelleyecek bir düzenleme yaparsanız sorun çözülebilir diye düşünüyorum... -
Resimdeki gibi bir engelleme yaptım.
Sisteme sızları zor bir ihtiml diyeceğim ama imkansız diye bir şey yok. Dediğiniz gibi geçen gün dns iplerini yokladığımda içinde bir tanesi BDP'nin sitesinin ip adresiydi. Muhtemelen botnet'in bir parçası oldum. Ama olayı çözemedim bir türlü. Şuanda yazdığım makineden şüpheleniyorum. Büyük ihtimal sorun bunda. Çünkü PFSense'yi bir kaç kez yeniden kurdum… -
-
Evet ustadlar bir el atmanız lazım.Ciddi bir problem gibi duruyor.
-
-
merhaba,
Sorunlu makineleri elinizde hiç bir tool gerekmeksizin windowsun firewall ını kullanarak tespit edebilirsiniz.
Windowsun firewall özelliğinde log tut seçeneği mevcut senaryo şöyle;
- ortamdaki makinelerin firewallları açık değilse açık hale getiriniz.
- Windows üzerindeki firewall uygulamasından log tutma özelliğini açınız.
- Log dosyasını nereye kayıt edeceğini belirtin kayıt dosyası txt formatında kayıt edeceği için sorun olmayacaktır. bu bölümü network üzerinde bir makinede klasör oluşturun ve paylaşıma açın sonra bu klasöre everyone full yetki verin daha sonra diğer makinelerede firewall log tutma özelliğini açarken log dosyasının nereye kayıt edileceği yerde paylaşıma açtığımız klasörü gösterebiliriz. log dosya adınada makineadi.txt şeklinde kayıt edip günlük o paylaşım klasörüne erişip logları takip edebilirsiniz…..
-
Söylediğiniz yöntemi şüphelendiğim makinelerde deneyeceğim.
Diğer makinelerim'de deep frezee var. Ve hepsinin güvenlik duvarları kapalı…
Baya bir uğraştıracak. Umarım şüphelendiğim makinelerden birisinde çıkar.Bir de bu log'lar içinde özellikle dikkat edeceğim birşey varmı?
-
Söylediğiniz yöntemi şüphelendiğim makinelerde deneyeceğim.
Diğer makinelerim'de deep frezee var. Ve hepsinin güvenlik duvarları kapalı…
Baya bir uğraştıracak. Umarım şüphelendiğim makinelerden birisinde çıkar.Bir de bu log'lar içinde özellikle dikkat edeceğim birşey varmı?
sadece loglarda hangi iplere istek yapılmış onları takip etmen gerekecek
-
ActTimeIfSourceDestinationProto Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26WAN1184.168.72.113:37924176.240.216.7:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:25ADSL108.162.233.15:8088.225.216.75:53UDP Nov 16 23:15:25WAN185.214.147.66:443176.240.216.7:53UDP
Act Time If Source Destination Proto Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:40 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:39 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP Nov 16 23:16:38 ADSL 108.162.233.15:80 88.225.216.75:53 UDP
Arkadaşlar nedir bu anlayamadım bir türlü. Sorunu da çözemedim. nereden geldiğinide çözemedim. Bir yardımcı olsanız. Bir el atsanı şu işe…
-
Last 100 firewall log entries Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 62355+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007309 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 11089, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 49208+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.030868 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1172, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 14127+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.005120 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65334, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 49512+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.002778 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 17226, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 1686+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.037880 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36552, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 13356+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.027637 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63538, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 4435+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.017707 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 27298, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 22092+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007167 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44294, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 59548+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.003949 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 25668, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 12445+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.026617 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 30440, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 43427+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.018725 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 233, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 14219+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.011116 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65078, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 5164+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.000435 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49282, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 58772+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.015501 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16918, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 28344+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.034083 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 28689, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 16412+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.093606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36411, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 28318+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.064788 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 6207, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 18516+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.085998 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 23537, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 6041+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.026909 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24437, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 44843+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.045493 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 43947, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 8322+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.019156 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 54902, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 40777+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.019019 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 18198, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 47051+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007168 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 7407, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 62963+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.019303 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49035, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 40655+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.039347 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24352, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 39658+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.006576 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 13839, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 42934+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.076499 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63074, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 65507+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 60145, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 45363+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.023110 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44461, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 38826+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.002185 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14992, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 40990+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.008494 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1156, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 18276+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.003363 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24723, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 26591+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.013306 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 33065, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 25720+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.011409 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 22394, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 8598+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007895 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 5916, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 52056+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.012722 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 35730, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 17735+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.052367 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48542, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 45868+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.056597 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 46019, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 48909+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.100171 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 8613, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 10615+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.074471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16646, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 45970+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.002471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24370, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 60530+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.026490 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 50136, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 24255+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.003364 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48828, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 32775+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.022804 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 56221, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 29000+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.041975 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 47994, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 28604+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.068461 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 37522, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 21780+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.025137 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 9765, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 50654+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.036244 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14639, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 64756+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.040411 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48183, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 30850+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.048267 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 31983, offset 0, flags [none], proto UDP (17), length 64)
Log'ların normal görünüm şeklide bu şekilde…
-
ciddi bir problem,üstadlar mutlaka yardımcı olmalı !
bence bu tür sorgular çoğumuzda vardır ama hiçbirimiz önemsemiyoruzdur.
ufak bir yardımım olabilir. Ben sistemimde daha yeni pfsense kurdum.Metro bağlantısı var ve online.Hiç client bağlantım yok ama bende de buna benzer anlam veremediğim port no'ları ile sorgular var.
-
Yokmu önerisi olan bir arkadaş?
-
-
Evet 3 hattım var. 2 Kablonet 1 tane ADSL.
ADSL'de Bridge olarak pppoe bağlı… -
Last 100 firewall log entries Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 62355+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007309 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 11089, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 49208+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.030868 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1172, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 14127+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.005120 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65334, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 49512+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.002778 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 17226, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 1686+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.037880 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36552, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 13356+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.027637 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63538, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 4435+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.017707 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 27298, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 22092+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007167 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44294, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 59548+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.003949 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 25668, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 12445+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.026617 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 30440, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 43427+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.018725 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 233, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 14219+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.011116 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65078, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 5164+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.000435 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49282, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 58772+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.015501 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16918, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 28344+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.034083 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 28689, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 16412+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.093606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36411, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 28318+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.064788 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 6207, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 18516+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.085998 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 23537, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 6041+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.026909 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24437, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 44843+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.045493 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 43947, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 8322+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.019156 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 54902, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 40777+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.019019 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 18198, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 47051+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007168 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 7407, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 62963+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.019303 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49035, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 40655+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.039347 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24352, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 39658+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.006576 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 13839, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 42934+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.076499 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63074, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 65507+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 60145, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 45363+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.023110 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44461, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 38826+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.002185 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14992, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 40990+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.008494 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1156, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 18276+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.003363 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24723, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 26591+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.013306 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 33065, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 25720+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.011409 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 22394, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 8598+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.007895 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 5916, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 52056+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.012722 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 35730, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 17735+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.052367 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48542, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:24 pf: 108.162.233.15.80 > 88.225.216.75.53: 45868+ [1au] ANY? isc.org. (36) Nov 16 23:35:24 pf: 00:00:00.056597 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 46019, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 48909+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.100171 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 8613, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 10615+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.074471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16646, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 45970+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.002471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24370, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 60530+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.026490 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 50136, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 24255+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.003364 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48828, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 32775+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.022804 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 56221, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 29000+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.041975 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 47994, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 28604+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.068461 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 37522, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 21780+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.025137 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 9765, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 50654+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.036244 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14639, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 64756+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.040411 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48183, offset 0, flags [none], proto UDP (17), length 64) Nov 16 23:35:23 pf: 108.162.233.15.80 > 88.225.216.75.53: 30850+ [1au] ANY? isc.org. (36) Nov 16 23:35:23 pf: 00:00:00.048267 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 31983, offset 0, flags [none], proto UDP (17), length 64)
Log'ların normal görünüm şeklide bu şekilde…
Merhaba,
Konu açıldığıldığından beri takip ediyorum Turksat sizin sorununuzu anlamış aslında bir önceki postumda yazacaktım sizden logların gelmesini bekledim anlattıklarınızla yaşadıklarınızı karşılaştırınca logları incelediğimizde networkünüzde muhtemel bir zombi bulunuyor bir bilgisayar da ya da birkaç bilgisayarda yüklü olan popüler ve sık kullanılan crackli program kullanıyorsanız bu yapıyor olabilir zombie ler asker gibi çalışırlar emir gelmeksizin harekete geçmezler emir geldiğinde bulundukları yerden asıl saldırıya maruz kalacak sisteme sizin sisteminiz gibi bi kaçtane daha şirketin networkünü elegeçirmişlerdir saldırı başlar!!! bu durumda zombi kodunu yazan kişi antivirüs ve firewall ların zayıf noktalarını ele alaraktan kodu geliştirip yazıyor dolayısıyla biçok antivirüs ve firewallar butür zararlı kod taşıyan paketleri tanıyamıyorlar yada kendini güvenli bir noktadan geliyormuş gibi gösterirler o yüzden şunu deneyin sıfır yeni pc sistemi kurun üzerinde hiç birşey olmasın sadece windows ve makinenin driverlarını yükleyin sonra bu makineyi internete çıkarın ve hem windows firewall loglarından hemde pfsensedeki bu makineye ait logları takip ediniz. Muhtemelen bu yeni kurduğunuz pc temiz çıkacak yapacağınız diğer kullanıcılarda yüklü olan yazılımların listesini çıkarıp teker teker bu yazılımları kurup izlemeniz gerekecekyazılımlardan birini kurdunuz hemen diğerine geçmeyin bir süre ilk kurduğunuz yazılım yüklüyken pcyi izleyin logları takip edin he eğer temiz ise birşey yok ise diğer yazılımı kurun onu o şekilde takip edin mutlaka çıkacaktır. -
kardes abes kacabilir :P tek tek pcleri antivirus,spam,malware,internet securty vsvs olan bi programla tara.duZ mantik viruslu olanin cok tepesine
-
130 Tane makine olduğu için tek tek baya bir uğraştırır. Bu sistemdeki sıkıntı için başka önerisi olan yok mu?