Suspeita de Trafego



  • Olá, estou com um reteador wifi na rede, e o PFsense tem me mostrado um trafego estranho:
    || Sep 12 08:24:22 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:24 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 129.6.15.29 ICMP
    Sep 12 08:24:26 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:27 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 18.145.0.30 ICMP
    Sep 12 08:24:30 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:30 LAN2 pfB_Top_v4 auto rule (1770009786) 192.168.6.139 211.138.200.208 ICMP
    Sep 12 08:24:33 LAN2 pfB_Top_v4 auto rule (1770009786) 192.168.6.139 180.76.76.76 ICMP
    Sep 12 08:24:34 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:36 LAN2 pfB_Top_v4 auto rule (1770009786) 192.168.6.139 223.5.5.5 ICMP
    Sep 12 08:24:38 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:39 LAN2 pfB_Top_v4 auto rule (1770009786) 192.168.6.139 119.29.29.29 ICMP
    Sep 12 08:24:42 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:42 LAN2 pfB_Top_v4 auto rule (1770009786) 192.168.6.139 114.114.114.114 ICMP
    Sep 12 08:24:46 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:50 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:50 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 129.6.15.28 ICMP
    Sep 12 08:24:52 LAN2 Liberação Navegação (1564430764) 192.168.6.139:51642 172.217.172.131:443 UDP
    Sep 12 08:24:52 LAN2 Liberação Navegação (1564430764) 192.168.6.139:59755 216.239.32.116:443 UDP
    Sep 12 08:24:52 LAN2 Liberação Navegação (1564430764) 192.168.6.139:47289 216.239.32.116:443 TCP:S
    Sep 12 08:24:53 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 129.6.15.29 ICMP
    Sep 12 08:24:54 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP
    Sep 12 08:24:56 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 18.145.0.30 ICMP
    Sep 12 08:24:58 LAN2 Default deny rule IPv4 (1000000103) 192.168.6.139 192.221.253.120 ICMP||

    08:39:39.377442 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3254, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:39:42.377558 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3255, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:39:45.377540 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3256, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:39:48.377603 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3257, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:39:51.377596 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3258, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:39:54.377633 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3259, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:39:57.377630 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3260, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:40:00.377655 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3261, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:40:08.377653 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3262, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:40:11.377737 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3264, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:40:14.377870 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3265, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:40:17.377776 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3266, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:40:20.377795 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3267, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:40:23.377821 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3268, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:40:26.377838 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3269, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:40:29.377856 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3270, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:40:52.378027 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3271, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:40:55.378069 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3272, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:40:58.378083 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3273, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:01.378107 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3274, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:41:04.378128 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3275, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:07.378147 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3276, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:10.384678 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3277, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:41:13.378196 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3278, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:21.378527 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3279, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:41:24.378249 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3280, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:41:27.378267 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3281, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:30.378304 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3282, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:41:33.378311 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3283, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:36.378326 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3284, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:39.378381 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3285, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:41:42.378373 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3286, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:50.378516 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3287, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:41:53.378451 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3288, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:41:56.378497 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3299, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:41:59.378496 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3300, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:42:02.378512 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3301, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:42:05.378538 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3302, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:42:08.378581 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3303, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:42:11.378889 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3304, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:42:34.378719 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3305, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:42:37.378811 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3306, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:42:40.378826 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3307, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:42:43.378849 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3308, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:42:46.378820 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3309, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:42:49.386126 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3310, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:42:52.378891 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3311, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:42:55.378916 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3312, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:03.378883 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3313, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:43:06.378966 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3314, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:43:09.378984 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3315, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:12.379005 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3316, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:43:15.379029 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3317, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:18.379052 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3318, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:21.379072 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3319, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:43:24.379119 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3320, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:32.379085 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3321, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-a-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:43:35.379174 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3322, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > time-b-g.nist.gov: ICMP echo request, id 15832, seq 0, length 64
    08:43:38.379184 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3323, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > ec2-18-145-0-30.us-west-1.compute.amazonaws.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:41.379237 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3324, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > 211.138.200.208: ICMP echo request, id 15832, seq 0, length 64
    08:43:44.379236 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3325, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public-dns-a.baidu.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:47.379287 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3326, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.alidns.com: ICMP echo request, id 15832, seq 0, length 64
    08:43:50.379285 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3327, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > pdns.dnspod.cn: ICMP echo request, id 15832, seq 0, length 64
    08:43:53.379291 cc:2d:21:3b:6d:30 (oui Unknown) > 00:e0:4c:68:00:26 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 3328, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.6.139 > public1.114dns.com: ICMP echo request, id 15832, seq 0, length 64

    Sera um falso positivo ? Tem alguma outra ferramenta no PF para identificar isso ?


Log in to reply