PFSense'de mi problem var. Yoksa Local Ağda mı?



  • Arkadaşlar makineyi sabah yeniden kurdum. Tertemiz format attım.
    Hiçbir ayar yapmadan, firewall log'larına bir bakarmısınız…

    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:29	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:29	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:31	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:31	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:31	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:33	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:36	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:36	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    
    Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP
    

    Yaklaşık bu olayla 15 gün önce karşılaştım. Turksat Merkez'den Ankaradan aradılar.
    Adamın söyledikleri aynen şu şekilde.
    Ya saldırı yapıyorsunuz ya da sisteminizde bir problem var. Dün geceden beri 2 TB civarında DNS sorgusu yaptınız. Lütfen bu durumla ilgilenin. Yoksa internetinizi kesmek zorunda kalacağız…

    Switch'leri tek tek sökerek hangi kısımda sorun bulayım dedim. Ama hepsini sökmeme rağmen local ağ'da çıkmadı. PFSensedeki ana bağlantıyı söktüğümde direkt olay durdu dediler.

    PFSense de bir açık olabilme ve üzerinden botnet tarzı saldırı yapabilmeleri veya kullanabilmeleri mümkün mü? Ki mümkün görünüyor...

    Ve olay sadece bu kadar da değil, engellediğim ip'lerden birisi de ona da 443 nolu SSL portundan yoğun istek gidiyordu. B D P denilen şerefsizlerin sitesi...



  • Selam,

    sistem loglarını kontrol ettiniz mi? Onlarında bir çıktısını paylaşır mısınız?

    Sevgilerle,
    SGTR



  • System log'u da burada…

    Nov 3 09:18:04	check_reload_status: Syncing firewall
    Nov 3 09:16:52	syslogd: kernel boot file is /boot/kernel/kernel
    Nov 3 09:16:52	syslogd: exiting on signal 15
    Nov 3 09:16:52	check_reload_status: Syncing firewall
    Nov 3 09:16:30	syslogd: kernel boot file is /boot/kernel/kernel
    Nov 3 09:16:30	syslogd: exiting on signal 15
    Nov 3 09:16:30	check_reload_status: Syncing firewall
    Nov 3 09:16:10	syslogd: kernel boot file is /boot/kernel/kernel
    Nov 3 09:16:10	syslogd: exiting on signal 15
    Nov 3 09:15:40	php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.0.57
    Nov 3 09:15:40	php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.0.57
    Nov 3 09:14:57	dhclient: Creating resolv.conf
    Nov 3 09:14:57	dhclient: RENEW
    Nov 3 09:14:56	dhclient: Creating resolv.conf
    Nov 3 09:14:56	dhclient: RENEW
    Nov 3 09:12:54	dhclient: Creating resolv.conf
    Nov 3 09:12:54	dhclient: RENEW
    Nov 3 08:52:27	dhclient: Creating resolv.conf
    Nov 3 08:52:27	dhclient: RENEW
    Nov 3 08:52:26	dhclient: Creating resolv.conf
    Nov 3 08:52:26	dhclient: RENEW
    Nov 3 08:50:24	dhclient: Creating resolv.conf
    Nov 3 08:50:24	dhclient: RENEW
    Nov 3 08:29:57	dhclient: Creating resolv.conf
    Nov 3 08:29:57	dhclient: RENEW
    Nov 3 08:29:56	dhclient: Creating resolv.conf
    Nov 3 08:29:56	dhclient: RENEW
    Nov 3 08:27:54	dhclient: Creating resolv.conf
    Nov 3 08:27:54	dhclient: RENEW
    Nov 3 08:13:11	kernel: nfe0: link state changed to DOWN
    Nov 3 08:13:11	check_reload_status: Linkup starting nfe0
    Nov 3 08:09:54	apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
    Nov 3 08:09:54	apinger: Error while feeding rrdtool: Broken pipe
    Nov 3 08:09:13	check_reload_status: Reloading filter
    Nov 3 08:09:12	sshlockout[42788]: sshlockout/webConfigurator v3.0 starting up
    Nov 3 08:09:12	login: login on ttyv0 as root
    Nov 3 08:09:11	php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
    Nov 3 08:09:08	squid[33734]: Squid Parent: child process 34297 started
    Nov 3 08:09:08	php: : Starting Squid
    Nov 3 08:09:06	squid[21514]: Squid Parent: child process 21713 exited with status 1
    Nov 3 08:09:06	squid[21713]: The url_rewriter helpers are crashing too rapidly, need help!
    Nov 3 08:09:05	check_reload_status: Syncing firewall
    Nov 3 08:09:05	php: : Reloading Squid for configuration sync
    Nov 3 08:09:04	check_reload_status: Syncing firewall
    Nov 3 08:09:02	check_reload_status: Reloading filter
    Nov 3 08:09:02	php: : Reloading Squid for configuration sync
    Nov 3 08:09:01	check_reload_status: Reloading filter
    Nov 3 08:09:01	php: : Reloading Squid for configuration sync
    Nov 3 08:09:00	php: : Reloading Squid for configuration sync
    Nov 3 08:08:59	php: : Reloading Squid for configuration sync
    Nov 3 08:08:59	php: : Not calling package sync code for dependency squid of squid because some include files are missing.
    Nov 3 08:08:59	php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/11/03 08:08:59| aclParseAclLine: WARNING: empty ACL: acl ext_manager_3 src squid: ERROR: No running copy'
    Nov 3 08:08:59	php: : Reloading Squid for configuration sync
    Nov 3 08:08:58	php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/11/03 08:08:58| aclParseAclLine: WARNING: empty ACL: acl ext_manager_3 src squid: ERROR: No running copy'
    Nov 3 08:08:58	php: : Reloading Squid for configuration sync
    Nov 3 08:08:58	squid[21514]: Squid Parent: child process 21713 started
    Nov 3 08:08:58	php: : Starting Squid
    Nov 3 08:08:57	php: : Restarting/Starting all packages.
    Nov 3 08:08:57	php: : Creating rrd update script
    Nov 3 08:08:54	check_reload_status: Restarting ipsec tunnels
    Nov 3 08:08:54	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
    Nov 3 08:08:54	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
    Nov 3 08:08:54	dnsmasq[18836]: using nameserver 62.248.80.164#53
    Nov 3 08:08:54	dnsmasq[18836]: using nameserver 62.248.80.162#53
    Nov 3 08:08:54	dnsmasq[18836]: reading /etc/resolv.conf
    Nov 3 08:08:54	apinger: Starting Alarm Pinger, apinger(52631)
    Nov 3 08:08:53	php: : SQUID is installed but not started. Not installing "filter" rules.
    Nov 3 08:08:53	php: : SQUID is installed but not started. Not installing "pfearly" rules.
    Nov 3 08:08:53	php: : SQUID is installed but not started. Not installing "nat" rules.
    Nov 3 08:08:53	php: : Gateways status could not be determined, considering all as up/active.
    Nov 3 08:08:53	php: : Gateways status could not be determined, considering all as up/active.
    Nov 3 08:08:53	php: : Gateways status could not be determined, considering all as up/active.
    Nov 3 08:08:53	apinger: Exiting on signal 15.
    Nov 3 08:08:53	php: : rc.newwanip: on (IP address: 176.240.218.20) (interface: opt2) (real interface: bge2).
    Nov 3 08:08:53	php: : rc.newwanip: Informational is starting bge2.
    Nov 3 08:08:52	php: : OpenNTPD is starting up.
    Nov 3 08:08:52	php: : SQUID is installed but not started. Not installing "filter" rules.
    Nov 3 08:08:52	php: : SQUID is installed but not started. Not installing "pfearly" rules.
    Nov 3 08:08:52	php: : SQUID is installed but not started. Not installing "nat" rules.
    Nov 3 08:08:52	dnsmasq[18836]: read /etc/hosts - 2 addresses
    Nov 3 08:08:52	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
    Nov 3 08:08:52	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
    Nov 3 08:08:52	dnsmasq[18836]: using nameserver 62.248.80.164#53
    Nov 3 08:08:52	dnsmasq[18836]: using nameserver 62.248.80.162#53
    Nov 3 08:08:52	dnsmasq[18836]: reading /etc/resolv.conf
    Nov 3 08:08:52	dnsmasq[18836]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Nov 3 08:08:52	dnsmasq[18836]: started, version 2.55 cachesize 10000
    Nov 3 08:08:52	check_reload_status: Updating all dyndns
    Nov 3 08:08:51	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Nov 3 08:08:51	dhcpd: All rights reserved.
    Nov 3 08:08:51	dhcpd: Copyright 2004-2011 Internet Systems Consortium.
    Nov 3 08:08:51	dhcpd: Internet Systems Consortium DHCP Server 4.2.3
    Nov 3 08:08:51	php: : ROUTING: setting default route to 46.196.128.1
    Nov 3 08:08:51	apinger: Starting Alarm Pinger, apinger(2479)
    Nov 3 08:08:51	check_reload_status: Reloading filter
    Nov 3 08:08:50	apinger: Exiting on signal 15.
    Nov 3 08:08:49	apinger: Starting Alarm Pinger, apinger(62086)
    Nov 3 08:08:49	php: : rc.newwanip: on (IP address: 176.240.218.40) (interface: opt1) (real interface: bge3).
    Nov 3 08:08:49	php: : rc.newwanip: Informational is starting bge3.
    Nov 3 08:08:48	apinger: Exiting on signal 15.
    


  • @lord2oo0:

    Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP
    Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP
    Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP
    Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP

    Eldeki verilere bakarak şöyle bir komplo teorisi yazabilirim ancak eldeki veriler ile doğruluğunu kanıtlayamam. :)

    Anladığım kadarıyla pfSense doğrudan bridge modda çalışıyor ve 46.196.128.103 IP adresi doğrudan pfSense üzerinde. Diğer adres olan 112.216.83.69 adresi is Güney Korede görünüyor.
    İlk adres Turksat'a kayıtlı olduğu için sizin adresiniz olduğunu ve sizin Koredeki bir sistemi yönetmediğinizi varsayıyorum…

    Kayıtlara göre Koredeki bir IP adresi, pfSense cihazına WAN tarafından DNS istekleri gönderiyor gibi görünüyor. Büyük olasılıkla sizin sisteminzi DNS olarak kullanıyorlar gibi görünüyor.
    Bu durumda benim aklıma bir kaç seçenek getiriyor...

    0- Başka bir sisteme at DNS sunucuna saldırı yapmak maksadı ile sizi aracı olarak kullanıyor olabilir.
    1- Birileri pfSense sisteminiz üzerinden DNS tünel yöntemi ile kendi trafiğini geçiriyor olabilir.
    2- Koreden birilerini çok kızdırdınız DNS servisinizi pert edip işlerinizi aksatmak için size DOS saldırısı yapıyor.

    PFSense de bir açık olabilme ve üzerinden botnet tarzı saldırı yapabilmeleri veya kullanabilmeleri mümkün mü? Ki mümkün görünüyor…

    Açık olma ihtimali her zaman vardır. :) Eğer sisteminiz bir şekilde kırılmış ise botnetin parçası haline gelmiş olabilir…

    Ama olmayabilir de... Trafik logundan gördüğüm kadarıyla TCP/UDP-53 portunuz WAN tarafında izinli ve birileri WAN tarafından sizi DNS olarak kullanma eğiliminde.
    Firewall kurallarında WAN tarafından DNS sorularını engelleyecek bir düzenleme yaparsanız sorun çözülebilir diye düşünüyorum...



  • eNKPH.jpg

    Resimdeki gibi bir engelleme yaptım.
    Sisteme sızları zor bir ihtiml diyeceğim ama imkansız diye bir şey yok. Dediğiniz gibi geçen gün dns iplerini yokladığımda içinde bir tanesi BDP'nin sitesinin ip adresiydi. Muhtemelen botnet'in bir parçası oldum. Ama olayı çözemedim bir türlü. Şuanda yazdığım makineden şüpheleniyorum. Büyük ihtimal sorun bunda. Çünkü PFSense'yi bir kaç kez yeniden kurdum…



  • Arkadaşlar bu nedir? bir türlü anlayabilmiş değilim. Sürekli böyle abuk subuk ip'ler, abuk subuk portlar. Ne yaptığını bir türlü anlayabilmiş değilim…
    Bir fikri olan var mı?
    Yardımcı olabilecek var mı?



  • Evet ustadlar bir el atmanız lazım.Ciddi bir problem gibi duruyor.



  • 3'tane WAN bacağına da bu şekilde bir kural ekleyip block yaparak sorunu çözdüm gibi görünüyor. Ama halen sorunlu makineyi bulmuş değilim. Onu nasıl bulacağım hakkında bir görüşü önerisi olan varmı? Kuralı deaktif yaptığım zaman yine başlıyor hemen…



  • merhaba,

    Sorunlu makineleri elinizde hiç bir tool gerekmeksizin windowsun firewall ını kullanarak tespit edebilirsiniz.

    Windowsun firewall özelliğinde log tut seçeneği mevcut senaryo şöyle;

    • ortamdaki makinelerin firewallları açık değilse açık hale getiriniz.
    • Windows üzerindeki firewall uygulamasından log tutma özelliğini açınız.
    • Log dosyasını nereye kayıt edeceğini belirtin kayıt dosyası txt formatında kayıt edeceği için sorun olmayacaktır. bu bölümü network üzerinde bir makinede  klasör oluşturun ve paylaşıma açın sonra bu klasöre everyone full yetki verin daha sonra diğer makinelerede  firewall log tutma özelliğini açarken log dosyasının nereye kayıt edileceği yerde paylaşıma açtığımız klasörü gösterebiliriz. log dosya adınada makineadi.txt şeklinde kayıt edip günlük o paylaşım klasörüne erişip logları takip edebilirsiniz…..


  • Söylediğiniz yöntemi şüphelendiğim makinelerde deneyeceğim.
    Diğer makinelerim'de deep frezee var. Ve hepsinin güvenlik duvarları kapalı…
    Baya bir uğraştıracak. Umarım şüphelendiğim makinelerden birisinde çıkar.

    Bir de bu log'lar içinde özellikle dikkat edeceğim birşey varmı?



  • @lord2oo0:

    Söylediğiniz yöntemi şüphelendiğim makinelerde deneyeceğim.
    Diğer makinelerim'de deep frezee var. Ve hepsinin güvenlik duvarları kapalı…
    Baya bir uğraştıracak. Umarım şüphelendiğim makinelerden birisinde çıkar.

    Bir de bu log'lar içinde özellikle dikkat edeceğim birşey varmı?

    sadece loglarda hangi iplere istek yapılmış onları takip etmen gerekecek



  • ActTimeIfSourceDestinationProto
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26WAN1184.168.72.113:37924176.240.216.7:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:25ADSL108.162.233.15:8088.225.216.75:53UDP
     Nov 16 23:15:25WAN185.214.147.66:443176.240.216.7:53UDP
    
    Act	Time	If	Source	Destination	Proto
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    
    Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP
    

    Arkadaşlar nedir bu anlayamadım bir türlü. Sorunu da çözemedim. nereden geldiğinide çözemedim. Bir yardımcı olsanız. Bir el atsanı şu işe…



  • Last 100 firewall log entries
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62355+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007309 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 11089, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49208+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.030868 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1172, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14127+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.005120 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65334, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49512+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.002778 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 17226, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 1686+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.037880 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36552, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 13356+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.027637 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63538, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 4435+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.017707 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 27298, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 22092+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007167 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44294, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 59548+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.003949 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 25668, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 12445+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.026617 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 30440, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 43427+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.018725 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 233, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14219+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.011116 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65078, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 5164+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.000435 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49282, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 58772+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.015501 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16918, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28344+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.034083 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 28689, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 16412+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.093606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36411, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28318+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.064788 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 6207, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18516+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.085998 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 23537, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 6041+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.026909 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24437, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 44843+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.045493 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 43947, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8322+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.019156 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 54902, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40777+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.019019 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 18198, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 47051+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007168 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 7407, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62963+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.019303 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49035, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40655+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.039347 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24352, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 39658+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.006576 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 13839, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 42934+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.076499 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63074, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 65507+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 60145, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45363+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.023110 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44461, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 38826+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.002185 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14992, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40990+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.008494 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1156, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18276+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.003363 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24723, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 26591+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.013306 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 33065, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 25720+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.011409 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 22394, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8598+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007895 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 5916, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 52056+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.012722 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 35730, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 17735+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.052367 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48542, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45868+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.056597 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 46019, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 48909+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.100171 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 8613, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 10615+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.074471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16646, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 45970+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.002471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24370, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 60530+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.026490 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 50136, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 24255+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.003364 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48828, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 32775+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.022804 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 56221, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 29000+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.041975 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 47994, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 28604+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.068461 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 37522, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 21780+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.025137 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 9765, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 50654+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.036244 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14639, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 64756+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.040411 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48183, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 30850+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.048267 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 31983, offset 0, flags [none], proto UDP (17), length 64)
    

    Log'ların normal görünüm şeklide bu şekilde…



  • ciddi bir problem,üstadlar mutlaka yardımcı olmalı !

    bence bu tür sorgular çoğumuzda vardır ama hiçbirimiz önemsemiyoruzdur.

    ufak bir yardımım olabilir. Ben sistemimde daha yeni pfsense kurdum.Metro bağlantısı var ve online.Hiç client bağlantım yok ama bende de buna benzer anlam veremediğim port no'ları ile sorgular var.



  • Yokmu önerisi olan bir arkadaş?



  • @lord2oo0:

    Yokmu önerisi olan bir arkadaş?

    pppoe sorgulamanızı pfsense mi yapıyor?



  • Evet 3 hattım var. 2 Kablonet 1 tane ADSL.
    ADSL'de Bridge olarak pppoe bağlı…



  • @lord2oo0:

    Last 100 firewall log entries
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62355+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007309 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 11089, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49208+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.030868 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1172, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14127+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.005120 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65334, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49512+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.002778 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 17226, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 1686+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.037880 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36552, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 13356+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.027637 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63538, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 4435+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.017707 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 27298, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 22092+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007167 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44294, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 59548+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.003949 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 25668, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 12445+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.026617 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 30440, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 43427+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.018725 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 233, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14219+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.011116 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65078, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 5164+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.000435 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49282, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 58772+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.015501 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16918, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28344+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.034083 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 28689, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 16412+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.093606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36411, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28318+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.064788 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 6207, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18516+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.085998 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 23537, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 6041+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.026909 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24437, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 44843+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.045493 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 43947, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8322+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.019156 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 54902, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40777+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.019019 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 18198, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 47051+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007168 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 7407, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62963+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.019303 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49035, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40655+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.039347 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24352, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 39658+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.006576 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 13839, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 42934+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.076499 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63074, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 65507+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 60145, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45363+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.023110 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44461, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 38826+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.002185 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14992, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40990+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.008494 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1156, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18276+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.003363 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24723, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 26591+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.013306 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 33065, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 25720+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.011409 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 22394, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8598+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.007895 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 5916, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 52056+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.012722 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 35730, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 17735+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.052367 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48542, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45868+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:24	pf: 00:00:00.056597 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 46019, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 48909+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.100171 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 8613, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 10615+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.074471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16646, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 45970+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.002471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24370, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 60530+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.026490 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 50136, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 24255+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.003364 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48828, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 32775+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.022804 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 56221, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 29000+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.041975 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 47994, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 28604+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.068461 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 37522, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 21780+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.025137 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 9765, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 50654+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.036244 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14639, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 64756+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.040411 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48183, offset 0, flags [none], proto UDP (17), length 64)
    Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 30850+ [1au] ANY? isc.org. (36)
    Nov 16 23:35:23	pf: 00:00:00.048267 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 31983, offset 0, flags [none], proto UDP (17), length 64)
    

    Log'ların normal görünüm şeklide bu şekilde…

    Merhaba,
    Konu açıldığıldığından beri takip ediyorum Turksat sizin sorununuzu anlamış aslında bir önceki postumda yazacaktım sizden logların gelmesini bekledim anlattıklarınızla yaşadıklarınızı karşılaştırınca logları incelediğimizde networkünüzde muhtemel bir zombi bulunuyor bir bilgisayar da ya da birkaç bilgisayarda yüklü olan popüler ve sık kullanılan crackli program kullanıyorsanız bu yapıyor olabilir zombie ler asker gibi çalışırlar emir gelmeksizin harekete geçmezler emir geldiğinde bulundukları yerden asıl saldırıya maruz kalacak sisteme sizin sisteminiz gibi bi kaçtane daha şirketin networkünü elegeçirmişlerdir saldırı başlar!!! bu durumda zombi kodunu yazan kişi antivirüs ve firewall ların zayıf noktalarını ele alaraktan kodu geliştirip yazıyor dolayısıyla biçok antivirüs ve firewallar butür zararlı kod taşıyan paketleri tanıyamıyorlar yada kendini güvenli bir noktadan geliyormuş gibi gösterirler  o yüzden şunu deneyin sıfır yeni pc sistemi kurun üzerinde hiç birşey olmasın sadece windows ve makinenin driverlarını yükleyin sonra bu makineyi internete çıkarın ve hem windows firewall loglarından hemde pfsensedeki bu makineye ait logları takip ediniz. Muhtemelen bu yeni kurduğunuz pc temiz çıkacak yapacağınız diğer kullanıcılarda yüklü olan yazılımların listesini çıkarıp teker teker bu yazılımları kurup izlemeniz gerekecekyazılımlardan birini kurdunuz hemen diğerine geçmeyin bir süre ilk kurduğunuz yazılım yüklüyken pcyi izleyin logları takip edin he eğer temiz ise birşey yok ise diğer yazılımı kurun onu o şekilde takip edin mutlaka çıkacaktır.



  • kardes abes kacabilir :P tek tek pcleri antivirus,spam,malware,internet securty vsvs olan bi programla tara.duZ mantik viruslu olanin cok tepesine



  • 130 Tane makine olduğu için tek tek baya bir uğraştırır. Bu sistemdeki sıkıntı için başka önerisi olan yok mu?



  • @lord2oo0:

    130 Tane makine olduğu için tek tek baya bir uğraştırır. Bu sistemdeki sıkıntı için başka önerisi olan yok mu?

    • 130 makinede kurulu uygulamalar sizin kontrolünüzde olan yazılımlarmı? mutlaka içerde bişi çalışıyor
    • Crackli patchli yazılım bulunuyormu?


  • Pfsense nizde her hangi bir sorun yok, bu tür dns isteklerinin tek bir nedeni vardır. oda client makinalarınız biri yada daha fazlasında W32.Blaster.Worm virüsü vardır. Bu virüs ağ üzerinden kendini çok kolay kopyalayan ve sürekli dns sorgulaması yapan ve internet hızı düşüşü sağlayan bir virüstür. Esas görevi ise ağda çoğalmak ve veri transferi yapmasıdır. Client makinalarınızda bu virüsü temizlemeniz durumunda sorununuz düzelecektir.



  • Ayrıca mevcut yapınızda Windows ortamlı bir  DNS yada AD Serveriniz var ise bu virüsü temizleyen remowal tool ları GOP oluşturarak tüm clientlerinizde taratıp sorununuzu çözebilirsiniz. Tam Şirket Yapınızı bilmiyorum ancak Kesin çözüm bu başka bir yolu yok ne yazıkki. Yada bütün cihazlarınızdan emin olmak için tek tek tarama yapacaksınız…


Log in to reply