PFSense'de mi problem var. Yoksa Local Ağda mı?

lord2oo0

Arkadaşlar makineyi sabah yeniden kurdum. Tertemiz format attım.
Hiçbir ayar yapmadan, firewall log'larına bir bakarmısınız…

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:27	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:28	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:29	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:29	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:30	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:31	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:31	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:31	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:32	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:33	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:34	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:35	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:36	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:36	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Nov 2 05:44:37	WAN	   112.216.83.69:25345	   46.196.128.103:53	UDP

Yaklaşık bu olayla 15 gün önce karşılaştım. Turksat Merkez'den Ankaradan aradılar.
Adamın söyledikleri aynen şu şekilde.
Ya saldırı yapıyorsunuz ya da sisteminizde bir problem var. Dün geceden beri 2 TB civarında DNS sorgusu yaptınız. Lütfen bu durumla ilgilenin. Yoksa internetinizi kesmek zorunda kalacağız…

Switch'leri tek tek sökerek hangi kısımda sorun bulayım dedim. Ama hepsini sökmeme rağmen local ağ'da çıkmadı. PFSensedeki ana bağlantıyı söktüğümde direkt olay durdu dediler.

PFSense de bir açık olabilme ve üzerinden botnet tarzı saldırı yapabilmeleri veya kullanabilmeleri mümkün mü? Ki mümkün görünüyor...

Ve olay sadece bu kadar da değil, engellediğim ip'lerden birisi de ona da 443 nolu SSL portundan yoğun istek gidiyordu. B D P denilen şerefsizlerin sitesi...

sgtr

Selam,

sistem loglarını kontrol ettiniz mi? Onlarında bir çıktısını paylaşır mısınız?

Sevgilerle,
SGTR

lord2oo0

System log'u da burada…

Nov 3 09:18:04	check_reload_status: Syncing firewall
Nov 3 09:16:52	syslogd: kernel boot file is /boot/kernel/kernel
Nov 3 09:16:52	syslogd: exiting on signal 15
Nov 3 09:16:52	check_reload_status: Syncing firewall
Nov 3 09:16:30	syslogd: kernel boot file is /boot/kernel/kernel
Nov 3 09:16:30	syslogd: exiting on signal 15
Nov 3 09:16:30	check_reload_status: Syncing firewall
Nov 3 09:16:10	syslogd: kernel boot file is /boot/kernel/kernel
Nov 3 09:16:10	syslogd: exiting on signal 15
Nov 3 09:15:40	php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.0.57
Nov 3 09:15:40	php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.0.57
Nov 3 09:14:57	dhclient: Creating resolv.conf
Nov 3 09:14:57	dhclient: RENEW
Nov 3 09:14:56	dhclient: Creating resolv.conf
Nov 3 09:14:56	dhclient: RENEW
Nov 3 09:12:54	dhclient: Creating resolv.conf
Nov 3 09:12:54	dhclient: RENEW
Nov 3 08:52:27	dhclient: Creating resolv.conf
Nov 3 08:52:27	dhclient: RENEW
Nov 3 08:52:26	dhclient: Creating resolv.conf
Nov 3 08:52:26	dhclient: RENEW
Nov 3 08:50:24	dhclient: Creating resolv.conf
Nov 3 08:50:24	dhclient: RENEW
Nov 3 08:29:57	dhclient: Creating resolv.conf
Nov 3 08:29:57	dhclient: RENEW
Nov 3 08:29:56	dhclient: Creating resolv.conf
Nov 3 08:29:56	dhclient: RENEW
Nov 3 08:27:54	dhclient: Creating resolv.conf
Nov 3 08:27:54	dhclient: RENEW
Nov 3 08:13:11	kernel: nfe0: link state changed to DOWN
Nov 3 08:13:11	check_reload_status: Linkup starting nfe0
Nov 3 08:09:54	apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Nov 3 08:09:54	apinger: Error while feeding rrdtool: Broken pipe
Nov 3 08:09:13	check_reload_status: Reloading filter
Nov 3 08:09:12	sshlockout[42788]: sshlockout/webConfigurator v3.0 starting up
Nov 3 08:09:12	login: login on ttyv0 as root
Nov 3 08:09:11	php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
Nov 3 08:09:08	squid[33734]: Squid Parent: child process 34297 started
Nov 3 08:09:08	php: : Starting Squid
Nov 3 08:09:06	squid[21514]: Squid Parent: child process 21713 exited with status 1
Nov 3 08:09:06	squid[21713]: The url_rewriter helpers are crashing too rapidly, need help!
Nov 3 08:09:05	check_reload_status: Syncing firewall
Nov 3 08:09:05	php: : Reloading Squid for configuration sync
Nov 3 08:09:04	check_reload_status: Syncing firewall
Nov 3 08:09:02	check_reload_status: Reloading filter
Nov 3 08:09:02	php: : Reloading Squid for configuration sync
Nov 3 08:09:01	check_reload_status: Reloading filter
Nov 3 08:09:01	php: : Reloading Squid for configuration sync
Nov 3 08:09:00	php: : Reloading Squid for configuration sync
Nov 3 08:08:59	php: : Reloading Squid for configuration sync
Nov 3 08:08:59	php: : Not calling package sync code for dependency squid of squid because some include files are missing.
Nov 3 08:08:59	php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/11/03 08:08:59| aclParseAclLine: WARNING: empty ACL: acl ext_manager_3 src squid: ERROR: No running copy'
Nov 3 08:08:59	php: : Reloading Squid for configuration sync
Nov 3 08:08:58	php: : The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2012/11/03 08:08:58| aclParseAclLine: WARNING: empty ACL: acl ext_manager_3 src squid: ERROR: No running copy'
Nov 3 08:08:58	php: : Reloading Squid for configuration sync
Nov 3 08:08:58	squid[21514]: Squid Parent: child process 21713 started
Nov 3 08:08:58	php: : Starting Squid
Nov 3 08:08:57	php: : Restarting/Starting all packages.
Nov 3 08:08:57	php: : Creating rrd update script
Nov 3 08:08:54	check_reload_status: Restarting ipsec tunnels
Nov 3 08:08:54	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
Nov 3 08:08:54	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
Nov 3 08:08:54	dnsmasq[18836]: using nameserver 62.248.80.164#53
Nov 3 08:08:54	dnsmasq[18836]: using nameserver 62.248.80.162#53
Nov 3 08:08:54	dnsmasq[18836]: reading /etc/resolv.conf
Nov 3 08:08:54	apinger: Starting Alarm Pinger, apinger(52631)
Nov 3 08:08:53	php: : SQUID is installed but not started. Not installing "filter" rules.
Nov 3 08:08:53	php: : SQUID is installed but not started. Not installing "pfearly" rules.
Nov 3 08:08:53	php: : SQUID is installed but not started. Not installing "nat" rules.
Nov 3 08:08:53	php: : Gateways status could not be determined, considering all as up/active.
Nov 3 08:08:53	php: : Gateways status could not be determined, considering all as up/active.
Nov 3 08:08:53	php: : Gateways status could not be determined, considering all as up/active.
Nov 3 08:08:53	apinger: Exiting on signal 15.
Nov 3 08:08:53	php: : rc.newwanip: on (IP address: 176.240.218.20) (interface: opt2) (real interface: bge2).
Nov 3 08:08:53	php: : rc.newwanip: Informational is starting bge2.
Nov 3 08:08:52	php: : OpenNTPD is starting up.
Nov 3 08:08:52	php: : SQUID is installed but not started. Not installing "filter" rules.
Nov 3 08:08:52	php: : SQUID is installed but not started. Not installing "pfearly" rules.
Nov 3 08:08:52	php: : SQUID is installed but not started. Not installing "nat" rules.
Nov 3 08:08:52	dnsmasq[18836]: read /etc/hosts - 2 addresses
Nov 3 08:08:52	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
Nov 3 08:08:52	dnsmasq[18836]: ignoring nameserver 127.0.0.1 - local interface
Nov 3 08:08:52	dnsmasq[18836]: using nameserver 62.248.80.164#53
Nov 3 08:08:52	dnsmasq[18836]: using nameserver 62.248.80.162#53
Nov 3 08:08:52	dnsmasq[18836]: reading /etc/resolv.conf
Nov 3 08:08:52	dnsmasq[18836]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Nov 3 08:08:52	dnsmasq[18836]: started, version 2.55 cachesize 10000
Nov 3 08:08:52	check_reload_status: Updating all dyndns
Nov 3 08:08:51	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Nov 3 08:08:51	dhcpd: All rights reserved.
Nov 3 08:08:51	dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Nov 3 08:08:51	dhcpd: Internet Systems Consortium DHCP Server 4.2.3
Nov 3 08:08:51	php: : ROUTING: setting default route to 46.196.128.1
Nov 3 08:08:51	apinger: Starting Alarm Pinger, apinger(2479)
Nov 3 08:08:51	check_reload_status: Reloading filter
Nov 3 08:08:50	apinger: Exiting on signal 15.
Nov 3 08:08:49	apinger: Starting Alarm Pinger, apinger(62086)
Nov 3 08:08:49	php: : rc.newwanip: on (IP address: 176.240.218.40) (interface: opt1) (real interface: bge3).
Nov 3 08:08:49	php: : rc.newwanip: Informational is starting bge3.
Nov 3 08:08:48	apinger: Exiting on signal 15.

seker

@lord2oo0:

Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP
Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP
Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP
Nov 2 05:44:27 WAN    112.216.83.69:25345    46.196.128.103:53 UDP

Eldeki verilere bakarak şöyle bir komplo teorisi yazabilirim ancak eldeki veriler ile doğruluğunu kanıtlayamam. :)

Anladığım kadarıyla pfSense doğrudan bridge modda çalışıyor ve 46.196.128.103 IP adresi doğrudan pfSense üzerinde. Diğer adres olan 112.216.83.69 adresi is Güney Korede görünüyor.
İlk adres Turksat'a kayıtlı olduğu için sizin adresiniz olduğunu ve sizin Koredeki bir sistemi yönetmediğinizi varsayıyorum…

Kayıtlara göre Koredeki bir IP adresi, pfSense cihazına WAN tarafından DNS istekleri gönderiyor gibi görünüyor. Büyük olasılıkla sizin sisteminzi DNS olarak kullanıyorlar gibi görünüyor.
Bu durumda benim aklıma bir kaç seçenek getiriyor...

0- Başka bir sisteme at DNS sunucuna saldırı yapmak maksadı ile sizi aracı olarak kullanıyor olabilir.
1- Birileri pfSense sisteminiz üzerinden DNS tünel yöntemi ile kendi trafiğini geçiriyor olabilir.
2- Koreden birilerini çok kızdırdınız DNS servisinizi pert edip işlerinizi aksatmak için size DOS saldırısı yapıyor.

PFSense de bir açık olabilme ve üzerinden botnet tarzı saldırı yapabilmeleri veya kullanabilmeleri mümkün mü? Ki mümkün görünüyor…

Açık olma ihtimali her zaman vardır. :) Eğer sisteminiz bir şekilde kırılmış ise botnetin parçası haline gelmiş olabilir…

Ama olmayabilir de... Trafik logundan gördüğüm kadarıyla TCP/UDP-53 portunuz WAN tarafında izinli ve birileri WAN tarafından sizi DNS olarak kullanma eğiliminde.
Firewall kurallarında WAN tarafından DNS sorularını engelleyecek bir düzenleme yaparsanız sorun çözülebilir diye düşünüyorum...

lord2oo0

Resimdeki gibi bir engelleme yaptım.
Sisteme sızları zor bir ihtiml diyeceğim ama imkansız diye bir şey yok. Dediğiniz gibi geçen gün dns iplerini yokladığımda içinde bir tanesi BDP'nin sitesinin ip adresiydi. Muhtemelen botnet'in bir parçası oldum. Ama olayı çözemedim bir türlü. Şuanda yazdığım makineden şüpheleniyorum. Büyük ihtimal sorun bunda. Çünkü PFSense'yi bir kaç kez yeniden kurdum…

lord2oo0

Arkadaşlar bu nedir? bir türlü anlayabilmiş değilim. Sürekli böyle abuk subuk ip'ler, abuk subuk portlar. Ne yaptığını bir türlü anlayabilmiş değilim…
Bir fikri olan var mı?
Yardımcı olabilecek var mı?

asetunc

Evet ustadlar bir el atmanız lazım.Ciddi bir problem gibi duruyor.

lord2oo0

3'tane WAN bacağına da bu şekilde bir kural ekleyip block yaparak sorunu çözdüm gibi görünüyor. Ama halen sorunlu makineyi bulmuş değilim. Onu nasıl bulacağım hakkında bir görüşü önerisi olan varmı? Kuralı deaktif yaptığım zaman yine başlıyor hemen…

Ntldr_missing

merhaba,

Sorunlu makineleri elinizde hiç bir tool gerekmeksizin windowsun firewall ını kullanarak tespit edebilirsiniz.

Windowsun firewall özelliğinde log tut seçeneği mevcut senaryo şöyle;

• ortamdaki makinelerin firewallları açık değilse açık hale getiriniz.
• Windows üzerindeki firewall uygulamasından log tutma özelliğini açınız.
• Log dosyasını nereye kayıt edeceğini belirtin kayıt dosyası txt formatında kayıt edeceği için sorun olmayacaktır. bu bölümü network üzerinde bir makinede  klasör oluşturun ve paylaşıma açın sonra bu klasöre everyone full yetki verin daha sonra diğer makinelerede  firewall log tutma özelliğini açarken log dosyasının nereye kayıt edileceği yerde paylaşıma açtığımız klasörü gösterebiliriz. log dosya adınada makineadi.txt şeklinde kayıt edip günlük o paylaşım klasörüne erişip logları takip edebilirsiniz…..

lord2oo0

Söylediğiniz yöntemi şüphelendiğim makinelerde deneyeceğim.
Diğer makinelerim'de deep frezee var. Ve hepsinin güvenlik duvarları kapalı…
Baya bir uğraştıracak. Umarım şüphelendiğim makinelerden birisinde çıkar.

Bir de bu log'lar içinde özellikle dikkat edeceğim birşey varmı?

Ntldr_missing

@lord2oo0:

Söylediğiniz yöntemi şüphelendiğim makinelerde deneyeceğim.
Diğer makinelerim'de deep frezee var. Ve hepsinin güvenlik duvarları kapalı…
Baya bir uğraştıracak. Umarım şüphelendiğim makinelerden birisinde çıkar.

Bir de bu log'lar içinde özellikle dikkat edeceğim birşey varmı?

sadece loglarda hangi iplere istek yapılmış onları takip etmen gerekecek

lord2oo0

ActTimeIfSourceDestinationProto
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26WAN1184.168.72.113:37924176.240.216.7:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26WAN185.214.147.66:443176.240.216.7:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:26ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:25ADSL108.162.233.15:8088.225.216.75:53UDP
 Nov 16 23:15:25WAN185.214.147.66:443176.240.216.7:53UDP

Act	Time	If	Source	Destination	Proto

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:40	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:39	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Nov 16 23:16:38	ADSL	   108.162.233.15:80	   88.225.216.75:53	UDP

Arkadaşlar nedir bu anlayamadım bir türlü. Sorunu da çözemedim. nereden geldiğinide çözemedim. Bir yardımcı olsanız. Bir el atsanı şu işe…

lord2oo0

Last 100 firewall log entries
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62355+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007309 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 11089, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49208+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.030868 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1172, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14127+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.005120 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65334, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49512+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.002778 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 17226, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 1686+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.037880 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36552, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 13356+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.027637 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63538, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 4435+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.017707 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 27298, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 22092+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007167 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44294, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 59548+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.003949 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 25668, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 12445+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.026617 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 30440, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 43427+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.018725 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 233, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14219+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.011116 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65078, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 5164+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.000435 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49282, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 58772+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.015501 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16918, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28344+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.034083 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 28689, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 16412+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.093606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36411, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28318+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.064788 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 6207, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18516+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.085998 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 23537, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 6041+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.026909 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24437, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 44843+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.045493 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 43947, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8322+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.019156 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 54902, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40777+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.019019 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 18198, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 47051+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007168 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 7407, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62963+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.019303 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49035, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40655+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.039347 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24352, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 39658+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.006576 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 13839, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 42934+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.076499 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63074, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 65507+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 60145, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45363+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.023110 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44461, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 38826+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.002185 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14992, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40990+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.008494 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1156, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18276+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.003363 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24723, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 26591+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.013306 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 33065, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 25720+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.011409 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 22394, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8598+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007895 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 5916, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 52056+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.012722 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 35730, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 17735+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.052367 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48542, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45868+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.056597 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 46019, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 48909+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.100171 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 8613, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 10615+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.074471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16646, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 45970+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.002471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24370, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 60530+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.026490 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 50136, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 24255+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.003364 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48828, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 32775+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.022804 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 56221, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 29000+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.041975 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 47994, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 28604+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.068461 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 37522, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 21780+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.025137 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 9765, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 50654+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.036244 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14639, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 64756+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.040411 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48183, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 30850+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.048267 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 31983, offset 0, flags [none], proto UDP (17), length 64)

Log'ların normal görünüm şeklide bu şekilde…

Malick

ciddi bir problem,üstadlar mutlaka yardımcı olmalı !

bence bu tür sorgular çoğumuzda vardır ama hiçbirimiz önemsemiyoruzdur.

ufak bir yardımım olabilir. Ben sistemimde daha yeni pfsense kurdum.Metro bağlantısı var ve online.Hiç client bağlantım yok ama bende de buna benzer anlam veremediğim port no'ları ile sorgular var.

lord2oo0

Yokmu önerisi olan bir arkadaş?

MrPerFormance

@lord2oo0:

Yokmu önerisi olan bir arkadaş?

pppoe sorgulamanızı pfsense mi yapıyor?

lord2oo0

Evet 3 hattım var. 2 Kablonet 1 tane ADSL.
ADSL'de Bridge olarak pppoe bağlı…

Ntldr_missing

@lord2oo0:

Last 100 firewall log entries
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62355+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007309 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 11089, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49208+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.030868 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1172, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14127+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.005120 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65334, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 49512+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.002778 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 17226, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 1686+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.037880 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36552, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 13356+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.027637 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63538, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 4435+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.017707 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 27298, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 22092+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007167 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44294, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 59548+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.003949 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 25668, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 12445+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.026617 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 30440, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 43427+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.018725 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 233, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 14219+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.011116 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 65078, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 5164+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.000435 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49282, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 58772+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.015501 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16918, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28344+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.034083 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 28689, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 16412+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.093606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 36411, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 28318+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.064788 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 6207, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18516+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.085998 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 23537, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 6041+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.026909 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24437, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 44843+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.045493 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 43947, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8322+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.019156 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 54902, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40777+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.019019 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 18198, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 47051+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007168 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 7407, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 62963+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.019303 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 49035, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40655+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.039347 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24352, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 39658+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.006576 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 13839, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 42934+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.076499 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 63074, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 65507+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007606 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 60145, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45363+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.023110 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 44461, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 38826+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.002185 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14992, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 40990+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.008494 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 1156, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 18276+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.003363 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24723, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 26591+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.013306 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 33065, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 25720+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.011409 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 22394, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 8598+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.007895 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 5916, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 52056+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.012722 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 35730, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 17735+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.052367 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48542, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:24	pf: 108.162.233.15.80 > 88.225.216.75.53: 45868+ [1au] ANY? isc.org. (36)
Nov 16 23:35:24	pf: 00:00:00.056597 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 46019, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 48909+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.100171 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 8613, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 10615+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.074471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 16646, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 45970+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.002471 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 24370, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 60530+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.026490 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 50136, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 24255+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.003364 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48828, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 32775+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.022804 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 56221, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 29000+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.041975 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 47994, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 28604+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.068461 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 37522, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 21780+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.025137 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 9765, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 50654+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.036244 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 14639, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 64756+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.040411 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 48183, offset 0, flags [none], proto UDP (17), length 64)
Nov 16 23:35:23	pf: 108.162.233.15.80 > 88.225.216.75.53: 30850+ [1au] ANY? isc.org. (36)
Nov 16 23:35:23	pf: 00:00:00.048267 rule 1/0(match): block in on pppoe0: (tos 0x0, ttl 247, id 31983, offset 0, flags [none], proto UDP (17), length 64)

Log'ların normal görünüm şeklide bu şekilde…

Merhaba,
Konu açıldığıldığından beri takip ediyorum Turksat sizin sorununuzu anlamış aslında bir önceki postumda yazacaktım sizden logların gelmesini bekledim anlattıklarınızla yaşadıklarınızı karşılaştırınca logları incelediğimizde networkünüzde muhtemel bir zombi bulunuyor bir bilgisayar da ya da birkaç bilgisayarda yüklü olan popüler ve sık kullanılan crackli program kullanıyorsanız bu yapıyor olabilir zombie ler asker gibi çalışırlar emir gelmeksizin harekete geçmezler emir geldiğinde bulundukları yerden asıl saldırıya maruz kalacak sisteme sizin sisteminiz gibi bi kaçtane daha şirketin networkünü elegeçirmişlerdir saldırı başlar!!! bu durumda zombi kodunu yazan kişi antivirüs ve firewall ların zayıf noktalarını ele alaraktan kodu geliştirip yazıyor dolayısıyla biçok antivirüs ve firewallar butür zararlı kod taşıyan paketleri tanıyamıyorlar yada kendini güvenli bir noktadan geliyormuş gibi gösterirler  o yüzden şunu deneyin sıfır yeni pc sistemi kurun üzerinde hiç birşey olmasın sadece windows ve makinenin driverlarını yükleyin sonra bu makineyi internete çıkarın ve hem windows firewall loglarından hemde pfsensedeki bu makineye ait logları takip ediniz. Muhtemelen bu yeni kurduğunuz pc temiz çıkacak yapacağınız diğer kullanıcılarda yüklü olan yazılımların listesini çıkarıp teker teker bu yazılımları kurup izlemeniz gerekecekyazılımlardan birini kurdunuz hemen diğerine geçmeyin bir süre ilk kurduğunuz yazılım yüklüyken pcyi izleyin logları takip edin he eğer temiz ise birşey yok ise diğer yazılımı kurun onu o şekilde takip edin mutlaka çıkacaktır.

agasar_ts61

kardes abes kacabilir :P tek tek pcleri antivirus,spam,malware,internet securty vsvs olan bi programla tara.duZ mantik viruslu olanin cok tepesine

lord2oo0

130 Tane makine olduğu için tek tek baya bir uğraştırır. Bu sistemdeki sıkıntı için başka önerisi olan yok mu?