Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 
Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum
Jazyk
Výber jazykovej mutácie:

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in  •  Maximize
The time now is 16.06.2024 - 03:18

SKFREE Forum Index » SKFree Network » Software

syn flood na nahodne ip-cky na porte 135

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 3 123 >
Author Message
ondRo
Post subject: syn flood na nahodne ip-cky na porte 135  PostPosted: 02.04.2005 - 15:26 #18297
Basic


Joined: Feb 07, 2005
Posts: 18
co by mohlo sposobovat v podstate syn flood na nahodne na sieti neexistujuce ip-cky na porte 135. "utociace" ip-cky su vzdy aktivny uzivatelia. robi mi to na routri celkom slusni zahul.
predpokladam, ze nejaky virus, ale nie som si isty. co vy na to?

vyzera to nejak takto >
alert log snortu:
[**] [100:2:1] spp_portscan: portscan status from 10.1.13.169: 214 connections across 214 hosts: TCP(214), UDP(0) [**]
04/02-15:19:02.025671

[**] [100:2:1] spp_portscan: portscan status from 10.1.11.142: 158 connections across 158 hosts: TCP(158), UDP(0) [**]
04/02-15:19:03.009267

tcpdump:
15:19:45.748108 10.1.13.206.3319 > 10.1.78.9.135: S 1972186887:1972186887(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.760503 10.1.11.142.4147 > 10.1.66.246.135: S 1978421278:1978421278(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.763543 10.1.14.228.4673 > 10.1.34.22.135: S 3070281540:3070281540(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.776817 10.1.11.142.4001 > 10.1.44.111.135: S 1968978649:1968978649(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.794424 10.1.13.169.3191 > 10.1.202.157.135: S 4046542503:4046542503(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.794434 10.1.13.169.3192 > 10.1.233.47.135: S 4046597738:4046597738(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.794434 10.1.13.169.3193 > 10.1.129.174.135: S 4046631640:4046631640(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
15:19:45.820984 10.1.14.228.4580 > 10.1.227.254.135: S 3064955097:3064955097(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
face
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 02.04.2005 - 16:26 #18298
Basic


Joined: Feb 18, 2003
Posts: 252
Location: Zvolen
virus...
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
zok
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 02.04.2005 - 16:44 #18299
Basic


Joined: Feb 04, 2005
Posts: 175
Location: Gan
presne tak Wink
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
kiwi
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 02.04.2005 - 17:34 #18300
Guru


Joined: Jan 30, 2003
Posts: 1572
blaster a ked zablokujes 135, tak to bude robit na 137,138,139 a okrem neho este bude saliet na 445, vsetky tieto porty daj blokovat
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
ondRo
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 02.04.2005 - 22:05 #18303
Basic


Joined: Feb 07, 2005
Posts: 18
vdaka za odpovede,

RE: kiwi > tie porty blokujem do netu, ale nie medzi subnetmi - kvoli win zdielaniu, asi to docasne bloknem aj tam.
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
gyro
Post subject: syn flood na nahodne ip-cky na porte 135  PostPosted: 02.04.2005 - 22:24 #18306
Majster


Joined: Okt 22, 2003
Posts: 3321
Location: Banská Bystrica - Rudlová
v prvom rade rob osvetu medzi usermi ench si updatuju wokna a pouzivaju Antivirs ... NOD, kaspersky, pripadne Osobne Firewally... HLAVNE TIE ZAPLATY.
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
kiwi
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 03.04.2005 - 10:42 #18315
Guru


Joined: Jan 30, 2003
Posts: 1572
to ondro: obavam sa ze budes musiet tie porty zablokovat uplne vsade kde ti to HW dovoli, pretoze ak mas niekde na panelaku router, tak ti je omnoho osoznejsie zablokovat odchadzajuci bordel uz na vystupe z lanky, aby ti nezabijalo radiovy spoj. Zahadzovanie takehoto trafficu na AP je nanic, pretoze ten traffic upchava radiovy spoj cez ktory lezie.
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
si
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 03.04.2005 - 10:50 #18316
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
inac ak sa nemylim, tak 135ku port na wokenne zdielanie ani nepotrebujes...
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
kiwi
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 03.04.2005 - 11:01 #18317
Guru


Joined: Jan 30, 2003
Posts: 1572
a okrem toho wokenne zdielanie na lanke nijako nebloknes a co sa tyka zdielania medzi wifi klientmi, povazujem to za luxus, pretoze ti na sto percent zdrbu AP takmer nezmyselnym trafficom
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
fleg
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 03.04.2005 - 15:03 #18318
Majster


Joined: Feb 05, 2003
Posts: 2686
Location: Topolcany
ondro nema radiove spoje o to lahsie sa mu to riesi;o)
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
ondRo
Post subject: syn flood na nahodne ip-cky na porte 135  PostPosted: 04.04.2005 - 00:13 #18322
Basic


Joined: Feb 07, 2005
Posts: 18
fleg: nie celkom, mam jeden wifi segment (1 ap Cool)
si: co ja viem, tak tu 135 treba
kiwi: blokol som to na routri medzi subnetmi. ale v main sieti mam vlan-y odelene na hw routri, a tam porty blokovat nejdu
gyro: osvetu sa snazim robit, dokonca mam v prevadzkovom poriadku, ze je potrebne si nainstalovat antivirus a sankcie pre "rozsirovacov" virusov, ale ocividne to nezabera
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
si
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 04.04.2005 - 00:20 #18323
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
ondRo: a k comu presne ju treba ? lebo co si pamatam, tak 135ku port zacali pouzivat az wokna 2k a xp, 9x ju vobec nepouzivali a zdielanie fungovalo v pohode aj medzi segmentami ak si to mal spravne nakonfigurovane...
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
ondRo
Post subject: syn flood na nahodne ip-cky na porte 135  PostPosted: 04.04.2005 - 08:27 #18326
Basic


Joined: Feb 07, 2005
Posts: 18
si: som si spomenul, ze co som napisal nie je celkom tak. port 135 potrebujes, ked sa chces pripojit na samba server z windowsov cez win sharing
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
si
Post subject: RE: syn flood na nahodne ip-cky na porte 135  PostPosted: 04.04.2005 - 08:52 #18327
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
ondRo: zaujimave, ale u mna doma tie wokna tu 135ku nepotrebuju ani na toto Smile
teda mam ju na kazdom routri zakazanu a pripojim sa v pohode aj na samba servre za viacerymi routrami aj na pracovne stanice ludi s woknami taktiez za viacerymi routrami kde je port 135 filtrovany...
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
ondRo
Post subject: syn flood na nahodne ip-cky na porte 135  PostPosted: 04.04.2005 - 09:50 #18330
Basic


Joined: Feb 07, 2005
Posts: 18
hm, no mne to bez povoleneho 135 ocividne neslo.

imho je potrebny pre komunikaciu s wins serverom
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 3 123 >
Jump to:  

SKFREE Forum Index » SKFree Network » Software
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)