En los últimos días, me he dado cuenta de que el registro de mi enrutador inalámbrico muestra un ataque de ACK de varias direcciones IP. Yo uso un D-Link DIR-600L. He buscado a través de Internet, también a través de esta pregunta. Pero no puedo llegar a ninguna solución. Mi ISP me recomendó cambiar las direcciones IP de DNS e ingresarlas manualmente. Al hacerlo todavía no mejoraron los resultados. De hecho, ahora algunos sitios web no se abren y obtengo HTTP Error 404
al iniciar sesión en Facebook desde Chrome, no en otros navegadores. Se borró todo el historial también, nada cambió. MalwareBytes Anti Malware mostró que mi sistema es claro. Restablecer el enrutador a los valores predeterminados de fábrica solo resuelve el problema por un período de tiempo. Utilizo una conexión PPPoE, donde un cable del ISP se conecta al enrutador y, desde allí, un cable de Ethernet a mi computadora.
Aquí hay una parte del archivo de registro que almacené recientemente en la computadora:
Mar 20 20:44:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:44:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:43:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:43:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:42:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:42:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:41:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:41:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:40:38 Port Scan Attack Detect Packet Dropped<br>
Mar 20 20:40:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:40:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:39:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:39:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:38:38 Port Scan Attack Detect Packet Dropped<br>
Mar 20 20:38:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:38:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:37:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:37:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:36:38 Port Scan Attack Detect Packet Dropped<br>
Mar 20 20:36:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:36:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:35:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:35:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:34:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:34:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:33:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:33:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:32:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:32:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:31:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:31:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:30:38 Port Scan Attack Detect Packet Dropped<br>
Mar 20 20:30:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:30:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:29:38 Per-source ACK Flood Attack Detect Packet Dropped<br>
Mar 20 20:29:38 Whole System ACK Flood Attack from WAN Rule:Default deny<br>
Mar 20 20:29:17 DHCP lease IP 192.168.0.100 to android-8d3000955a8eba27 c4-43-8f-41-c9-02<br>
Mar 20 20:29:13 Authentication Success c4-43-8f-41-c9-02<br>
Mar 20 20:29:13 Authenticating...... c4-43-8f-41-c9-02<br>
Mar 20 14:58:48 Remote management is disabled. <br>
Mar 20 14:58:48 Anti-spoofing enabled. <br>
Mar 20 14:58:48 Block WAN PING enabled. <br>
Mar 20 14:58:48 URL Blocking disabled. <br>
Mar 20 14:58:48 RTSP ALG enabled. <br>
Mar 20 14:58:48 VPN (IPsec) Pass-Through enabled. <br>
Mar 20 14:58:47 VPN (PPTP) Pass-Through enabled. <br>
Mar 20 14:58:47 VPN (L2TP) Pass-Through enabled. <br>
Mar 20 14:58:45 PPPoE line connected <br>
Mar 20 14:58:45 IPCP: secondary DNS address (X.X.X.X) <br>
Mar 20 14:58:45 IPCP: primary DNS address (Y.Y.Y.Y) <br>
Mar 20 14:58:45 IPCP: remote IP address (XX.XX.XX.XX) <br>
Mar 20 14:58:45 IPCP: local IP address (YY.YY.YY.YY) <br>
Mar 20 14:58:44 CHAP authentication succeeded <br>
Mar 20 14:58:38 PPPoE: Receive PADS <br>
Mar 20 14:58:38 PPPoE: Sending PADR <br>
Mar 20 14:58:38 WAN Dialup Try to establish PPPoE line<br>
Es interesante que casi todos los ataques se producen a intervalos de 1 minuto
¿Es esto un motivo de preocupación? Mis velocidades de navegación en Internet han bajado enormemente debido a esto.
Tengo la siguiente configuración en mi enrutador
- Comprobación contra la falsificación: ENCENDIDO
- Cortafuegos: DESACTIVADO
- DMZ: DESACTIVADO
- WPS: OFF
- Inalámbrico mejorado: DESACTIVADO
- Preámbulo: Corto
- Selección de canal: Auto
- Modo: 802.11 mixto (n / g / b)
- ancho de banda: automático
- 20 / 40Mhz coexisten: OFF
- Guardia Corta: ENCENDIDO
- UPnP: ON
- Secuencia de multidifusión: ENCENDIDO
- DNS Relay: OFF
EDIT :
Respondiendo a la pregunta de @DKNUCKLES, aquí está la salida del comando netstat -ant
:
Active Connections
Proto Local Address Foreign Address State Offload S
tate
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING InHost
TCP 127.0.0.1:5357 127.0.0.1:49708 TIME_WAIT InHost
TCP 127.0.0.1:5357 127.0.0.1:49711 TIME_WAIT InHost
TCP 127.0.0.1:5357 127.0.0.1:49712 TIME_WAIT InHost
TCP 127.0.0.1:5357 127.0.0.1:49738 TIME_WAIT InHost
TCP 127.0.0.1:5357 127.0.0.1:49744 TIME_WAIT InHost
TCP 192.168.0.100:139 0.0.0.0:0 LISTENING InHost
TCP 192.168.0.100:49713 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49718 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49722 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49723 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49728 173.252.102.241:443 ESTABLISHED InHost
TCP 192.168.0.100:49729 173.252.102.241:443 TIME_WAIT InHost
TCP 192.168.0.100:49735 31.13.79.49:443 ESTABLISHED InHost
TCP 192.168.0.100:49736 74.125.200.138:443 ESTABLISHED InHost
TCP 192.168.0.100:49737 74.125.236.132:443 ESTABLISHED InHost
TCP 192.168.0.100:49745 74.125.135.125:5222 ESTABLISHED InHost
TCP 192.168.0.100:49746 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49751 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49759 198.252.206.25:80 ESTABLISHED InHost
TCP 192.168.0.100:49760 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49767 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49787 192.168.0.1:80 TIME_WAIT InHost
TCP 192.168.0.100:49792 31.13.79.96:443 ESTABLISHED InHost
TCP [::]:135 [::]:0 LISTENING InHost
TCP [::]:445 [::]:0 LISTENING InHost
TCP [::]:554 [::]:0 LISTENING InHost
TCP [::]:2869 [::]:0 LISTENING InHost
TCP [::]:3587 [::]:0 LISTENING InHost
TCP [::]:5357 [::]:0 LISTENING InHost
TCP [::]:10243 [::]:0 LISTENING InHost
TCP [::]:49152 [::]:0 LISTENING InHost
TCP [::]:49153 [::]:0 LISTENING InHost
TCP [::]:49154 [::]:0 LISTENING InHost
TCP [::]:49155 [::]:0 LISTENING InHost
TCP [::]:49156 [::]:0 LISTENING InHost
TCP [::]:49157 [::]:0 LISTENING InHost
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3544 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49784 *:*
UDP 0.0.0.0:53772 *:*
UDP 0.0.0.0:61041 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49783 *:*
UDP 192.168.0.100:137 *:*
UDP 192.168.0.100:138 *:*
UDP 192.168.0.100:1900 *:*
UDP 192.168.0.100:49782 *:*
UDP 192.168.0.100:54659 *:*
UDP [::]:500 *:*
UDP [::]:3540 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:4500 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:49785 *:*
UDP [::]:53773 *:*
UDP [::]:61042 *:*
UDP [::1]:1900 *:*
UDP [::1]:49781 *:*
UDP [fe80::3089:dda9:e5bb:4761%13]:546 *:*
UDP [fe80::3089:dda9:e5bb:4761%13]:1900 *:*
UDP [fe80::3089:dda9:e5bb:4761%13]:49780 *:*
Sí, el tráfico corresponde al tráfico que estoy viendo en el enrutador, que se está bloqueando y detectando como un ataque de inundación ACK.