¿Qué está pasando en mi wifi? NTP y ACK STORM ataques.

Question

¿Qué está pasando en mi wifi? NTP y ACK STORM ataques.

#1 de Boink (1 votos)

6

Me pregunto si estos ataques son algo de qué preocuparse o si mi enrutador es un enrutador.

[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:12:13
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:11:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:11:29
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:11:05
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:10:32
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:09:57
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:09:15
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:08:46
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:07:31
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:06:52
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:06:23
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:05:42
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:04:43
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:04:02
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:03:38
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:02:55
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:02:24
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:01:10
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:00:47
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [60.221.254.230], Friday, May 06,2016 21:00:20
[Time synchronized with NTP server] Friday, May 06,2016 19:39:13
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 19:39:28
[DoS attack: STORM] attack packets in last 20 sec from ip [24.150.13.71], Friday, May 06,2016 18:29:19
[DoS attack: STORM] attack packets in last 20 sec from ip [24.150.13.71], Friday, May 06,2016 18:28:59

En general no le doy demasiada importancia, pero esto también ha sido un poco inestable.

[Time synchronized with NTP server] Friday, May 06,2016 05:49:10
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:49:10
[Time synchronized with NTP server] Friday, May 06,2016 05:34:01
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:34:01
[Time synchronized with NTP server] Friday, May 06,2016 05:18:51
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:18:51
[Time synchronized with NTP server] Friday, May 06,2016 05:03:43
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 05:03:43
[Time synchronized with NTP server] Friday, May 06,2016 04:48:41
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:48:41
[Time synchronized with NTP server] Friday, May 06,2016 04:33:37
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:33:37
[Time synchronized with NTP server] Friday, May 06,2016 04:18:36
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:18:36
[Time synchronized with NTP server] Friday, May 06,2016 04:03:35
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 04:03:36
[Time synchronized with NTP server] Friday, May 06,2016 03:48:34
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:48:34
[Time synchronized with NTP server] Friday, May 06,2016 03:33:34
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:33:34
[Time synchronized with NTP server] Friday, May 06,2016 03:18:31
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:18:31
[Time synchronized with NTP server] Friday, May 06,2016 03:03:28
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 03:03:28
[Time synchronized with NTP server] Friday, May 06,2016 02:48:25
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:48:26
[Time synchronized with NTP server] Friday, May 06,2016 02:33:24
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:33:24
[Time synchronized with NTP server] Friday, May 06,2016 02:18:23
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:18:24
[Time synchronized with NTP server] Friday, May 06,2016 02:03:23
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 02:03:23
[Time synchronized with NTP server] Friday, May 06,2016 01:48:21
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 01:48:22
[Time synchronized with NTP server] Friday, May 06,2016 01:33:20
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 01:33:20
[Time synchronized with NTP server] Friday, May 06,2016 01:18:18
[Internet connected] IP address: xx.xx.xx.x, Friday, May 06,2016 01:18:19
[Time synchronized with NTP server] Friday, May 06,2016 01:03:17

Apagué el reloj automático de mi computadora portátil, soy el único usuario en esta red. Todo el asunto parece un poco extraño. Cualquier idea sería muy apreciada.

denial-of-service ntp

pregunta Policks 07.05.2016 - 17:13

fuente

1 respuesta

Lea otras preguntas en las etiquetas denial-of-service ntp

¿Cómo funcionan exactamente los procesos "ocultos" [cerrado] ¿Podemos descifrar el tráfico HTTPS / SSL capturado (Meterpreter) con las claves de la memoria?

score 1 · Answer 1

El "DoS attack: STORM] ataca paquetes en los últimos 20 segundos desde ip [24.150.13.71]" proviene de su ISP (Cogeco Cable, Burlington, Ontario, Canadá (CA)). El "[DoS attack: ACK Scan] ataca los paquetes en los últimos 20 segundos desde ip [60.221.254.230]", es un escaneo o "Impresión de pie" de China. En cuanto al NTP; es posible que deba buscar la IP del servidor NTP para asegurarse de que sea válida. Utilicé enlace para resolver la IP y la ubicación geográfica. Existen algunas vulnerabilidades en algunas de las implementaciones de NTP, pero no lo haría porque su sistema puede configurarse para actualizarse cada 15 minutos y no puedo verificar la IP de NTP porque no se proporcionó. Si desea obtener más información sobre el tráfico IP en su sistema, le sugiero un paquete más rígido como el tiburón de alambre. Le dará más detalles sobre el tráfico hacia y desde su sistema. Todo dicho y hecho parece que tienes un puerto escaneado desde China. El ISP de China Unicom Shanxi, Ciudad: Taiyuan, Región: Shanxi, País: China. Eso sucede todo el tiempo.