路由报警,求助高手.

sosli · 发表于 2009-2-14 15:09:52

路由: 飞鱼星6300

00:16:47:E8:F5:C0 内网没有此MAC地址

Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:55 From WAN1 00:16:47:E8:F5:C0 202.109.97.32
Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:55 From WAN1 00:16:47:E8:F5:C0 116.24.92.183
Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 222.73.21.48
Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 202.109.97.32
Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 222.73.21.48
Feb 13 22:54:55 warning: 0 Syn attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 58.252.238.248
Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 222.93.49.98
Feb 13 22:54:50 warning: 0 Syn attack 2009.2.13 22:54:49 From WAN1 00:16:47:E8:F5:C0 61.140.102.156
Feb 13 22:54:50 warning: 0 Udp attack 2009.2.13 22:54:49 From WAN1 00:16:47:E8:F5:C0 61.129.48.15
Feb 13 22:54:50 warning: 0 Syn attack 2009.2.13 22:54:49 From WAN1 00:16:47:E8:F5:C0 120.69.244.30
Feb 13 22:54:50 warning: 0 Udp attack 2009.2.13 22:54:50 From WAN1 00:16:47:E8:F5:C0 61.129.48.15
Feb 13 22:54:50 warning: 0 Udp attack 2009.2.13 22:54:50 From WAN1 00:16:47:E8:F5:C0 58.19.17.182
Feb 13 22:54:50 warning: 0 Udp attack 2009.2.13 22:54:49 From WAN1 00:16:47:E8:F5:C0 222.73.21.48
Feb 13 22:54:50 warning: 0 Syn attack 2009.2.13 22:54:49 From WAN1 00:16:47:E8:F5:C0 222.218.157.72
Feb 13 22:54:52 warning: 0 Udp attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 61.129.48.15
Feb 13 22:54:52 warning: 0 Syn attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 218.75.35.226
Feb 13 22:54:52 warning: 0 Arp cheat 2009.2.13 22:54:52 From LAN 00:1D:7D:04:A6:65 192.168.20.192
Feb 13 22:54:52 warning: 0 Arp cheat 2009.2.13 22:54:52 From LAN 00:1D:7D:04:A6:65 192.168.20.192
Feb 13 22:54:52 warning: 0 Udp attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 222.93.49.98
Feb 13 22:54:52 warning: 0 Syn attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 222.69.96.125
Feb 13 22:54:52 warning: 0 Udp attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 202.109.97.32
Feb 13 22:54:52 warning: 0 Udp attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 222.186.22.46
Feb 13 22:54:52 warning: 0 Udp attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 202.109.97.32
Feb 13 22:54:52 warning: 0 Udp attack 2009.2.13 22:54:52 From WAN1 00:16:47:E8:F5:C0 61.129.48.15
Feb 13 22:54:55 warning: 0 Syn attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 61.185.60.246
Feb 13 22:54:55 warning: 0 Syn attack 2009.2.13 22:54:54 From WAN1 00:16:47:E8:F5:C0 219.138.227.4
Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:55 From WAN1 00:16:47:E8:F5:C0 123.157.4.66

oldjiang · 发表于 2009-2-14 21:24:12

不知如何解读这个信息
00:16:47:E8:F5:C0是wan口对端的地址？

icexplorer · 发表于 2009-2-14 21:32:54

Feb 13 22:54:55 warning: 0 Udp attack 2009.2.13 22:54:55 From WAN1 00:16:47:E8:F5:C0 202.109.97.32
是不是这个意思呢
2009.2.13 22:54:55 warning: 0 Udp attack From WAN1 00:16:47:E8:F5:C0 202.109.97.32
报警貌似为UDP FLOOD攻击,+ SYN 洪水因为同一MAC变换非常多的IP来对WAN1发送包,

Se7en · 发表于 2009-2-16 10:24:22

不用紧张，只是防火墙对每个连接做了检测，攻击次数为0，并产生的日志，把防火墙日志关了就没了。