|
|
本帖最后由 zhaoyutg 于 2013-5-27 10:38 编辑
这段时间单位局域网中了arp,用arp -a扫描出一堆网关。于是下了一堆防火墙一个一个试,但是都没有提示有arp攻击,同时网络不间断闪断一直存在。网络配置华为3030防火墙 三层2000交换机,如图:
我在生产部赵上装的科来分析数据包地址
丢包那图我ping的是dns
第四张图是arp -a得到的真实的网关是10.6.2.1
闪断的频率大约每分钟2-3次……
防火墙日志缓冲区报文
| 1 | 2013/5/26 14:54:42 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:header check error; Receive Interface: GigabitEthernet0/1 ; proto:ICMP(8,0) ; from 10.6.2.55 10.6.2.93 ; to 116.113.81.125 61.138.85.38 ; begin time :2013/05/26 14:54:30; end time: 2013/05/26 14:54:34; total packets: 2; |
| 2 | 2013/5/26 14:55:12 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:IP spoof attack; Receive Interface: GigabitEthernet0/0 ; proto:UDP ; from 192.168.0.42:11793 ; to 116.113.83.2:22805 ; begin time :2013/05/26 14:54:53; end time: 2013/05/26 14:55:11; total packets: 4; |
| 3 | 2013/5/26 14:55:12 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:Unreachable attack; Receive Interface: GigabitEthernet0/0 GigabitEthernet0/1 ; proto:ICMP(3,3) ; from 218.29.132.206 218.29.154.14 221.215.84.158 118.212.96.24 120.82.224.169 60.29.189.2 61.167.145.58 175.21.115.218 121.28.110.190 122.193.174.172 118.80.104.197 122.139.5.147 ; to 116.113.83.2 221.221.6.228 ; begin time :2013/05/26 14:54:42; end time: 2013/05/26 14:55:12; total packets: 153; |
| 4 | 2013/5/26 14:55:12 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:Trace route attack; Receive Interface: GigabitEthernet0/0 ; proto:ICMP(11,0) ; from 116.113.83.2 ; to 116.113.31.101 ; begin time :2013/05/26 14:55:04; end time: 2013/05/26 14:55:04; total packets: 1; |
| 5 | 2013/5/26 14:55:12 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:header check error; Receive Interface: GigabitEthernet0/1 ; proto:UDP ; from 10.6.2.235:1863 10.6.2.55:8985 10.6.2.233:1863 10.6.2.81:10739 10.6.2.93:13536 10.6.2.54:4000 10.6.2.72:53636 10.6.2.72:63260 10.6.2.81:18037 10.6.2.125:9382 10.6.2.72:60512 10.6.2.72:50892 ; to 112.83.92.120:21947 115.48.201.225:1030 112.229.213.40:1863 123.5.39.80:2801 58.241.239.163:9278 112.251.88.23:1863 183.94.237.119:22263 125.42.98.17:5042 180.95.215.107:1863 119.184.118.70:3629 112.90.84.97:8000 139.226.23.219:4346 ; begin time :2013/05/26 14:54:43; end time: 2013/05/26 14:55:09; total packets: 98; |
| 6 | 2013/5/26 14:55:12 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:header check error; Receive Interface: GigabitEthernet0/1 ; proto:TCP ; from 10.6.2.81:18149 10.6.2.72:55445 10.6.2.72:55377 10.6.2.72:55511 10.6.2.72:55540 10.6.2.72:55239 10.6.2.72:55371 10.6.2.54:1245 10.6.2.54:1246 10.6.2.54:1251 10.6.2.54:1261 10.6.2.72:55265 ; to 119.188.27.169:8080 219.157.145.106:30105 110.252.131.9:8080 112.233.197.187:30100 183.187.92.130:30008 218.29.184.109:8080 122.143.2.8:8080 111.161.80.227:80 112.90.139.96:80 221.204.218.171:80 183.93.80.146:8080 123.153.235.219:30101 ; begin time :2013/05/26 14:54:43; end time: 2013/05/26 14:55:09; total packets: 55; |
| 7 | 2013/5/26 14:55:12 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:header check error; Receive Interface: GigabitEthernet0/1 ; proto:ICMP(8,0) ; from 10.6.2.93 10.6.2.105 ; to 61.138.85.38 202.99.224.8 ; begin time :2013/05/26 14:54:45; end time: 2013/05/26 14:54:56; total packets: 3; |
| 8 | 2013/5/26 14:55:42 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:IP spoof attack; Receive Interface: GigabitEthernet0/0 ; proto:UDP ; from 192.168.0.42:11793 ; to 116.113.83.2:22805 ; begin time :2013/05/26 14:55:17; end time: 2013/05/26 14:55:36; total packets: 4; |
| 9 | 2013/5/26 14:55:42 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:Unreachable attack; Receive Interface: GigabitEthernet0/0 GigabitEthernet0/1 ; proto:ICMP(3,3) ; from 60.217.235.160 10.6.2.72 60.217.235.188 125.40.54.45 221.215.84.158 139.226.66.89 125.43.104.41 219.156.119.69 124.164.232.21 61.167.145.58 122.192.246.192 175.21.115.218 ; to 116.113.83.2 116.113.83.2 202.99.224.8 116.113.83.2 221.221.6.228 ; begin time :2013/05/26 14:55:13; end time: 2013/05/26 14:55:41; total packets: 297; |
| 10 | 2013/5/26 14:55:42 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:Trace route attack; Receive Interface: GigabitEthernet0/0 ; proto:ICMP(11,0) ; from 116.113.83.2 ; to 116.113.83.1 ; begin time :2013/05/26 14:55:28; end time: 2013/05/26 14:55:28; total packets: 1; |
| 11 | 2013/5/26 14:55:42 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:header check error; Receive Interface: GigabitEthernet0/1 GigabitEthernet0/0 ; proto:UDP ; from 10.6.2.55:8985 10.6.2.235:1863 10.6.2.233:4000 10.6.2.93:13536 218.28.31.210:6748 10.6.2.81:10739 10.6.2.72:50892 10.6.2.72:61466 10.6.2.72:60512 10.6.2.55:4000 10.6.2.54:1320 10.6.2.72:56439 ; to 58.255.206.32:9418 58.241.239.163:9278 123.159.231.132:12342 119.5.180.172:9783 27.195.58.138:41980 125.39.205.66:8000 121.27.37.45:11991 180.95.215.107:1863 218.26.110.52:4292 183.94.237.119:22263 183.94.86.240:1863 112.251.88.23:1863 ; begin time :2013/05/26 14:55:12; end time: 2013/05/26 14:55:39; total packets: 109; |
| 12 | 2013/5/26 14:55:42 | MFTG0-USG3030 SEC/5/ATCKDF: | AttackType:header check error; Receive Interface: GigabitEthernet0/1 ; proto:TCP ; from 10.6.2.30:27346 10.6.2.54:1312 10.6.2.72:54654 10.6.2.72:55514 10.6.2.72:55445 10.6.2.72:55529 10.6.2.81:18195 10.6.2.72:55571 10.6.2.72:55416 10.6.2.72:55401 10.6.2.72:54908 10.6.2.72:55177 ; to 119.167.155.22:2456 112.95.243.27:80 123.131.165.107:8080 114.248.153.91:30105 219.157.145.106:30105 112.234.224.112:30105 123.125.80.88:80 61.52.138.194:30001 101.17.169.141:8080 120.7.56.136:8080 123.131.165.103:8080 110.254.13.127:8080 ; begin time :2013/05/26 14:55:13; end time: 2013/05/26 14:55:38; total packets: 40; |
|
|
发表于 2013-5-27 08:42:28
