Log file du FW

Ici on parle de sécurité. Venez donc poser vos questions ou proposer vos solutions.

Modérateur: Barbapapa

Message par Gilbert » 21 Août 2001 07:17

Salut,

Comme on parlait "d'attaque", regarder ce que j'ai en moyenne dans mon logfile (ceci est juste le dernier email d'alerte recu :smile: :

# Time Packet Information Reason Action
1|Aug 18 01 |From:193.158.173.86 To:213.193.168.60 |default permit |block
| 18:07:28 |UDP src port:03377 dest port:62467 |<2,00> |
2|Aug 18 01 |From:61.216.22.175 To:213.193.168.60 |default permit |block
| 18:26:27 |UDP src port:03685 dest port:61927 |<2,00> |
3|Aug 18 01 |From:61.216.22.175 To:213.193.168.60 |default permit |block
| 18:26:29 |UDP src port:03685 dest port:61927 |<2,00> |
4|Aug 18 01 |From:61.216.22.175 To:213.193.168.60 |default permit |block
| 18:26:31 |UDP src port:03685 dest port:61927 |<2,00> |
5|Aug 18 01 |From:61.216.22.175 To:213.193.168.60 |default permit |block
| 18:26:33 |UDP src port:03685 dest port:61927 |<2,00> |
6|Aug 18 01 |From:61.216.22.175 To:213.193.168.60 |default permit |block
| 18:26:35 |UDP src port:03685 dest port:61927 |<2,00> |
7|Aug 18 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 18:29:54 |UDP src port:01239 dest port:62292 |<2,00> |
8|Aug 18 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 18:29:56 |UDP src port:01239 dest port:62292 |<2,00> |
9|Aug 18 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 18:29:58 |UDP src port:01239 dest port:62292 |<2,00> |
10|Aug 18 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 18:30:00 |UDP src port:01239 dest port:62292 |<2,00> |
11|Aug 18 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 18:30:02 |UDP src port:01239 dest port:62292 |<2,00> |
12|Aug 18 01 |From:61.139.60.83 To:213.193.168.60 |default permit |block
| 19:05:10 |UDP src port:63260 dest port:62292 |<2,00> |
13|Aug 18 01 |From:61.216.230.109 To:213.193.168.60 |default permit |block
| 19:06:27 |UDP src port:02163 dest port:62292 |<2,00> |
14|Aug 18 01 |From:61.216.230.109 To:213.193.168.60 |default permit |block
| 19:06:29 |UDP src port:02163 dest port:62292 |<2,00> |
15|Aug 18 01 |From:61.216.230.109 To:213.193.168.60 |default permit |block
| 19:06:31 |UDP src port:02163 dest port:62292 |<2,00> |
16|Aug 18 01 |From:61.216.230.109 To:213.193.168.60 |default permit |block
| 19:06:33 |UDP src port:02163 dest port:62292 |<2,00> |
17|Aug 18 01 |From:61.216.230.109 To:213.193.168.60 |default permit |block
| 19:06:35 |UDP src port:02163 dest port:62292 |<2,00> |
18|Aug 18 01 |From:211.74.111.230 To:213.193.168.60 |default permit |block
| 19:06:44 |UDP src port:01629 dest port:62467 |<2,00> |
19|Aug 18 01 |From:211.74.111.230 To:213.193.168.60 |default permit |block
| 19:06:46 |UDP src port:01629 dest port:62467 |<2,00> |
20|Aug 18 01 |From:211.74.111.230 To:213.193.168.60 |default permit |block
| 19:06:48 |UDP src port:01629 dest port:62467 |<2,00> |
21|Aug 18 01 |From:211.74.111.230 To:213.193.168.60 |default permit |block
| 19:06:51 |UDP src port:01629 dest port:62467 |<2,00> |
22|Aug 18 01 |From:211.74.111.230 To:213.193.168.60 |default permit |block
| 19:06:52 |UDP src port:01629 dest port:62467 |<2,00> |
23|Aug 18 01 |From:211.140.148.129 To:213.193.168.60 |default permit |block
| 19:12:46 |UDP src port:02381 dest port:62467 |<2,00> |
24|Aug 18 01 |From:211.140.148.129 To:213.193.168.60 |default permit |block
| 19:12:48 |UDP src port:02381 dest port:62467 |<2,00> |
25|Aug 18 01 |From:211.140.148.129 To:213.193.168.60 |default permit |block
| 19:12:50 |UDP src port:02381 dest port:62467 |<2,00> |
26|Aug 18 01 |From:211.140.148.129 To:213.193.168.60 |default permit |block
| 19:12:52 |UDP src port:02381 dest port:62467 |<2,00> |
27|Aug 18 01 |From:211.140.148.129 To:213.193.168.60 |default permit |block
| 19:12:54 |UDP src port:02381 dest port:62467 |<2,00> |
28|Aug 18 01 |From:212.100.160.52 To:10.1.10.40 |default permit |block
| 19:26:40 |UDP src port:00053 dest port:01633 |<2,00> |
29|Aug 18 01 |From:212.100.160.51 To:10.1.10.40 |default permit |block
| 19:26:44 |UDP src port:00053 dest port:01633 |<2,00> |
30|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:09 |TCP src port:04005 dest port:07021 |<2,00> |
31|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:09 |TCP src port:04006 dest port:07021 |<2,00> |
32|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:12 |TCP src port:04005 dest port:07021 |<2,00> |
33|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:12 |TCP src port:04006 dest port:07021 |<2,00> |
34|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:18 |TCP src port:04005 dest port:07021 |<2,00> |
35|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:18 |TCP src port:04006 dest port:07021 |<2,00> |
36|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:31 |TCP src port:04007 dest port:07021 |<2,00> |
37|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:34 |TCP src port:04007 dest port:07021 |<2,00> |
38|Aug 18 01 |From:213.193.168.71 To:213.193.168.60 |default permit |block
| 19:36:40 |TCP src port:04007 dest port:07021 |<2,00> |
39|Aug 18 01 |From:211.74.19.180 To:213.193.168.60 |default permit |block
| 19:50:41 |UDP src port:01036 dest port:62467 |<2,00> |
40|Aug 18 01 |From:211.74.19.180 To:213.193.168.60 |default permit |block
| 19:50:43 |UDP src port:01036 dest port:62467 |<2,00> |
41|Aug 18 01 |From:211.74.19.180 To:213.193.168.60 |default permit |block
| 19:50:45 |UDP src port:01036 dest port:62467 |<2,00> |
42|Aug 18 01 |From:211.74.19.180 To:213.193.168.60 |default permit |block
| 19:50:47 |UDP src port:01036 dest port:62467 |<2,00> |
43|Aug 18 01 |From:211.74.19.180 To:213.193.168.60 |default permit |block
| 19:50:49 |UDP src port:01036 dest port:62467 |<2,00> |
44|Aug 18 01 |From:202.43.89.8 To:213.193.168.60 |default permit |block
| 20:16:54 |UDP src port:03925 dest port:61492 |<2,00> |
45|Aug 18 01 |From:202.43.89.8 To:213.193.168.60 |default permit |block
| 20:16:56 |UDP src port:03925 dest port:61492 |<2,00> |
46|Aug 18 01 |From:202.43.89.8 To:213.193.168.60 |default permit |block
| 20:16:58 |UDP src port:03925 dest port:61492 |<2,00> |
47|Aug 18 01 |From:202.43.89.8 To:213.193.168.60 |default permit |block
| 20:17:00 |UDP src port:03925 dest port:61492 |<2,00> |
48|Aug 18 01 |From:202.43.89.8 To:213.193.168.60 |default permit |block
| 20:17:02 |UDP src port:03925 dest port:61492 |<2,00> |
49|Aug 18 01 |From:211.228.42.174 To:213.193.168.60 |default permit |block
| 20:37:06 |UDP src port:02925 dest port:61492 |<2,00> |
50|Aug 18 01 |From:211.228.42.174 To:213.193.168.60 |default permit |block
| 20:37:09 |UDP src port:02925 dest port:61492 |<2,00> |
51|Aug 18 01 |From:211.228.42.174 To:213.193.168.60 |default permit |block
| 20:37:11 |UDP src port:02925 dest port:61492 |<2,00> |
52|Aug 18 01 |From:211.228.42.174 To:213.193.168.60 |default permit |block
| 20:37:13 |UDP src port:02925 dest port:61492 |<2,00> |
53|Aug 18 01 |From:211.228.42.174 To:213.193.168.60 |default permit |block
| 20:37:15 |UDP src port:02925 dest port:61492 |<2,00> |
54|Aug 18 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 21:31:28 |UDP src port:01385 dest port:62189 |<2,00> |
55|Aug 18 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 21:31:30 |UDP src port:01385 dest port:62189 |<2,00> |
56|Aug 18 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 21:31:32 |UDP src port:01385 dest port:62189 |<2,00> |
57|Aug 18 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 21:31:34 |UDP src port:01385 dest port:62189 |<2,00> |
58|Aug 18 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 21:31:36 |UDP src port:01385 dest port:62189 |<2,00> |
59|Aug 18 01 |From:210.201.108.218 To:213.193.168.60 |default permit |block
| 22:13:31 |UDP src port:03782 dest port:62189 |<2,00> |
60|Aug 18 01 |From:210.201.108.218 To:213.193.168.60 |default permit |block
| 22:13:33 |UDP src port:03782 dest port:62189 |<2,00> |
61|Aug 18 01 |From:210.201.108.218 To:213.193.168.60 |default permit |block
| 22:13:35 |UDP src port:03782 dest port:62189 |<2,00> |
62|Aug 18 01 |From:210.201.108.218 To:213.193.168.60 |default permit |block
| 22:13:37 |UDP src port:03782 dest port:62189 |<2,00> |
63|Aug 18 01 |From:210.201.108.218 To:213.193.168.60 |default permit |block
| 22:13:39 |UDP src port:03782 dest port:62189 |<2,00> |
64|Aug 18 01 |From:217.128.201.59 To:213.193.168.60 |default permit |block
| 22:31:48 |ICMP type:00008 code:00000 |<2,00> |
65|Aug 18 01 |From:64.229.110.227 To:213.193.168.60 |default permit |block
| 23:04:22 |UDP src port:04474 dest port:62189 |<2,00> |
66|Aug 18 01 |From:64.229.110.227 To:213.193.168.60 |default permit |block
| 23:04:24 |UDP src port:04474 dest port:62189 |<2,00> |
67|Aug 18 01 |From:64.229.110.227 To:213.193.168.60 |default permit |block
| 23:04:26 |UDP src port:04474 dest port:62189 |<2,00> |
68|Aug 18 01 |From:64.229.110.227 To:213.193.168.60 |default permit |block
| 23:04:28 |UDP src port:04474 dest port:62189 |<2,00> |
69|Aug 18 01 |From:64.229.110.227 To:213.193.168.60 |default permit |block
| 23:04:30 |UDP src port:04474 dest port:62189 |<2,00> |
70|Aug 18 01 |From:210.200.157.31 To:213.193.168.60 |default permit |block
| 23:52:06 |UDP src port:01449 dest port:61927 |<2,00> |
71|Aug 18 01 |From:210.200.157.31 To:213.193.168.60 |default permit |block
| 23:52:08 |UDP src port:01449 dest port:61927 |<2,00> |
72|Aug 18 01 |From:210.200.157.31 To:213.193.168.60 |default permit |block
| 23:52:10 |UDP src port:01449 dest port:61927 |<2,00> |
73|Aug 18 01 |From:210.200.157.31 To:213.193.168.60 |default permit |block
| 23:52:13 |UDP src port:01449 dest port:61927 |<2,00> |
74|Aug 18 01 |From:210.200.157.31 To:213.193.168.60 |default permit |block
| 23:52:15 |UDP src port:01449 dest port:61927 |<2,00> |
75|Aug 19 01 |From:65.82.136.133 To:213.193.168.60 |default permit |block
| 00:00:13 |UDP src port:01625 dest port:62467 |<2,00> |
76|Aug 19 01 |From:65.82.136.133 To:213.193.168.60 |default permit |block
| 00:00:15 |UDP src port:01625 dest port:62467 |<2,00> |
77|Aug 19 01 |From:65.82.136.133 To:213.193.168.60 |default permit |block
| 00:00:17 |UDP src port:01625 dest port:62467 |<2,00> |
78|Aug 19 01 |From:65.82.136.133 To:213.193.168.60 |default permit |block
| 00:00:19 |UDP src port:01625 dest port:62467 |<2,00> |
79|Aug 19 01 |From:65.82.136.133 To:213.193.168.60 |default permit |block
| 00:00:21 |UDP src port:01625 dest port:62467 |<2,00> |
80|Aug 19 01 |From:194.255.38.143 To:213.193.168.60 |default permit |block
| 00:05:27 |UDP src port:02455 dest port:62189 |<2,00> |
81|Aug 19 01 |From:194.255.38.143 To:213.193.168.60 |default permit |block
| 00:05:29 |UDP src port:02455 dest port:62189 |<2,00> |
82|Aug 19 01 |From:194.255.38.143 To:213.193.168.60 |default permit |block
| 00:05:31 |UDP src port:02455 dest port:62189 |<2,00> |
83|Aug 19 01 |From:194.255.38.143 To:213.193.168.60 |default permit |block
| 00:05:33 |UDP src port:02455 dest port:62189 |<2,00> |
84|Aug 19 01 |From:194.255.38.143 To:213.193.168.60 |default permit |block
| 00:05:35 |UDP src port:02455 dest port:62189 |<2,00> |
85|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 00:54:25 |UDP src port:04776 dest port:62189 |<2,00> |
86|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 00:54:27 |UDP src port:04776 dest port:62189 |<2,00> |
87|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 00:54:29 |UDP src port:04776 dest port:62189 |<2,00> |
88|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 00:54:31 |UDP src port:04776 dest port:62189 |<2,00> |
89|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 00:54:33 |UDP src port:04776 dest port:62189 |<2,00> |
90|Aug 19 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 01:05:25 |UDP src port:04275 dest port:62292 |<2,00> |
91|Aug 19 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 01:05:27 |UDP src port:04275 dest port:62292 |<2,00> |
92|Aug 19 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 01:05:29 |UDP src port:04275 dest port:62292 |<2,00> |
93|Aug 19 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 01:05:31 |UDP src port:04275 dest port:62292 |<2,00> |
94|Aug 19 01 |From:211.171.77.133 To:213.193.168.60 |default permit |block
| 01:05:33 |UDP src port:04275 dest port:62292 |<2,00> |
95|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 01:17:27 |UDP src port:04019 dest port:62189 |<2,00> |
96|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 01:17:29 |UDP src port:04019 dest port:62189 |<2,00> |
97|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 01:17:31 |UDP src port:04019 dest port:62189 |<2,00> |
98|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 01:17:33 |UDP src port:04019 dest port:62189 |<2,00> |
99|Aug 19 01 |From:202.130.33.7 To:213.193.168.60 |default permit |block
| 01:17:35 |UDP src port:04019 dest port:62189 |<2,00> |
100|Aug 19 01 |From:217.229.38.55 To:213.193.168.60 |default permit |block
| 01:36:07 |UDP src port:02303 dest port:62467 |<2,00> |
101|Aug 19 01 |From:217.229.38.55 To:213.193.168.60 |default permit |block
| 01:36:09 |UDP src port:02303 dest port:62467 |<2,00> |
102|Aug 19 01 |From:217.229.38.55 To:213.193.168.60 |default permit |block
| 01:36:11 |UDP src port:02303 dest port:62467 |<2,00> |
103|Aug 19 01 |From:217.229.38.55 To:213.193.168.60 |default permit |block
| 01:36:13 |UDP src port:02303 dest port:62467 |<2,00> |
104|Aug 19 01 |From:217.229.38.55 To:213.193.168.60 |default permit |block
| 01:36:15 |UDP src port:02303 dest port:62467 |<2,00> |
105|Aug 19 01 |From:61.220.142.16 To:213.193.168.60 |default permit |block
| 01:42:17 |UDP src port:01860 dest port:62292 |<2,00> |
106|Aug 19 01 |From:61.220.142.16 To:213.193.168.60 |default permit |block
| 01:42:19 |UDP src port:01860 dest port:62292 |<2,00> |
107|Aug 19 01 |From:61.220.142.16 To:213.193.168.60 |default permit |block
| 01:42:21 |UDP src port:01860 dest port:62292 |<2,00> |
108|Aug 19 01 |From:61.220.142.16 To:213.193.168.60 |default permit |block
| 01:42:23 |UDP src port:01860 dest port:62292 |<2,00> |
109|Aug 19 01 |From:61.220.142.16 To:213.193.168.60 |default permit |block
| 01:42:26 |UDP src port:01860 dest port:62292 |<2,00> |
110|Aug 19 01 |From:210.68.200.15 To:213.193.168.60 |default permit |block
| 02:31:37 |UDP src port:01414 dest port:62467 |<2,00> |
111|Aug 19 01 |From:210.68.200.15 To:213.193.168.60 |default permit |block
| 02:31:39 |UDP src port:01414 dest port:62467 |<2,00> |
112|Aug 19 01 |From:210.68.200.15 To:213.193.168.60 |default permit |block
| 02:31:41 |UDP src port:01414 dest port:62467 |<2,00> |
113|Aug 19 01 |From:210.68.200.15 To:213.193.168.60 |default permit |block
| 02:31:43 |UDP src port:01414 dest port:62467 |<2,00> |
114|Aug 19 01 |From:210.68.200.15 To:213.193.168.60 |default permit |block
| 02:31:45 |UDP src port:01414 dest port:62467 |<2,00> |
115|Aug 19 01 |From:61.216.238.97 To:213.193.168.60 |default permit |block
| 02:55:41 |UDP src port:01447 dest port:61492 |<2,00> |
116|Aug 19 01 |From:61.216.238.97 To:213.193.168.60 |default permit |block
| 02:55:43 |UDP src port:01447 dest port:61492 |<2,00> |
117|Aug 19 01 |From:61.216.238.97 To:213.193.168.60 |default permit |block
| 02:55:45 |UDP src port:01447 dest port:61492 |<2,00> |
118|Aug 19 01 |From:61.216.238.97 To:213.193.168.60 |default permit |block
| 02:55:47 |UDP src port:01447 dest port:61492 |<2,00> |
119|Aug 19 01 |From:61.216.238.97 To:213.193.168.60 |default permit |block
| 02:55:49 |UDP src port:01447 dest port:61492 |<2,00> |
120|Aug 19 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 03:00:58 |UDP src port:01419 dest port:62189 |<2,00> |
121|Aug 19 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 03:01:00 |UDP src port:01419 dest port:62189 |<2,00> |
122|Aug 19 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 03:01:02 |UDP src port:01419 dest port:62189 |<2,00> |
123|Aug 19 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 03:01:04 |UDP src port:01419 dest port:62189 |<2,00> |
124|Aug 19 01 |From:200.168.121.149 To:213.193.168.60 |default permit |block
| 03:01:06 |UDP src port:01419 dest port:62189 |<2,00> |
125|Aug 19 01 |From:61.216.143.52 To:213.193.168.60 |default permit |block
| 04:26:32 |UDP src port:01719 dest port:62189 |<2,00> |
126|Aug 19 01 |From:61.216.143.52 To:213.193.168.60 |default permit |block
| 04:26:33 |UDP src port:01719 dest port:62189 |<2,00> |
127|Aug 19 01 |From:61.216.143.52 To:213.193.168.60 |default permit |block
| 04:26:36 |UDP src port:01719 dest port:62189 |<2,00> |
128|Aug 19 01 |From:61.216.143.52 To:213.193.168.60 |default permit |block
| 04:26:38 |UDP src port:01719 dest port:62189 |<2,00> |
End of Firewall Log




_________________
@+

Gilbert

<font size=-1>[ Ce Message a été édité par: Gilbert le 2001-08-21 08:19 ]</font>
Avatar de l’utilisateur
Gilbert
Casimir Team
Casimir Team
 
Message(s) : 4096
Inscription : 11 Juin 2001 01:00
Localisation : Uccle, Bruxelles

Message par MCP » 21 Août 2001 13:44

Salut Gilbert,

je suppose qu'au début, tu devais regarder les logs que ton FW t'envoyait, mais maintenant, tu ne dois même plus les lires.
Avatar de l’utilisateur
MCP
Acharné
Acharné
 
Message(s) : 1261
Inscription : 17 Juin 2001 01:00

Message par MCP » 21 Août 2001 13:56

Dans le même style, 65 probes du port http sur 50' de connection.
Plus un cheval de troie.
Donc, ne pas s'alarmer trop vite. :wink:
Avatar de l’utilisateur
MCP
Acharné
Acharné
 
Message(s) : 1261
Inscription : 17 Juin 2001 01:00

Message par Gilbert » 21 Août 2001 16:35

Salut MCP,
<!-- BBCode Quote Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=1>Quote:</font><HR></TD></TR><TR><TD><FONT SIZE=1><BLOCKQUOTE>
Le 2001-08-21 14:44, MCP a écrit:
Salut Gilbert,

je suppose qu'au début, tu devais regarder les logs que ton FW t'envoyait, mais maintenant, tu ne dois même plus les lires.
[/quote]
Oui mais je les survolent quand même à chaque coup ... Histoire de voir ce qu'il se passe :wink:
@+

Gilbert
Avatar de l’utilisateur
Gilbert
Casimir Team
Casimir Team
 
Message(s) : 4096
Inscription : 11 Juin 2001 01:00
Localisation : Uccle, Bruxelles


Retour vers Sécurité

Qui est en ligne ?

Utilisateur(s) parcourant ce forum : Aucun utilisateur inscrit