瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 电脑中毒,局域广播包,有日志,高手请进!
miclefang888 - 2009-2-2 15:22:00
近几天电脑中毒,发现局域网中的某些电脑(我的网段是:192.168.3.X)向192.168.X.X:445(X为随机变动的)发送数据包,现在这个对方的445端口会变动,现在变为6或17端口,

这是我的路由器的一些日志:


WAN Type: PPP over Ethernet (V1.43)
Display time: Thursday March 19, 2009 11:40:40
Thursday March 19, 2009 11:26:53 Blocked access attempt from 192.168.3.193: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:53 Blocked access attempt from 192.168.3.204: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:53 Blocked access attempt from 192.168.3.204: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:58 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:58 Blocked access attempt from 192.168.3.193: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:59 Blocked access attempt from 192.168.3.204: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:01 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:01 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:07 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:25 Blocked access attempt from 192.168.3.167: to 204.11.104.250:6 rule=0 (by firewall)
Thursday March 19, 2009 11:27:28 Blocked access attempt from 192.168.3.167: to 204.11.104.250:6 rule=0 (by firewall)
Thursday March 19, 2009 11:27:29 Blocked access attempt from 210.128.238.74:51829 to TCP port 443
Thursday March 19, 2009 11:27:30 Blocked access attempt from 192.168.3.56: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:32 Blocked access attempt from 210.128.238.74:51829 to TCP port 443
Thursday March 19, 2009 11:27:33 Blocked access attempt from 192.168.3.56: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:33 Blocked access attempt from 192.168.3.56: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:34 Blocked access attempt from 192.168.3.167: to 204.11.104.250:6 rule=0 (by firewall)
Thursday March 19, 2009 11:27:35 Blocked access attempt from 192.168.3.153: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:38 Blocked access attempt from 192.168.3.153: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:38 Blocked access attempt from 192.168.3.153: to 192.168.2.238:6 rule=1 (by firewall)



此为我路由器拦截的日志



附件为扫的日志,高手指点!

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)

附件: SREngLOG.rar
backway - 2009-2-2 16:07:00
那个日志是哪个电脑上的?
日志正常的
文物2 - 2009-2-2 17:01:00
什么路由器?
miclefang888 - 2009-2-2 17:10:00


引用:
原帖由 backway 于 2009-2-2 16:07:00 发表
那个日志是哪个电脑上的?
日志正常的



中毒电脑上的,

我看也好像正常,但它有向192.168.X.X发送6端口及445端口的数据包!
夲號ヱ被ジ盜 - 2009-2-2 17:11:00
下个ARP防火墙试试
http://cd001.www.duba.net/duba/install/2008/ever/KAntiarp.exe
miclefang888 - 2009-2-2 17:11:00


引用:
原帖由 文物2 于 2009-2-2 17:01:00 发表
什么路由器?



D-LINK
miclefang888 - 2009-2-3 8:51:00
有没有人能帮忙呀!
天月来了 - 2009-2-3 8:53:00
估计没多少人懂

你得看防火墙里终止什么程序访问网络,就不再出现那个

就去看对应的程序是什么
1
查看完整版本: 电脑中毒,局域广播包,有日志,高手请进!
© 2000 - 2025 Rising Corp. Ltd.