瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 防火墙事件的问题(附日志),朋友们帮帮忙吧

1   1  /  1  页   跳转

防火墙事件的问题(附日志),朋友们帮帮忙吧

收藏
地狱火79
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2005-04-19
  • 来自:
发表于: 2005-12-28 19:34 | 只看楼主 短消息 资料
字号: 1楼

防火墙事件的问题(附日志),朋友们帮帮忙吧

今天我一打开电脑,防火墙的报警就没停过,平均一分钟十多次,有时报警的声音就根机枪似的,大多数是平均3、4分钟一次,都是一些禁止ping入的提示,还有的是防范2003蠕虫王攻击(下面附上防火墙日志和HijackThis日志),请朋友帮我看一下,我的系统有没有问题,我应该怎么办,谢谢
最后编辑2005-12-28 21:48:24
分享到:
gototop
 
地狱火79
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2005-04-19
  • 来自:
发表于: 2005-12-28 19:38 | 只看楼主 短消息 资料
字号: 2楼

瑞星防火墙的日志,(注:###.###.###.### 为我的IP)
2005-12-28 19:26:17, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 71.49.27.186 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:25:46, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 12.166.81.192 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:24:57, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 63.144.114.2 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:23:02, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.178.40.20 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:21:51, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 60.43.32.28 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:20:46, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 220.226.177.199 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:19:56, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.17.220.50 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:19:28, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 59.148.142.93 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:17:22, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.204.71.253 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:17:02, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 203.172.50.192 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:16:44, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 220.163.7.170 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:15:16, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 24.71.67.164 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:14:04, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 82.138.209.82 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:13:11, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 208.190.165.82 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:11:03, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.254.236.40 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:09:06, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.93.79.252 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:07:37, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 59.148.74.45 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:04:17, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 217.204.59.69 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 19:01:04, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 211.169.66.28 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:57:18, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.53.116.135 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:55:53, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 68.154.34.195 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:55:28, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 216.37.120.49 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:53:17, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 202.100.210.131 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:52:29, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 71.48.147.208 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:50:21, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 210.1.73.4 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:49:52, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 129.22.124.52 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:48:35, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 210.161.11.126 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:46:53, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 204.14.153.247 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:45:49, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 70.70.74.221 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:45:32, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 60.28.46.50 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:43:00, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 211.177.230.160 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:40:13, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 69.229.98.245 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:36:59, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.12.96.2 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:36:03, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 70.106.3.34 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:34:53, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.219.140.110 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:34:39, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.136.194.140 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:32:49, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 60.216.8.130 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:29:49, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.207.31.81 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:25:02, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 60.55.239.254 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:24:12, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 24.83.213.151 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:21:00, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.239.219.16 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:19:59, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.53.188.43 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:14:28, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.237.217.47 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:13:32, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.53.188.43 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:11:46, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 222.140.26.120 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:11:01, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 69.140.217.208 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:10:38, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 66.186.255.248 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:08:13, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 210.19.211.14 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:05:11, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 210.22.206.13 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:04:42, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 59.35.255.152 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 18:04:05, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 71.103.90.244 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:58:08, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 70.173.160.45 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:56:44, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 70.70.18.232 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:56:01, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.234.160.5 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:51:43, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 211.178.16.177 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:50:58, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 82.141.192.252 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:49:09, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 68.143.97.146 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:43:34, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 24.115.182.117 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:43:06, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.93.152.140 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:43:03, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.95.42.129 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:42:52, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.93.126.188 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:42:07, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 156.17.85.20 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:41:04, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 69.218.222.35 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:40:29, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.106.101.254 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:40:26, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 60.28.46.50 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:40:25, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.93.180.177 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:38:00, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 219.41.116.52 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:37:30, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 4.227.29.146 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:36:30, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.58.250.70 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:31:01, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 222.238.109.125 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:30:08, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 203.127.16.62 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:28:40, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 68.146.218.107 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:28:04, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 69.42.161.30 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:27:03, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 220.248.229.171 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:26:15, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 220.180.18.114 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:25:15, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 218.18.189.114 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:24:13, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.92.40.242 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:16:59, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 64.254.121.181 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:16:48, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.55.209.15 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:14:38, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 202.103.232.194 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:14:12, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 68.123.233.113 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:12:22, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 24.68.157.64 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:09:40, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 58.22.226.162 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-28 17:08:23, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.92.180.202 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-25 21:42:56, 系统禁止接收UDP数据包;地址为:###.###.###.###:1434 <= 64.34.179.158:3335 ;满足规则:防范2003蠕虫王攻击(1434端口)
2005-12-25 19:44:44, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.206.231.33 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-25 19:44:40, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.206.231.33 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-25 19:44:39, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.206.231.33 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-25 19:37:14, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 61.233.184.52 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-25 01:27:20, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.216.49.44 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-23 23:26:28, 系统禁止接收ICMP数据包;地址为:###.###.###.### <= 221.17.239.44 Code=0, Type=8 ;满足规则:禁止Ping入
2005-12-23 22:58:02, 系统禁止接收UDP数据包;地址为:###.###.###.###:1434 <= 172.129.115.195:1190 ;满足规则:防范2003蠕虫王攻击(1434端口)
2005-12-23 20:37:38, 系统禁止接收UDP数据包;地址为:###.###.###.###:1434 <= 220.163.11.77:4769 ;满足规则:防范2003蠕虫王攻击(1434端口)
gototop
 
地狱火79
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2005-04-19
  • 来自:
发表于: 2005-12-28 19:39 | 只看楼主 短消息 资料
字号: 3楼

HijackThis日志

Logfile of HijackThis v1.99.1
Scan saved at 19:11:56, on 2005-12-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\###\桌面\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com (file missing)
O9 - Extra 'Tools' menuitem: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130065142859
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BB1F9F1-7A80-4838-BF76-A6C519DB84B3}: NameServer = 202.97.224.69 202.97.227.138
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
FireWall和IDS
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2005-10-20
  • 来自:
发表于: 2005-12-28 21:07 | 短消息 资料
字号: 4楼

根据HijackThis日志分析,你的主机应该没问题。
再分析你的防火墙日志。系统禁止接收ICMP数据包(Code=0, Type=8 ;满足规则:禁止Ping入)那是正常的询问报文,无大碍。(可排除PING攻击的可能性)。至于满足规则:防范2003蠕虫王攻击(1434端口)
,暂时不能确定是否遭受蠕虫攻击。
防火墙过滤数据包一般不会影响主机的性能,故没什么问题。
gototop
 
地狱火79
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2005-04-19
  • 来自:
发表于: 2005-12-28 21:19 | 只看楼主 短消息 资料
字号: 5楼

谢谢楼上的兄弟,我的机器原来不是这样的,不知道是什么原因,今天一连接上网络,防火器就不停的报警,而且有很多是同一IP的,无论我是不是在浏览网页,弄的我心里没底了,我想问一下,是不是说明我的系统存在什么漏洞,或是有什么人在拿我的机器练手,还是我设置的问题
gototop
 
七彩黄花菜萱草
头像
锋芒艾服狮
  • 帖子:1312
  • 注册: 2005-08-09
  • 来自:
发表于: 2005-12-28 21:48 | 短消息 资料
字号: 6楼

修复:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
所有(no file)或(file missing)项.

防火墙日志正常,说明成功拦截.
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT