analyse de log de routeur

analyse de log de routeur - Windows & Software

Marsh Posté le 11-03-2005 à 16:19:03    

Bonjour,
 
 
j'aurais voulu savoir si si le log suivant vous paraissais suspect
 
 
en effet on retrouve assez souvent certaines IP en provenance de wanadoo
 
ca pourrais etre tout simplement un vers mais je ne sais
 
 
es ce anormal ?
 

Citation :

Thur, 03/10/2005 12:52:26 - TCP connection dropped - Source:82.237.20.97, 1701, WAN - Destination:*MON IP*, 6101, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 12:53:02 - TCP connection dropped - Source:82.253.151.141, 4731, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 12:54:38 - TCP connection dropped - Source:82.149.191.165, 4389, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 12:56:48 - TCP connection dropped - Source:141.213.11.238, 3629, WAN - Destination:*MON IP*, 3410, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 13:08:04 - TCP connection dropped - Source:82.224.108.12, 4340, WAN - Destination:*MON IP*, 17771, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 13:11:08 - TCP connection dropped - Source:82.43.164.105, 1935, WAN - Destination:*MON IP*, 1025, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 13:17:16 - TCP connection dropped - Source:82.127.19.188, 2755, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 13:21:42 - TCP connection dropped - Source:82.127.19.188, 4193, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 13:31:52 - TCP connection dropped - Source:218.62.8.70, 3701, WAN - Destination:*MON IP*, 22, LAN - 'SSH'
Thur, 03/10/2005 13:59:58 - TCP connection dropped - Source:80.189.231.116, 3972, WAN - Destination:*MON IP*, 17300, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 14:09:26 - TCP connection dropped - Source:82.228.144.70, 2060, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 14:11:44 - TCP connection dropped - Source:82.127.141.33, 1887, WAN - Destination:*MON IP*, 1025, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 14:11:44 - TCP connection dropped - Source:82.127.141.33, 1890, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 14:11:46 - TCP connection dropped - Source:82.127.141.33, 1890, WAN - Destination:*MON IP*, 139, LAN - 'Possible Port Scan'
Thur, 03/10/2005 14:11:54 - TCP connection dropped - Source:82.53.144.161, 3278, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 14:15:26 - UDP packet dropped - Source:83.192.56.89, 3008, WAN - Destination:*MON IP*, 135, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 14:23:44 - UDP packet dropped - Source:218.200.176.30, 1124, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 14:23:44 - TCP connection dropped - Source:82.52.61.118, 3925, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 14:27:14 - TCP connection dropped - Source:82.232.84.131, 4234, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 14:36:42 - TCP connection dropped - Source:217.219.145.9, 3228, WAN - Destination:*MON IP*, 21, LAN - 'FTP-ctrl'
Thur, 03/10/2005 14:52:16 - TCP connection dropped - Source:82.127.139.63, 4083, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 14:52:58 - TCP connection dropped - Source:82.157.86.159, 1676, WAN - Destination:*MON IP*, 2745, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 15:03:34 - UDP packet dropped - Source:195.89.58.57, 27327, WAN - Destination:*MON IP*, 1026, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 15:03:36 - UDP packet dropped - Source:195.67.4.11, 16804, WAN - Destination:*MON IP*, 1027, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 15:03:58 - UDP packet dropped - Source:165.146.6.246, 4412, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 15:11:20 - TCP connection dropped - Source:82.236.189.60, 1690, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 15:21:12 - UDP packet dropped - Source:218.83.153.58, 60048, WAN - Destination:*MON IP*, 1027, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 15:24:44 - TCP connection dropped - Source:60.34.186.120, 1057, WAN - Destination:*MON IP*, 5554, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 15:34:18 - UDP packet dropped - Source67.126.194.45, 2893, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Thur, 03/10/2005 21:03:28 - UDP packet dropped - Source:196.33.25.190, 29756, WAN - Destination:*MON IP*, 1026, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 21:03:30 - UDP packet dropped - Source:195.28.16.108, 13759, WAN - Destination:*MON IP*, 1027, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 21:14:00 - TCP connection dropped - Source:211.193.128.140, 2322, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 21:22:16 - TCP connection dropped - Source:218.147.68.125, 4009, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 22:05:00 - TCP connection dropped - Source:80.132.181.254, 1727, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Thur, 03/10/2005 22:47:56 - TCP connection dropped - Source:61.231.58.201, 3891, WAN - Destination:*MON IP*, 1080, LAN - 'socks proxy'
Thur, 03/10/2005 23:04:46 - TCP connection dropped - Source:218.59.36.38, 4530, WAN - Destination:*MON IP*, 21, LAN - 'FTP-ctrl'
Thur, 03/10/2005 23:26:38 - UDP packet dropped - Source:218.83.153.58, 38671, WAN - Destination:*MON IP*, 1026, LAN - 'Suspicious UDP Data'
Thur, 03/10/2005 23:44:42 - TCP connection dropped - Source:221.141.160.206, 3692, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 00:02:22 - UDP packet dropped - Source:82.127.182.15, 1025, WAN - Destination:*MON IP*, 137, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 00:03:26 - UDP packet dropped - Source:195.185.56.245, 22449, WAN - Destination:*MON IP*, 1026, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 00:03:26 - UDP packet dropped - Source:195.24.233.157, 16439, WAN - Destination:*MON IP*, 1027, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 00:03:30 - Successful administrator login - Source:192.168.1.10, 2749, LAN - Destination:192.168.1.123, 80, LAN
Fri, 03/11/2005 09:05:58 - TCP connection dropped - Source:211.200.247.81, 1210, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 09:06:28 - TCP connection dropped - Source:202.103.213.38, 7000, WAN - Destination:*MON IP*, 13351, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 09:11:00 - The Login expires after 192.168.1.10 idles for 5 minutes.
Fri, 03/11/2005 09:16:04 - TCP connection dropped - Source:64.173.8.106, 18366, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 09:25:34 - TCP connection dropped - Source:61.254.233.71, 4398, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 09:35:04 - TCP connection dropped - Source:218.19.155.151, 61999, WAN - Destination:*MON IP*, 8080, LAN - 'WEB proxy'
Fri, 03/11/2005 09:35:04 - TCP connection dropped - Source:218.19.155.151, 64535, WAN - Destination:*MON IP*, 80, LAN - 'WEB'
Fri, 03/11/2005 10:04:02 - UDP packet dropped - Source:202.99.170.59, 1219, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 10:06:16 - TCP connection dropped - Source:193.55.120.160, 1689, WAN - Destination:*MON IP*, 21, LAN - 'FTP-ctrl'
Fri, 03/11/2005 10:17:40 - TCP connection dropped - Source:82.127.19.188, 3027, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 10:27:06 - UDP packet dropped - Source:211.126.156.135, 3283, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 10:35:56 - TCP connection dropped - Source:82.127.19.188, 4376, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 10:50:20 - TCP connection dropped - Source:82.127.19.188, 1614, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 11:02:48 - TCP connection dropped - Source:82.127.19.188, 2110, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 11:07:23 - TCP connection dropped - Source:82.127.19.188, 4278, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 11:15:37 - UDP packet dropped - Source:202.9.178.33, 1139, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 11:25:35 - UDP packet dropped - Source:82.127.163.18, 1034, WAN - Destination:*MON IP*, 137, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 11:36:27 - UDP packet dropped - Source:82.127.163.18, 1033, WAN - Destination:*MON IP*, 137, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 11:44:39 - TCP connection dropped - Source:82.127.19.188, 1178, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 11:47:11 - TCP connection dropped - Source:211.238.89.217, 2545, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 12:01:33 - UDP packet dropped - Source:82.54.155.182, 3060, WAN - Destination:*MON IP*, 137, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 12:02:19 - TCP connection dropped - Source:82.127.19.188, 1323, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 12:03:27 - UDP packet dropped - Source:195.123.108.168, 11323, WAN - Destination:*MON IP*, 1026, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 12:03:27 - UDP packet dropped - Source:195.230.230.20, 21247, WAN - Destination:*MON IP*, 1027, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 12:04:59 - TCP connection dropped - Source:82.127.163.101, 4923, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 12:09:37 - UDP packet dropped - Source:219.149.41.131, 2306, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 12:09:59 - TCP connection dropped - Source:82.127.19.188, 1485, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 12:12:53 - UDP packet dropped - Source:82.54.155.182, 3057, WAN - Destination:*MON IP*, 137, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 12:25:17 - TCP connection dropped - Source:211.49.230.112, 3510, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 12:34:25 - TCP connection dropped - Source:82.127.19.188, 2378, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 12:35:53 - TCP connection dropped - Source:24.31.173.85, 2373, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 12:44:23 - TCP connection dropped - Source:82.127.248.35, 1420, WAN - Destination:*MON IP*, 1025, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 12:47:25 - TCP connection dropped - Source:82.127.19.188, 3217, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 12:51:47 - UDP packet dropped - Source:216.26.148.5, 15448, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 12:52:39 - TCP connection dropped - Source:82.127.150.144, 2856, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 12:53:27 - TCP connection dropped - Source:82.127.19.188, 2091, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:08:21 - TCP connection dropped - Source:82.127.150.144, 3320, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:14:51 - TCP connection dropped - Source:82.127.19.188, 1551, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:21:23 - TCP connection dropped - Source:82.127.19.188, 2241, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:28:01 - TCP connection dropped - Source:82.172.30.156, 4177, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:31:21 - UDP packet dropped - Source:210.254.80.80, 1450, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 13:38:55 - TCP connection dropped - Source:82.127.19.188, 2524, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:39:29 - TCP connection dropped - Source:82.127.210.65, 3045, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:45:51 - TCP connection dropped - Source:82.127.19.188, 1113, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:49:35 - TCP connection dropped - Source:222.117.17.117, 3203, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 13:50:35 - TCP connection dropped - Source:82.127.196.59, 2150, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:52:29 - TCP connection dropped - Source:82.127.19.188, 4690, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 13:57:05 - TCP connection dropped - Source:82.127.19.188, 3156, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 14:00:57 - TCP connection dropped - Source:211.22.89.250, 4801, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 14:02:43 - TCP connection dropped - Source:82.127.19.188, 2539, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 14:09:55 - TCP connection dropped - Source:82.127.19.188, 2770, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 14:22:47 - TCP connection dropped - Source:218.246.95.127, 2415, WAN - Destination:*MON IP*, 8080, LAN - 'WEB proxy'
Fri, 03/11/2005 14:34:17 - UDP packet dropped - Source:82.123.67.226, 3283, WAN - Destination:*MON IP*, 3283, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 14:48:25 - TCP connection dropped - Source:82.127.19.188, 1870, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 14:54:53 - TCP connection dropped - Source:82.127.19.188, 3900, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 14:57:17 - TCP connection dropped - Source:82.252.245.120, 3539, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:03:21 - UDP packet dropped - Source:195.175.122.71, 22852, WAN - Destination:*MON IP*, 1026, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 15:03:23 - UDP packet dropped - Source:195.21.193.234, 6445, WAN - Destination:*MON IP*, 1027, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 15:21:07 - TCP connection dropped - Source:82.127.19.188, 3852, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:27:35 - TCP connection dropped - Source:82.127.19.188, 2318, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:30:11 - UDP packet dropped - Source:202.99.177.56, 1038, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 15:33:07 - TCP connection dropped - Source:82.127.19.188, 4857, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:37:47 - TCP connection dropped - Source:82.127.19.188, 3779, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:38:15 - TCP connection dropped - Source:82.237.191.147, 2808, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:40:11 - TCP connection dropped - Source:82.51.186.222, 4241, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 15:52:07 - TCP connection dropped - Source:217.107.19.63, 2336, WAN - Destination:*MON IP*, 4899, LAN - 'Suspicious TCP Data'
Fri, 03/11/2005 15:59:15 - TCP connection dropped - Source:82.127.19.188, 3842, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 16:03:25 - Successful administrator login - Source:192.168.1.10, 3506, LAN - Destination:192.168.1.123, 80, LAN
Fri, 03/11/2005 16:07:27 - TCP connection dropped - Source:82.127.19.188, 1150, WAN - Destination:*MON IP*, 139, LAN - 'NetBIOS'
Fri, 03/11/2005 16:08:05 - UDP packet dropped - Source:61.159.62.142, 1083, WAN - Destination:*MON IP*, 1434, LAN - 'Suspicious UDP Data'
Fri, 03/11/2005 16:09:15 - The Login expires after 192.168.1.10 idles for 5 minutes.
Fri, 03/11/2005 16:14:21 - Successful administrator login - Source:192.168.1.107, 3791, LAN - Destination:192.168.1.123, 80, LAN
 
End of Log ----------

Reply

Marsh Posté le 11-03-2005 à 16:19:03   

Reply

Marsh Posté le 11-03-2005 à 20:32:39    

ton routeur le bloque ?
bon bah alors :D pourquoi tu veux te prendre la tete a savoir d'ou ca viens :)
ca peut etre n'importe quoi.


Message édité par azubal le 11-03-2005 à 20:33:52
Reply

Marsh Posté le 11-03-2005 à 20:42:07    

ok
 
merci

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed