Sygate firewall
Hola experto
hace poco instale una version del sygate firewall pro 5.0 porque una personita con insistencia quiere entrar en la pc que se utiliza para servidor de internet (wingate) y mails (mdaemon)
el logs que me deja en la semana te lo acerco abajo, me dicen que este seudo hacker esta usando una pc que corre windows porque esta dejando pistas por todos lados, mi pregunta es si por medio de esta informacion que el firewall deja en el log se puede rastrear al sujeto en cuestion, de ser asi existe un programa que sirva para poder atraparlo? Aunque sea dejarlo en evidencia!.
Desde ya gracias por tu dedicación
Roberto
Logs:
1 04/22/2003 18:37:05 Port Scan Minor Incoming TCP 207.33.111.35 200.45.210.7 1 04/22/2003 18:37:02 04/22/2003 18:37:02
2 04/22/2003 18:37:15 Port Scan Minor Incoming TCP 207.33.111.35 200.45.210.7 2 04/22/2003 18:37:05 04/22/2003 18:37:05
3 04/22/2003 18:37:15 Active Response Major Incoming Unknown 207.33.111.35 200.45.210.7 1 04/22/2003 18:37:07 04/22/2003 18:37:07
4 04/22/2003 18:47:07 Active Response Disengaged Information Unknown Unknown 207.33.111.35 0.0.0.0 1 04/22/2003 18:47:07 04/22/2003 18:47:07
5 04/22/2003 18:48:43 Port Scan Minor Incoming TCP 207.33.111.35 200.45.210.7 2 04/22/2003 18:48:42 04/22/2003 18:48:42
6 04/22/2003 18:48:53 Active Response Major Incoming Unknown 207.33.111.35 200.45.210.7 1 04/22/2003 18:48:43 04/22/2003 18:48:43
7 04/22/2003 18:58:49 Active Response Disengaged Information Unknown Unknown 207.33.111.35 0.0.0.0 1 04/22/2003 18:58:44 04/22/2003 18:58:44
8 04/22/2003 19:49:57 Intrusion Detection System Major Incoming UDP 200.43.215.155 200.45.210.7 1 04/22/2003 19:49:49 04/22/2003 19:49:49
9 04/22/2003 19:50:07 Active Response Major Incoming Unknown 200.43.215.155 200.45.210.7 1 04/22/2003 19:49:58 04/22/2003 19:49:58
10 04/22/2003 20:00:02 Active Response Disengaged Information Unknown Unknown 200.43.215.155 0.0.0.0 1 04/22/2003 20:00:01 04/22/2003 20:00:01
11 05/03/2003 03:06:22 Intrusion Detection System Major Incoming UDP 200.45.160.228 200.45.210.57 1 05/03/2003 03:06:21 05/03/2003 03:06:21
12 05/03/2003 03:06:32 Active Response Major Incoming Unknown 200.45.160.228 200.45.210.57 1 05/03/2003 03:06:23 05/03/2003 03:06:23
13 05/03/2003 03:16:33 Active Response Disengaged Information Unknown Unknown 200.45.160.228 0.0.0.0 1 05/03/2003 03:16:23 05/03/2003 03:16:23
14 05/03/2003 23:37:54 Port Scan Minor Incoming TCP 64.201.104.2 200.45.210.26 1 05/03/2003 23:37:50 05/03/2003 23:37:50
15 05/03/2003 23:38:04 Active Response Major Incoming Unknown 64.201.104.2 200.45.210.26 1 05/03/2003 23:37:55 05/03/2003 23:37:55
16 05/03/2003 23:47:59 Active Response Disengaged Information Unknown Unknown 64.201.104.2 0.0.0.0 1 05/03/2003 23:47:55 05/03/2003 23:47:55
17 05/05/2003 13:28:15 Port Scan Minor Incoming TCP 64.201.104.2 200.45.210.177 1 05/05/2003 13:28:08 05/05/2003 13:28:08
18 05/05/2003 13:28:25 Active Response Major Incoming Unknown 64.201.104.2 200.45.210.177 1 05/05/2003 13:28:16 05/05/2003 13:28:16
19 05/05/2003 13:38:26 Active Response Disengaged Information Unknown Unknown 64.201.104.2 0.0.0.0 1 05/05/2003 13:38:17 05/05/2003 13:38:17
20 05/05/2003 18:16:57 Port Scan Minor Incoming TCP 64.201.104.2 200.45.210.36 1 05/05/2003 18:16:54 05/05/2003 18:16:54
21 05/05/2003 18:17:07 Active Response Major Incoming Unknown 64.201.104.2 200.45.210.36 1 05/05/2003 18:16:57 05/05/2003 18:16:57
22 05/05/2003 18:26:59 Active Response Disengaged Information Unknown Unknown 64.201.104.2 0.0.0.0 1 05/05/2003 18:26:58 05/05/2003 18:26:58
23 05/06/2003 20:49:31 Intrusion Detection System Major Incoming UDP 200.82.38.101 200.45.210.134 1 05/06/2003 20:49:29 05/06/2003 20:49:29
24 05/06/2003 20:49:41 Active Response Major Incoming Unknown 200.82.38.101 200.45.210.134 1 05/06/2003 20:49:32 05/06/2003 20:49:32
25 05/06/2003 20:59:32 Active Response Disengaged Information Unknown Unknown 200.82.38.101 0.0.0.0 1 05/06/2003 20:59:32 05/06/2003 20:59:32
26 05/06/2003 21:06:13 Intrusion Detection System Major Incoming UDP 200.82.38.101 200.45.211.104 1 05/06/2003 21:06:10 05/06/2003 21:06:10
27 05/06/2003 21:06:23 Active Response Major Incoming Unknown 200.82.38.101 200.45.211.104 1 05/06/2003 21:06:14 05/06/2003 21:06:14
28 05/06/2003 21:16:24 Active Response Disengaged Information Unknown Unknown 200.82.38.101 0.0.0.0 1 05/06/2003 21:16:15 05/06/2003 21:16:15
29 05/06/2003 21:18:24 Intrusion Detection System Major Incoming UDP 200.82.38.101 200.45.211.104 1 05/06/2003 21:18:15 05/06/2003 21:18:15
30 05/06/2003 21:18:34 Active Response Major Incoming Unknown 200.82.38.101 200.45.211.104 1 05/06/2003 21:18:24 05/06/2003 21:18:24
31 05/06/2003 21:28:25 Active Response Disengaged Information Unknown Unknown 200.82.38.101 0.0.0.0 1 05/06/2003 21:28:24 05/06/2003 21:28:24
32 05/07/2003 13:12:39 Intrusion Detection System Major Incoming UDP 200.45.158.202 200.45.210.221 1 05/07/2003 13:12:30 05/07/2003 13:12:30
33 05/07/2003 13:12:49 Active Response Major Incoming Unknown 200.45.158.202 200.45.210.221 1 05/07/2003 13:12:39 05/07/2003 13:12:39
34 05/07/2003 13:22:40 Active Response Disengaged Information Unknown Unknown 200.45.158.202 0.0.0.0 1 05/07/2003 13:22:39 05/07/2003 13:22:39
35 05/07/2003 16:36:58 Intrusion Detection System Major Incoming UDP 200.45.232.80 200.45.211.191 1 05/07/2003 16:36:56 05/07/2003 16:36:56
36 05/07/2003 16:37:09 Active Response Major Incoming Unknown 200.45.232.80 200.45.211.191 1 05/07/2003 16:37:00 05/07/2003 16:37:00
37 05/07/2003 16:47:09 Active Response Disengaged Information Unknown Unknown 200.45.232.80 0.0.0.0 1 05/07/2003 16:47:00 05/07/2003 16:47:00
38 05/09/2003 20:57:15 Port Scan Minor Incoming TCP 81.203.58.99 200.45.210.129 1 05/09/2003 20:57:07 05/09/2003 20:57:07
39 05/09/2003 20:57:30 Active Response Major Incoming Unknown 81.203.58.99 200.45.210.129 1 05/09/2003 20:57:16 05/09/2003 20:57:16
40 05/09/2003 21:07:21 Active Response Disengaged Information Unknown Unknown 81.203.58.99 0.0.0.0 1 05/09/2003 21:07:17 05/09/2003 21:07:17
41 05/10/2003 00:30:19 Intrusion Detection System Major Incoming UDP 200.45.232.249 200.45.210.129 1 05/10/2003 00:30:15 05/10/2003 00:30:15
42 05/10/2003 00:30:29 Active Response Major Incoming Unknown 200.45.232.249 200.45.210.129 1 05/10/2003 00:30:19 05/10/2003 00:30:19
43 05/10/2003 00:40:20 Active Response Disengaged Information Unknown Unknown 200.45.232.249 0.0.0.0 1 05/10/2003 00:40:20 05/10/2003 00:40:20
44 05/10/2003 01:17:24 Intrusion Detection System Major Incoming UDP 200.45.232.249 200.45.210.129 1 05/10/2003 01:17:18 05/10/2003 01:17:18
45 05/10/2003 01:17:34 Active Response Major Incoming Unknown 200.45.232.249 200.45.210.129 1 05/10/2003 01:17:24 05/10/2003 01:17:24
46 05/10/2003 01:27:35 Active Response Disengaged Information Unknown Unknown 200.45.232.249 0.0.0.0 1 05/10/2003 01:27:25 05/10/2003 01:27:25
47 05/11/2003 23:25:31 Port Scan Minor Incoming TCP 218.144.121.186 200.45.210.39 1 05/11/2003 23:25:25 05/11/2003 23:25:25
48 05/11/2003 23:25:41 Active Response Major Incoming Unknown 218.144.121.186 200.45.210.39 1 05/11/2003 23:25:32 05/11/2003 23:25:32
49 05/11/2003 23:35:41 Active Response Disengaged Information Unknown Unknown 218.144.121.186 0.0.0.0 1 05/11/2003 23:35:32 05/11/2003 23:35:32
50 05/11/2003 23:54:23 Intrusion Detection...
hace poco instale una version del sygate firewall pro 5.0 porque una personita con insistencia quiere entrar en la pc que se utiliza para servidor de internet (wingate) y mails (mdaemon)
el logs que me deja en la semana te lo acerco abajo, me dicen que este seudo hacker esta usando una pc que corre windows porque esta dejando pistas por todos lados, mi pregunta es si por medio de esta informacion que el firewall deja en el log se puede rastrear al sujeto en cuestion, de ser asi existe un programa que sirva para poder atraparlo? Aunque sea dejarlo en evidencia!.
Desde ya gracias por tu dedicación
Roberto
Logs:
1 04/22/2003 18:37:05 Port Scan Minor Incoming TCP 207.33.111.35 200.45.210.7 1 04/22/2003 18:37:02 04/22/2003 18:37:02
2 04/22/2003 18:37:15 Port Scan Minor Incoming TCP 207.33.111.35 200.45.210.7 2 04/22/2003 18:37:05 04/22/2003 18:37:05
3 04/22/2003 18:37:15 Active Response Major Incoming Unknown 207.33.111.35 200.45.210.7 1 04/22/2003 18:37:07 04/22/2003 18:37:07
4 04/22/2003 18:47:07 Active Response Disengaged Information Unknown Unknown 207.33.111.35 0.0.0.0 1 04/22/2003 18:47:07 04/22/2003 18:47:07
5 04/22/2003 18:48:43 Port Scan Minor Incoming TCP 207.33.111.35 200.45.210.7 2 04/22/2003 18:48:42 04/22/2003 18:48:42
6 04/22/2003 18:48:53 Active Response Major Incoming Unknown 207.33.111.35 200.45.210.7 1 04/22/2003 18:48:43 04/22/2003 18:48:43
7 04/22/2003 18:58:49 Active Response Disengaged Information Unknown Unknown 207.33.111.35 0.0.0.0 1 04/22/2003 18:58:44 04/22/2003 18:58:44
8 04/22/2003 19:49:57 Intrusion Detection System Major Incoming UDP 200.43.215.155 200.45.210.7 1 04/22/2003 19:49:49 04/22/2003 19:49:49
9 04/22/2003 19:50:07 Active Response Major Incoming Unknown 200.43.215.155 200.45.210.7 1 04/22/2003 19:49:58 04/22/2003 19:49:58
10 04/22/2003 20:00:02 Active Response Disengaged Information Unknown Unknown 200.43.215.155 0.0.0.0 1 04/22/2003 20:00:01 04/22/2003 20:00:01
11 05/03/2003 03:06:22 Intrusion Detection System Major Incoming UDP 200.45.160.228 200.45.210.57 1 05/03/2003 03:06:21 05/03/2003 03:06:21
12 05/03/2003 03:06:32 Active Response Major Incoming Unknown 200.45.160.228 200.45.210.57 1 05/03/2003 03:06:23 05/03/2003 03:06:23
13 05/03/2003 03:16:33 Active Response Disengaged Information Unknown Unknown 200.45.160.228 0.0.0.0 1 05/03/2003 03:16:23 05/03/2003 03:16:23
14 05/03/2003 23:37:54 Port Scan Minor Incoming TCP 64.201.104.2 200.45.210.26 1 05/03/2003 23:37:50 05/03/2003 23:37:50
15 05/03/2003 23:38:04 Active Response Major Incoming Unknown 64.201.104.2 200.45.210.26 1 05/03/2003 23:37:55 05/03/2003 23:37:55
16 05/03/2003 23:47:59 Active Response Disengaged Information Unknown Unknown 64.201.104.2 0.0.0.0 1 05/03/2003 23:47:55 05/03/2003 23:47:55
17 05/05/2003 13:28:15 Port Scan Minor Incoming TCP 64.201.104.2 200.45.210.177 1 05/05/2003 13:28:08 05/05/2003 13:28:08
18 05/05/2003 13:28:25 Active Response Major Incoming Unknown 64.201.104.2 200.45.210.177 1 05/05/2003 13:28:16 05/05/2003 13:28:16
19 05/05/2003 13:38:26 Active Response Disengaged Information Unknown Unknown 64.201.104.2 0.0.0.0 1 05/05/2003 13:38:17 05/05/2003 13:38:17
20 05/05/2003 18:16:57 Port Scan Minor Incoming TCP 64.201.104.2 200.45.210.36 1 05/05/2003 18:16:54 05/05/2003 18:16:54
21 05/05/2003 18:17:07 Active Response Major Incoming Unknown 64.201.104.2 200.45.210.36 1 05/05/2003 18:16:57 05/05/2003 18:16:57
22 05/05/2003 18:26:59 Active Response Disengaged Information Unknown Unknown 64.201.104.2 0.0.0.0 1 05/05/2003 18:26:58 05/05/2003 18:26:58
23 05/06/2003 20:49:31 Intrusion Detection System Major Incoming UDP 200.82.38.101 200.45.210.134 1 05/06/2003 20:49:29 05/06/2003 20:49:29
24 05/06/2003 20:49:41 Active Response Major Incoming Unknown 200.82.38.101 200.45.210.134 1 05/06/2003 20:49:32 05/06/2003 20:49:32
25 05/06/2003 20:59:32 Active Response Disengaged Information Unknown Unknown 200.82.38.101 0.0.0.0 1 05/06/2003 20:59:32 05/06/2003 20:59:32
26 05/06/2003 21:06:13 Intrusion Detection System Major Incoming UDP 200.82.38.101 200.45.211.104 1 05/06/2003 21:06:10 05/06/2003 21:06:10
27 05/06/2003 21:06:23 Active Response Major Incoming Unknown 200.82.38.101 200.45.211.104 1 05/06/2003 21:06:14 05/06/2003 21:06:14
28 05/06/2003 21:16:24 Active Response Disengaged Information Unknown Unknown 200.82.38.101 0.0.0.0 1 05/06/2003 21:16:15 05/06/2003 21:16:15
29 05/06/2003 21:18:24 Intrusion Detection System Major Incoming UDP 200.82.38.101 200.45.211.104 1 05/06/2003 21:18:15 05/06/2003 21:18:15
30 05/06/2003 21:18:34 Active Response Major Incoming Unknown 200.82.38.101 200.45.211.104 1 05/06/2003 21:18:24 05/06/2003 21:18:24
31 05/06/2003 21:28:25 Active Response Disengaged Information Unknown Unknown 200.82.38.101 0.0.0.0 1 05/06/2003 21:28:24 05/06/2003 21:28:24
32 05/07/2003 13:12:39 Intrusion Detection System Major Incoming UDP 200.45.158.202 200.45.210.221 1 05/07/2003 13:12:30 05/07/2003 13:12:30
33 05/07/2003 13:12:49 Active Response Major Incoming Unknown 200.45.158.202 200.45.210.221 1 05/07/2003 13:12:39 05/07/2003 13:12:39
34 05/07/2003 13:22:40 Active Response Disengaged Information Unknown Unknown 200.45.158.202 0.0.0.0 1 05/07/2003 13:22:39 05/07/2003 13:22:39
35 05/07/2003 16:36:58 Intrusion Detection System Major Incoming UDP 200.45.232.80 200.45.211.191 1 05/07/2003 16:36:56 05/07/2003 16:36:56
36 05/07/2003 16:37:09 Active Response Major Incoming Unknown 200.45.232.80 200.45.211.191 1 05/07/2003 16:37:00 05/07/2003 16:37:00
37 05/07/2003 16:47:09 Active Response Disengaged Information Unknown Unknown 200.45.232.80 0.0.0.0 1 05/07/2003 16:47:00 05/07/2003 16:47:00
38 05/09/2003 20:57:15 Port Scan Minor Incoming TCP 81.203.58.99 200.45.210.129 1 05/09/2003 20:57:07 05/09/2003 20:57:07
39 05/09/2003 20:57:30 Active Response Major Incoming Unknown 81.203.58.99 200.45.210.129 1 05/09/2003 20:57:16 05/09/2003 20:57:16
40 05/09/2003 21:07:21 Active Response Disengaged Information Unknown Unknown 81.203.58.99 0.0.0.0 1 05/09/2003 21:07:17 05/09/2003 21:07:17
41 05/10/2003 00:30:19 Intrusion Detection System Major Incoming UDP 200.45.232.249 200.45.210.129 1 05/10/2003 00:30:15 05/10/2003 00:30:15
42 05/10/2003 00:30:29 Active Response Major Incoming Unknown 200.45.232.249 200.45.210.129 1 05/10/2003 00:30:19 05/10/2003 00:30:19
43 05/10/2003 00:40:20 Active Response Disengaged Information Unknown Unknown 200.45.232.249 0.0.0.0 1 05/10/2003 00:40:20 05/10/2003 00:40:20
44 05/10/2003 01:17:24 Intrusion Detection System Major Incoming UDP 200.45.232.249 200.45.210.129 1 05/10/2003 01:17:18 05/10/2003 01:17:18
45 05/10/2003 01:17:34 Active Response Major Incoming Unknown 200.45.232.249 200.45.210.129 1 05/10/2003 01:17:24 05/10/2003 01:17:24
46 05/10/2003 01:27:35 Active Response Disengaged Information Unknown Unknown 200.45.232.249 0.0.0.0 1 05/10/2003 01:27:25 05/10/2003 01:27:25
47 05/11/2003 23:25:31 Port Scan Minor Incoming TCP 218.144.121.186 200.45.210.39 1 05/11/2003 23:25:25 05/11/2003 23:25:25
48 05/11/2003 23:25:41 Active Response Major Incoming Unknown 218.144.121.186 200.45.210.39 1 05/11/2003 23:25:32 05/11/2003 23:25:32
49 05/11/2003 23:35:41 Active Response Disengaged Information Unknown Unknown 218.144.121.186 0.0.0.0 1 05/11/2003 23:35:32 05/11/2003 23:35:32
50 05/11/2003 23:54:23 Intrusion Detection...
1 Respuesta
Respuesta de pequeworld
1
<%=Texto%>
No sé decirte si se trata de un ataque intencionado la verdad. Internet es tan grande... hay gente que se dedica a buscar ordenadores que controlar para utilizarlos como puente para sus "fechorías". Vamos a ver las IPs origen de esos ataques:
207.33.111.35
200.43.215.155
200.45.160.228
200.82.38.101
200.45.158.202
200.45.232.80
81.203.58.99
200.45.232.249
218.144.121.186
200.45.44.102
200.43.234.176
66.202.3.157
Todas estas se repite sólo una vez, lo que da pie a pensar que son escaneos indiscriminados a muchas IPs, entre ellas la tuya en ese momento. Veo además que cada vez que te conectas tienes una IP diferente, con lo que es muy difícil que alguien pueda escanearte intencionadamente, a no ser que tengas algún troyano oculto que avise a atacante cada vez que te conectes, dándole tu IP de esa conexión...
La única IP que se repite bastante es:
64.201.104.2
Esta IP pertenece a:
ProxyProtector PROXYPROTECTOR (NET-64-201-104-0-1)
64.201.104.0 - 64.201.104.31
Race Technologies RACETECH (NET-64-201-96-0-1)
64.201.96.0 - 64.201.111.255
Tiene toda la pinta de ser un servicio público de navegación anónima... Quizás puedas quejarte a esa empresa de que se está utilizando un servicio suyo para realizar escaneos de puertos:
OrgTechHandle: ADMIN170-ARIN
OrgTechName: Admin
OrgTechPhone: +1-309-402-6976
OrgTechEmail: [email protected]
No olvides cerrar tu pregunta.
No sé decirte si se trata de un ataque intencionado la verdad. Internet es tan grande... hay gente que se dedica a buscar ordenadores que controlar para utilizarlos como puente para sus "fechorías". Vamos a ver las IPs origen de esos ataques:
207.33.111.35
200.43.215.155
200.45.160.228
200.82.38.101
200.45.158.202
200.45.232.80
81.203.58.99
200.45.232.249
218.144.121.186
200.45.44.102
200.43.234.176
66.202.3.157
Todas estas se repite sólo una vez, lo que da pie a pensar que son escaneos indiscriminados a muchas IPs, entre ellas la tuya en ese momento. Veo además que cada vez que te conectas tienes una IP diferente, con lo que es muy difícil que alguien pueda escanearte intencionadamente, a no ser que tengas algún troyano oculto que avise a atacante cada vez que te conectes, dándole tu IP de esa conexión...
La única IP que se repite bastante es:
64.201.104.2
Esta IP pertenece a:
ProxyProtector PROXYPROTECTOR (NET-64-201-104-0-1)
64.201.104.0 - 64.201.104.31
Race Technologies RACETECH (NET-64-201-96-0-1)
64.201.96.0 - 64.201.111.255
Tiene toda la pinta de ser un servicio público de navegación anónima... Quizás puedas quejarte a esa empresa de que se está utilizando un servicio suyo para realizar escaneos de puertos:
OrgTechHandle: ADMIN170-ARIN
OrgTechName: Admin
OrgTechPhone: +1-309-402-6976
OrgTechEmail: [email protected]
No olvides cerrar tu pregunta.
