Homeserver Forum

Mein Router - Netgear WNDR3700 hat geschrieben: [Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 23:47:23
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 23:12:44
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 23:02:23
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 22:42:48
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 22:17:22
[DoS Attack: RST Scan] from source: 93.37.139.210, port 48128, Saturday, January 23,2010 21:39:05
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 21:32:22
[DoS Attack: RST Scan] from source: 89.211.101.132, port 33919, Saturday, January 23,2010 21:30:05
[WLAN access rejected: incorrect security] from MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 21:15:10
[DoS Attack: RST Scan] from source: 93.37.139.210, port 44642, Saturday, January 23,2010 21:02:53
[DHCP IP: 192.168.1.31] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 21:00:12
[DoS Attack: RST Scan] from source: 93.37.139.210, port 35021, Saturday, January 23,2010 20:58:00
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 20:47:22
[DoS Attack: RST Scan] from source: 93.37.139.210, port 45931, Saturday, January 23,2010 20:38:49
[DoS Attack: RST Scan] from source: 93.37.139.210, port 37618, Saturday, January 23,2010 20:34:17
[DoS Attack: RST Scan] from source: 93.37.139.210, port 48981, Saturday, January 23,2010 20:04:51
[DHCP IP: 192.168.1.31] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 20:04:07
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 20:02:21
[DoS Attack: RST Scan] from source: 93.37.139.210, port 42213, Saturday, January 23,2010 20:00:31
[DoS Attack: RST Scan] from source: 93.37.139.210, port 48089, Saturday, January 23,2010 19:58:46
[DoS Attack: RST Scan] from source: 93.37.139.210, port 48509, Saturday, January 23,2010 19:32:46
[DoS Attack: RST Scan] from source: 93.37.139.210, port 40152, Saturday, January 23,2010 19:31:25
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 19:17:21
[DHCP IP: 192.168.1.41] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 19:05:58
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 17:47:20
[DoS Attack: RST Scan] from source: 92.78.16.84, port 12679, Saturday, January 23,2010 17:33:18
[DHCP IP: 192.168.1.31] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 17:26:45
[LAN access from remote] from 61.186.95.106:60128 to 192.168.1.10:80, Saturday, January 23,2010 17:06:13
[LAN access from remote] from 61.186.95.106:59854 to 192.168.1.10:80, Saturday, January 23,2010 17:06:12
[LAN access from remote] from 61.186.95.106:59607 to 192.168.1.10:80, Saturday, January 23,2010 17:06:12
[LAN access from remote] from 61.186.95.106:59343 to 192.168.1.10:80, Saturday, January 23,2010 17:06:11
[LAN access from remote] from 61.186.95.106:59089 to 192.168.1.10:80, Saturday, January 23,2010 17:06:10
[LAN access from remote] from 61.186.95.106:58816 to 192.168.1.10:80, Saturday, January 23,2010 17:06:09
[LAN access from remote] from 61.186.95.106:58550 to 192.168.1.10:80, Saturday, January 23,2010 17:06:09
[LAN access from remote] from 61.186.95.106:58256 to 192.168.1.10:80, Saturday, January 23,2010 17:06:08
[LAN access from remote] from 61.186.95.106:57985 to 192.168.1.10:80, Saturday, January 23,2010 17:06:07
[LAN access from remote] from 61.186.95.106:57712 to 192.168.1.10:80, Saturday, January 23,2010 17:06:06
[LAN access from remote] from 61.186.95.106:57435 to 192.168.1.10:80, Saturday, January 23,2010 17:06:05
[LAN access from remote] from 61.186.95.106:55994 to 192.168.1.10:80, Saturday, January 23,2010 17:06:01
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 17:02:20
[DHCP IP: 192.168.1.10] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 16:56:24
[LAN access from remote] from 61.186.95.106:57263 to 192.168.1.10:80, Saturday, January 23,2010 16:30:23
[DHCP IP: 192.168.1.31] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 16:28:08
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 15:32:20
[DoS Attack: RST Scan] from source: 92.78.16.84, port 10692, Saturday, January 23,2010 15:15:42
[admin login] from source 192.168.1.20, Saturday, January 23,2010 14:58:39
[DHCP IP: 192.168.1.3] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 14:58:16
[DHCP IP: 192.168.1.21] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 14:57:39
[DHCP IP: 192.168.1.3] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 14:47:36
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 14:47:18
[admin login] from source 192.168.1.20, Saturday, January 23,2010 14:36:28
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 14:17:26
[DHCP IP: 192.168.1.20] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 14:16:44
[DHCP IP: 192.168.1.10] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 14:16:38
[admin login failure] from source 192.168.1.41, Saturday, January 23,2010 14:16:25
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 14:15:59
[admin login] from source 192.168.1.2, Saturday, January 23,2010 14:14:42
[admin login failure] from source 192.168.1.2, Saturday, January 23,2010 14:14:37
[DHCP IP: 192.168.1.2] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 14:13:23
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 14:02:26
[Internet connected] IP address: 130.149.4.20, Saturday, January 23,2010 14:02:11
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 13:40:11
[DHCP IP: 192.168.1.31] to MAC address xx:xx:xx:xx:xx:xx, Saturday, January 23,2010 13:40:03
[DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 13:39:57
[Time synchronized with NTP server] Saturday, January 23,2010 12:39:42
[Initialized, firmware version: V1.0.4.49] Saturday, January 23,2010 12:39:42

benbehr hat geschrieben:also ich bin mir nicht sicher of ich an der richtigen stelle nach gesehen habe. Kann ich das ISS Log über den Event Viewer einsehen?

W32SVC1 hat geschrieben: #Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-01-23 00:00:14
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2010-01-23 00:00:14 W3SVC1 192.168.1.10 POST /Remote/logon.aspx ReturnUrl=%2fremote%2fDefault.aspx 443 - 130.149.216.112 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.6;+en-US;+rv:1.9.1.6)+Gecko/20091201+Firefox/3.5.6 302 0 0
2010-01-23 00:00:14 W3SVC1 192.168.1.10 GET /remote/error.aspx aspxerrorpath=/Remote/logon.aspx 443 - 130.149.216.112 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.6;+en-US;+rv:1.9.1.6)+Gecko/20091201+Firefox/3.5.6 302 0 0
2010-01-23 00:00:14 W3SVC1 192.168.1.10 GET /Remote/logon.aspx
[...]
2010-01-23 15:07:10 W3SVC1 192.168.1.10 GET /p/m/a/config/config.inc.php p=phpinfo(); 80 - 61.186.95.106 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2010-01-23 15:07:10 W3SVC1 192.168.1.10 GET /config/config.inc.php p=phpinfo(); 80 - 61.186.95.106 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2010-01-23 15:07:10 W3SVC1 192.168.1.10 GET /PHPMYADMIN/config/config.inc.php p=phpinfo(); 80 - 61.186.95.106 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2010-01-23 15:07:10 W3SVC1 192.168.1.10 GET /db/config/config.inc.php p=phpinfo(); 80 - 61.186.95.106 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2010-01-23 15:07:10 W3SVC1 192.168.1.10 GET /pma/config/config.inc.php p=phpinfo(); 80 - 61.186.95.106 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2010-01-23 15:07:10 W3SVC1 192.168.1.10 GET /phpMyAdmin/config/config.inc.php p=phpinfo(); 80 - 61.186.95.106 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-01-23 00:44:48
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2010-01-23 00:44:48 W3SVC2 127.0.0.1 GET /EnrollId/Id.aspx q=1231151793 55000 - 127.0.0.1 - 200 0 0
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-01-23 11:19:52
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2010-01-23 11:19:52 W3SVC2 192.168.1.10 GET /ClientFiles.aspx q=1264245544 55000 - 192.168.1.5 Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5) 200 0 64
2010-01-23 11:19:52 W3SVC2 192.168.1.10 GET /ClientFiles.aspx q=1264245580 55000 - 192.168.1.5 Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5) 200 0 0
2010-01-23 11:19:53 W3SVC2 192.168.1.10 HEAD /setup/setup.exe - 55000 - 192.168.1.5 Microsoft+BITS/7.5 200 0 0
2010-01-23 11:19:53 W3SVC2 192.168.1.10 HEAD /setup/WHSConnector.msi - 55000 - 192.168.1.5 Microsoft+BITS/7.5 200 0 0
2010-01-23 11:19:53 W3SVC2 192.168.1.10 HEAD /setup/WHSConnectorInstall.exe - 55000 - 192.168.1.5 Microsoft+BITS/7.5 200 0 0
2010-01-23 11:19:53 W3SVC2 192.168.1.10 HEAD /setup/WHSConnector_x64.msi - 55000 - 192.168.1.5 Microsoft+BITS/7.5 200 0 0
[...]
2010-01-23 13:01:28 W3SVC2 192.168.1.10 POST /Enroll/Enroll.aspx - 56000 ASPIREHOME\Administrator 192.168.1.3 Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5) 200 0 0
2010-01-23 13:01:31 W3SVC2 192.168.1.10 GET /EnrollId/Id.aspx q=1264251678 55000 - 192.168.1.3 Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5) 200 0 0
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-01-23 14:38:34
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2010-01-23 14:38:33 W3SVC2 127.0.0.1 GET /EnrollId/Id.aspx q=1231151793 55000 - 127.0.0.1 - 200 0 0
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-01-23 15:02:14
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2010-01-23 15:02:14 W3SVC2 127.0.0.1 GET /EnrollId/Id.aspx q=1231151793 55000 - 127.0.0.1 - 200 0 0
2010-01-23 15:04:03 W3SVC2 127.0.0.1 GET /EnrollId/Id.aspx q=1231151793 55000 - 127.0.0.1 - 200 0 0

benbehr hat geschrieben:Hi,

ich bin mir nicht ganz sicher ob ich damit hier wirklich richtig bin aber auf einen Versuch lasse ich es einfach mal ankommen. Vielen dank für die Hilfe.

Ich habe vor ein paar tagen einen neuen Router bekommen und heute das erste mal ein ordentliches Log von eben jenem zugesandt bekommen.

Für mich sieht vieles davon alles andere als nett aus. Zwei Sachen machen mir dabei besonders Gedanken.

1) [LAN access from remote] from 61.186.95.106:58256 to 192.168.1.10:80, Saturday, January 23,2010 17:06:08 usw.

Wenn man "whois 61.186.95.106" ausführt landet man bei "Asia Pacific Network Information Centre". Und mit denen habe ich eigentlich nichts zu tun. Kann ich aus dem WHS irgendwie herausbekommen was sie auf dem Server gemacht haben? Ich hoffe ja das sie nur diese Acer Seite gesehen haben und dann nicht weiter gekommen sind.

2) [DoS Attack: ACK Scan] from source: 81.169.145.103, port 993, Saturday, January 23,2010 14:02:26 oder
[DoS Attack: RST Scan] from source: 92.78.16.84, port 10692, Saturday, January 23,2010 15:15:42

Muss ich mir deshalb sorgen machen?

Allgemein:
Kann es sein das wer auch immer über xxx.homeserver.com auf mich aufmerksam geworden ist? Würdet ihr mir raten einen alternativen service für Remot zu griffe zu nutzen?

Danke für die Hilfe.
Ben