+ Responder ao Tópico



  1. #1

    Padrão pacotes estranhos

    Alguem ja viu isso ? pior que passa sem controlar a banda nao sei porque, utilizo altq e passa soltinho enchendo todos os link....

    22:52:43.010946 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.012321 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.014039 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.015681 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.017200 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.018737 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.020016 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.021680 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.024443 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.026103 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.027596 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.029180 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.030602 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:43.032328 10.0.36.2 > 209.249.221.13: (frag 20182:[email protected]+)
    22:52:45.819750 10.0.36.2 > 209.249.221.13: (frag 31958:[email protected]+)
    22:52:45.821154 10.0.36.2 > 209.249.221.13: (frag 31958:[email protected]+)
    22:52:45.822605 10.0.36.2 > 209.249.221.13: (frag 31958:[email protected]+)
    22:52:45.824110 10.0.36.2 > 209.249.221.13: (frag 31958:[email protected]+)

  2. #2
    RafaelMonteiro
    Visitante

    Padrão pacotes estranhos

    pode ser algum worm em algum host windows.



  3. #3

    Padrão pacotes estranhos

    está usando altq junto com PF ?
    se estiver usando pf, verifique se as regras de scrub estao ativadas.....
    6)

  4. #4

    Padrão pacotes estranhos

    estou usando altq + Pf e tenho as regas de scrub in all



  5. #5

    Padrão Site

    Nossa.. mto estranho..
    acho que tao fazendo uma ataque pesado..
    tudo é direcionado pra esse site http://micro-fund.com/


    Micro-FUND Information!


    Dear investors,

    Seven days ago our system fell under our competitors attack. Micro-FUND had gone offline and our users were unable to access their accounts.

    To prevent such an accidents in future we have moved our system to a dedicated secure servers. Micro-FUND will get online 09-Aug-2005 to offer you the promised conditions.

    We understand your suspense. Please be patient and remember that we keep charging your interest corresponding our trade rates.

    31.07.2005 - 1.7%
    01.08.2005 - 2.0%
    02.08.2005 - 1.9%
    03.08.2005 - 2.3%
    04.08.2005 - 1.7%
    05.08.2005 - 2.0%
    06.08.2005 - 1.1%

    --
    Micro-FUND Management Team
    07-Aug-2005 3:07 GMT

  6. #6

    Padrão pacotes estranhos

    coloque assim pra ver

    scrub in all fragment reassemble
    scrub out all fragment reassemble