meckl
02.02.2008, 20:03
Tag,
ich werde seit einigen Tagen angegriffen wenn ich mit Relakks surfe...
Meine Firewall Blockt es zwar, aber mir kommt es komisch vor, das es nur bei Relakks so ist...
Der Angriff kommt über das UDP Protokoll und geht über den Port 1434
Hier die Logfile:
Intrusion.Win.MSSQL.worm.Helkern 202.96.87.17 UDP 1434
Intrusion.Win.MSSQL.worm.Helkern 202.101.235.100 UDP 1434
Intrusion.Win.MSSQL.worm.Helkern 203.94.243.191 UDP 1434
Hier noch eine WhoIs abfrage von den IP's
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2005-05-20
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net
Hat jemand das selbe Problem bei Relakks?
gruß meckl
ich werde seit einigen Tagen angegriffen wenn ich mit Relakks surfe...
Meine Firewall Blockt es zwar, aber mir kommt es komisch vor, das es nur bei Relakks so ist...
Der Angriff kommt über das UDP Protokoll und geht über den Port 1434
Hier die Logfile:
Intrusion.Win.MSSQL.worm.Helkern 202.96.87.17 UDP 1434
Intrusion.Win.MSSQL.worm.Helkern 202.101.235.100 UDP 1434
Intrusion.Win.MSSQL.worm.Helkern 203.94.243.191 UDP 1434
Hier noch eine WhoIs abfrage von den IP's
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2005-05-20
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net
Hat jemand das selbe Problem bei Relakks?
gruß meckl