是駭客入侵嗎？防火牆log紀錄大到327KB

**curarpikt** · 2001-06-20, 08:25 PM

這是我的防火牆的紀錄：
1,[2001-Jun-19 20:42:48] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:42:50] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.59.224.21:137, Owner: SYSTEM
1,[2001-Jun-19 20:42:52] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.59.224.21:137, Owner: SYSTEM
1,[2001-Jun-19 20:42:54] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.59.224.21:137, Owner: SYSTEM
1,[2001-Jun-19 20:42:56] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:42:56] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:42:58] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:00] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:02] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:02] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:04] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.59.224.21:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:06] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.59.224.21:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:08] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.59.224.21:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:10] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->211.72.254.207:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:10] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->211.72.254.207:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:12] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->211.72.254.207:137, Owner: SYSTEM
1,[2001-Jun-19 20:43:14] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->202.106.184.3:137, Owner: SYSTEM

這樣子的紀錄該不會是指：我被裝了木馬吧，
這是我沒有用網路的狀況下哦，竟然還一直向外送資料，
不只是137port 139也有，才三天而已，
我的防火牆 log 紀錄檔已經有300多kByte了
前陣子還有一件可怕的事發生，我都沒有上傳東西，
可是電腦卻一直在上傳，重新撥接後也一樣。
Ps. 我是用中華電信ADSL 512/64
Windows98SE
Tiny Personal Firewall
沒有任何即時通訊軟體(就是icq, messangers那些)

**curarpikt** · 2001-06-20, 08:50 PM

剛剛我又發現靈異現象：

1,[2001-Jun-20 19:44:12] Rule '137 Port Interruption': Blocked: In UDP 61-216-42-180.HINET-IP.hinet.net [61.216.42.180:137]->localhost:137, Owner: SYSTEM
1,[2001-Jun-20 19:44:14] Rule '137 Port Interruption': Blocked: In UDP 61-216-42-180.HINET-IP.hinet.net [61.216.42.180:137]->localhost:137, Owner: SYSTEM
1,[2001-Jun-20 19:44:14] Rule '137 Port Interruption': Blocked: In UDP 61-216-42-180.HINET-IP.hinet.net [61.216.42.180:137]->localhost:137, Owner: SYSTEM
1,[2001-Jun-20 19:44:14] Rule '137 Port Interruption': Blocked: In UDP 61-216-42-180.HINET-IP.hinet.net [61.216.42.180:137]->localhost:137, Owner: SYSTEM
1,[2001-Jun-20 19:44:26] Rule '137 Port Interruption': Blocked: Out UDP localhost:137->210.68.8.170:137, Owner: SYSTEM
中間有些部分因為太多了，所以我就切掉了。
上面的61.216.42.180就是我自己耶，這是怎麼回事

是駭客入侵嗎？防火牆log紀錄大到327KB

主題: 是駭客入侵嗎？防火牆log紀錄大到327KB

主題工具

是駭客入侵嗎？防火牆log紀錄大到327KB

Re: 是駭客入侵嗎？防火牆log紀錄大到327KB

類似的主題

proftpd 的LOG紀錄

【求助】可否提供防火牆LOG供分析

這就是駭客入侵後的主機

這是我的防火牆所擷取到的...資料不知道是不是駭客啊！

Log紀錄檔的奇怪網址

防火牆LOG

防火牆 log

書籤

書籤

發表文章規則

連結交換

Link 2

免責聲明

搜尋

社群網路連結