dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1689
share rss forum feed


EzraMod

@rdsnet.ro

1 edit

ZyWall5 - URGEN HELP ME

Hello , please help me because i don't know what to do:
See LOG:
2 2013-02-12 19:38:16 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
3 2013-02-12 19:38:16 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
4 2013-02-12 19:38:14 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
5 2013-02-12 19:38:14 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
6 2013-02-12 19:38:12 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
7 2013-02-12 19:38:12 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
8 2013-02-12 19:38:11 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
9 2013-02-12 19:38:11 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
10 2013-02-12 19:38:09 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
11 2013-02-12 19:38:09 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
12 2013-02-12 19:38:08 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
13 2013-02-12 19:38:08 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
14 2013-02-12 19:38:07 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
15 2013-02-12 19:38:07 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
16 2013-02-12 19:38:06 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
17 2013-02-12 19:38:06 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
18 2013-02-12 19:38:06 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 x.x.x.x:19936 ACCESS DROPPED
19 2013-02-12 19:38:06 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 x.x.x.x:19936 ACCESS DROPPED
20 2013-02-12 19:37:52 Firewall default policy: UDP (W1 to W1/ZW) 84.232.155.197:14082 x.x.x.x:52752 ACCESS DROPPED
21 2013-02-12 19:37:05 WAN interface gets IP:x.x.x.x WAN1
22 2013-02-12 19:37:05 ppp:IPCP Opening
23 2013-02-12 19:37:05 ppp:IPCP Starting
24 2013-02-12 19:37:05 ppp:PAP Opening
25 2013-02-12 19:37:05 ppp:LCP Opening
26 2013-02-12 19:37:02 ppp:LCP Starting
27 2013-02-12 19:37:02 board 0 line 0 channel 0, call 14, C02 OutCall Connected 100000000 CALL DETAIL RECORD
28 2013-02-12 19:37:02 board 0 line 0 channel 0, call 14, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
29 2013-02-12 19:37:02 ppp:IPCP Closing
30 2013-02-12 19:37:02 ppp:LCP Closing
31 2013-02-12 19:37:02 board 0 line 0 channel 0, call 13, C02 Call Terminated CALL DETAIL RECORD
32 2013-02-12 19:36:42 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
33 2013-02-12 19:36:42 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
34 2013-02-12 19:36:41 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
35 2013-02-12 19:36:41 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
36 2013-02-12 19:36:39 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
37 2013-02-12 19:36:39 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
38 2013-02-12 19:36:38 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
39 2013-02-12 19:36:38 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
40 2013-02-12 19:36:36 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
41 2013-02-12 19:36:36 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
42 2013-02-12 19:36:34 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
43 2013-02-12 19:36:34 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
44 2013-02-12 19:36:34 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
45 2013-02-12 19:36:34 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
46 2013-02-12 19:36:33 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
47 2013-02-12 19:36:33 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
48 2013-02-12 19:36:33 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.123:3478 y.y.y.y:19894 ACCESS DROPPED
49 2013-02-12 19:36:33 Firewall default policy: UDP (W1 to W1/ZW) 87.248.104.124:3479 y.y.y.y:19894 ACCESS DROPPED
50 2013-02-12 19:36:24 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
51 2013-02-12 19:36:08 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
52 2013-02-12 19:35:59 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
53 2013-02-12 19:35:56 Firewall default policy: TCP (W1 to W1/ZW) 92.149.105.219:49547 y.y.y.y:10398 ACCESS DROPPED
54 2013-02-12 19:35:55 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
55 2013-02-12 19:35:53 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
56 2013-02-12 19:35:52 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
57 2013-02-12 19:35:51 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
58 2013-02-12 19:35:50 Firewall default policy: TCP (W1 to W1/ZW) 92.149.105.219:49547 y.y.y.y:10398 ACCESS DROPPED
59 2013-02-12 19:35:50 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
60 2013-02-12 19:35:49 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
61 2013-02-12 19:35:48 Firewall default policy: UDP (W1 to W1/ZW) 94.59.4.130:54505 y.y.y.y:443 ACCESS DROPPED
62 2013-02-12 19:35:48 Firewall default policy: TCP (W1 to W1/ZW) 94.59.4.130:57526 y.y.y.y:443 ACCESS DROPPED
63 2013-02-12 19:35:47 Firewall default policy: UDP (W1 to W1/ZW) 92.149.105.219:48292 y.y.y.y:10398 ACCESS DROPPED
64 2013-02-12 19:35:47 Firewall default policy: TCP (W1 to W1/ZW) 92.149.105.219:49547 y.y.y.y:10398 ACCESS DROPPED
65 2013-02-12 19:35:37 WAN1 connection is up. WAN1
66 2013-02-12 19:35:37 WAN interface gets IP:y.y.y.y WAN1
67 2013-02-12 19:35:37 ppp:IPCP Opening
68 2013-02-12 19:35:37 ppp:IPCP Starting
69 2013-02-12 19:35:37 ppp:PAP Opening
70 2013-02-12 19:35:37 ppp:LCP Opening
71 2013-02-12 19:35:34 ppp:LCP Starting
72 2013-02-12 19:35:34 board 0 line 0 channel 0, call 13, C02 OutCall Connected 100000000 CALL DETAIL RECORD
73 2013-02-12 19:35:33 board 0 line 0 channel 0, call 13, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
74 2013-02-12 19:35:33 board 0 line 0 channel 0, call 12, C02 Call Terminated CALL DETAIL RECORD
75 2013-02-12 19:35:33 ppp:LCP Closing
76 2013-02-12 19:35:33 ppp:PAP Shutdown
77 2013-02-12 19:35:33 ppp:LCP Opening
78 2013-02-12 19:35:30 ppp:LCP Starting
79 2013-02-12 19:35:30 board 0 line 0 channel 0, call 12, C02 OutCall Connected 100000000 CALL DETAIL RECORD
80 2013-02-12 19:35:30 board 0 line 0 channel 0, call 12, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
81 2013-02-12 19:35:30 board 0 line 0 channel 0, call 11, C02 Call Terminated CALL DETAIL RECORD
82 2013-02-12 19:35:30 ppp:LCP Closing
83 2013-02-12 19:35:30 ppp:PAP Shutdown
84 2013-02-12 19:35:29 ppp:LCP Opening
85 2013-02-12 19:35:27 ppp:LCP Starting
86 2013-02-12 19:35:27 board 0 line 0 channel 0, call 11, C02 OutCall Connected 100000000 CALL DETAIL RECORD
87 2013-02-12 19:35:25 board 0 line 0 channel 0, call 11, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
88 2013-02-12 19:35:24 board 0 line 0 channel 0, call 10, C02 Call Terminated CALL DETAIL RECORD
89 2013-02-12 19:35:24 ppp:LCP Closing
90 2013-02-12 19:35:24 ppp:PAP Shutdown
91 2013-02-12 19:35:24 ppp:LCP Opening
92 2013-02-12 19:35:21 ppp:LCP Starting
93 2013-02-12 19:35:21 board 0 line 0 channel 0, call 10, C02 OutCall Connected 100000000 CALL DETAIL RECORD
94 2013-02-12 19:35:21 board 0 line 0 channel 0, call 10, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
95 2013-02-12 19:35:21 board 0 line 0 channel 0, call 9, C02 Call Terminated CALL DETAIL RECORD
96 2013-02-12 19:35:21 ppp:LCP Closing
97 2013-02-12 19:35:21 ppp:PAP Shutdown
98 2013-02-12 19:35:20 ppp:LCP Opening
99 2013-02-12 19:35:20 DHCP server assigns IP:192.168.1.33 to boul-PC(00:25:22:AD:20:82).
100 2013-02-12 19:35:18 ppp:LCP Starting
101 2013-02-12 19:35:18 board 0 line 0 channel 0, call 9, C02 OutCall Connected 100000000 CALL DETAIL RECORD
102 2013-02-12 19:35:17 board 0 line 0 channel 0, call 9, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
103 2013-02-12 19:35:16 DHCP server assigns IP:192.168.1.34 to WIN-B7JAVPI6JTH(BC:5F:F4:38:1F:66).
104 2013-02-12 19:22:04 ppp:IPCP Closing
105 2013-02-12 19:22:04 ppp:LCP Closing
106 2013-02-12 19:22:04 board 0 line 0 channel 0, call 8, C02 Call Terminated CALL DETAIL RECORD
107 2013-02-12 19:22:02 WAN1 connection is down. WAN1
108 2013-02-12 19:21:50 Firewall default policy: UDP (W1 to W1/ZW) 94.96.52.248:58747 79.115.94.37:29842 ACCESS DROPPED
109 2013-02-12 19:21:49 Firewall default policy: UDP (W1 to W1/ZW) 24.42.49.228:40976 79.115.94.37:29842 ACCESS DROPPED
110 2013-02-12 19:21:49 Firewall default policy: UDP (W1 to W1/ZW) 176.205.60.90:63747 79.115.94.37:29842 ACCESS DROPPED
111 2013-02-12 19:21:37 WAN interface gets IP:79.115.94.37 WAN1
112 2013-02-12 19:21:37 ppp:IPCP Opening
113 2013-02-12 19:21:37 ppp:IPCP Starting
114 2013-02-12 19:21:37 ppp:PAP Opening
115 2013-02-12 19:21:37 ppp:LCP Opening
116 2013-02-12 19:21:34 ppp:LCP Starting
117 2013-02-12 19:21:34 board 0 line 0 channel 0, call 8, C02 OutCall Connected 100000000 CALL DETAIL RECORD
118 2013-02-12 19:21:32 board 0 line 0 channel 0, call 8, C01 Outgoing Call dev=6 ch=0 CALL DETAIL RECORD
119 2013-02-12 19:21:32 board 0 line 0 channel 0, call 7, C02 Call Terminated CALL DETAIL RECORD
120 2013-02-12 19:21:32 ppp:IPCP Closing
121 2013-02-12 19:21:32 ppp:LCP Closing
122 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 109.75.173.187:53 z.z.z.z:9548 ACCESS DROPPED
123 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 211.14.188.203:53 z.z.z.z:61230 ACCESS DROPPED
124 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 109.120.157.46:53 z.z.z.z:7017 ACCESS DROPPED
125 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 63.247.74.58:53 z.z.z.z:50186 ACCESS DROPPED
126 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 111.67.199.202:53 z.z.z.z:57288 ACCESS DROPPED
127 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 109.202.10.12:53 z.z.z.z:53770 ACCESS DROPPED
128 2013-02-12 19:21:32 Firewall default policy: UDP (W1 to W1/ZW) 222.76.216.43:53 z.z.z.z:5931 ACCESS DROPPED



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

What exactly is the issue?
The fact that your PPPoE is dropping? Is this happening often? Are you on latest firmware? »ftp://ftp.zyxel.com/ZyWALL_5_UTM/firmw···9)C0.zip

Or the fact your WAN IP is being hammered on some ports? ...this is normal, your firewall is doing it's job, no need for action.



EzraMod

@rdsnet.ro

in all time someone attack port 53 and flood that port , i stop port 53 after stop port 53 he try to scan for find open port, look this:

2013-02-14 19:28:46 ports scan UDP (W1 to W1) (Repeated: 688) 93.190.43.114:53 79.115.95.219:57634 ATTACK
2013-02-14 19:27:15 ports scan UDP (W1 to W1) (Repeated: 777) 114.32.152.181:53 79.115.95.219:38686 ATTACK
2013-02-14 19:25:44 ports scan UDP (W1 to W1) (Repeated: 5707) 193.68.203.80:53 79.115.95.219:7302 ATTACK

how can i stop this....? please help me, and yes i have last firmware


JPedroT

join:2005-02-18
kudos:1

Your firewall is already stopping it, it is not getting past the firewall.
If you want them to stop portscanning your firewall, then you need to find out who it is, call them and ask them to stop
--
"Perl is executable line noise, Python is executable pseudo-code."



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Dont forget to say please!


windphantom

join:2013-01-31
reply to EzraMod

You can also set the firewall to block the IP for a few minutes after Port Scanning or other attack are detected.



EzraMod

@rdsnet.ro

yes but is not a single ip? is 100000 ip is massive attack how can do ?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Just ignore it, firewall is doing it's job and already blocking these. If they're bugging you in the logs turn of logging for this type of event.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to EzraMod

I think turning off logging is the right answer or increase the dosage of medication.



EzraMod

@rdsnet.ro

i echilibrate the situation, but now sometimes no appear 5000 session and CPU up 100% and again reset PPPoE connection:((


Kirby Smith

join:2001-01-26
Derry, NH
reply to EzraMod

Are you running BitTorrent?



EzraMod

@rdsnet.ro

no i don't run bittorrent, before all these troubles have created a torrent file to put the share, and then kind of started this madness, but I deleted the uTorrent client .... everything about that file torrent


JPedroT

join:2005-02-18
kudos:1
reply to EzraMod

said by EzraMod :

i echilibrate the situation, but now sometimes no appear 5000 session and CPU up 100% and again reset PPPoE connection:((

Check your machines again, 5k sessions usually are not initiated from WAN unless your being DOS'ed.
Most likely something else is creating those sessions from your LAN.
--
"Perl is executable line noise, Python is executable pseudo-code."


EzraMod

@rdsnet.ro

offffffff, today i see other way PPPoE connetion stop and log is this:

14 2013-02-18 00:45:17 Firewall default policy: UDP (W1 to W1/ZW) zz.zx.xz.xz:53 myip:40566 ACCESS DROPPED

and this log appear 100-200 / seconds:(


OGalati

join:2005-08-19
Argentina
reply to EzraMod

Are you running some service on your LAN (webserver, etc)? Do you have NAT active? Port Forwarding?



EzraMod

@rdsnet.ro

yes i have webserver with appserver application create, and yes i have NAT activate with port forwarding


OGalati

join:2005-08-19
Argentina
reply to EzraMod

Then, just to try, disable completely firewall function for a while. The inherent mechanism of Dynamic NAPT you're using will give you a simple NAT firewall protection. Disabling SPI Firewall will bring CPU cycles down. I'm assuming you only have port 80 forwarded, no DMZ.
Regards.



EzraMod

@rdsnet.ro

if i disable firewall , to router appear exceeds the max. number of session per host, and again router reset.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit

I agree with others, you should probably carefully examine all your traffic as very likely cause of these attacks may be being triggered by your WAN-to-LAN traffic.
What kind of services are you running there?
Did you try to shut down all your internal internet exposed services, let it sit for a while to let all sessions expire and then see if the WAN attacks come back?