Salve, mi scuso in anticipo se ho sbagliato lista, sezione o se questa non è la sede adatta per porre questo tipo di domanda, sono nuovo ed è da poco che ho cominciato ad approfondire le tematiche riguardanti la sicurezza informatica. Premesso questo, passo alla mia richiesta: Nei giorni scorsi, girando tra le pagine di configurazione del mio modem/router wi-fi, mi sono imbattuto nella pagina dove è presente il System log del mio modem ed ho notato strani tentativi di accesso del tipo:
"Data Ora [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session ********, user login check failed" Vi erano diversi tentativi di accesso di questo tipo, anche 10/20 consecutivi nel giro di pochissimi minuti, vedendo questi tentativi di accesso al mio modem mi sono allertato, poichè dentro la mia abitazione io sono l'unico a conoscere come entrare nella pagina di configurazione del modem, inoltre posso escludere anche che qualche persona si sia introdotta sulla mia rete Wi-Fi e in locale abbia cercato di collegarsi al mio modem, ciò infatti viene confermato anche dal fatto che sulla lista "DHCP List" del mio modem siano presenti solamente il Mac Adress del mio PC, e quello dei vari smartphone che abbiamo qui a casa. Così ho escluso il tentativo di accesso da locale al mio modem, la mia paura dunque è che qualcuno stia cercando di entrare da remoto nel mio modem. Per approfondire la questione, non appena ho visto questi strani tentativi di accesso, ho adoperato le sequenti precauzioni: come prima cosa ho aggiornato il firmware del mio modem, ho cambiato la password di accesso con una password molto più robusta della precedente ed inoltre dalle impostazioni avanzate del modem ho attivato due impostazioni: "Enable Attack Log" and "Enable Anti-Attack" . Fatto questo arriviamo alla giornata di ieri, nel pomeriggio dalle 15 circa non sono stato a casa, e nessuno della mia famiglia era presente nella mia abitazione, l'unico pc connesso ad internet era il mio, tuttavia non erano attivi nessun tipo di programma p2p o cose del genere, era semplicemente acceso con la connessione ad internet attiva. Sempre ieri intorno alle 21 , ho notato un rallentamento insolito sulla linea. A questo punto arriviamo a questa mattina, deciso ad approfondire la questione, ho riconsultato il log del mio modem ed ecco cosa ho trovato: " 2016-02-25 13:02:47 [4] kernel: Detect remote echo chargen attack, ip addr:173.214.162.94 2016-02-25 15:43:54 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7b4afe80, user login check failed 2016-02-25 15:43:57 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 5a0951b6, user login check failed 2016-02-25 15:44:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 125525bd, user login check failed 2016-02-25 15:44:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 125525bd, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6d129b1, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 7bd57595, user login check failed 2016-02-25 15:44:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 709da07f, user login check failed 2016-02-25 15:44:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 709da07f, user login check failed 2016-02-25 15:44:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 709da07f, user login check failed 2016-02-25 21:25:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6c4f722a, user login check failed 2016-02-25 21:25:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 4a013386, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 50ac8b17, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 457f695a, user login check failed 2016-02-25 21:26:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 3a3d40bd, user login check failed 2016-02-25 21:26:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 3a3d40bd, user login check failed 2016-02-25 21:26:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 3a3d40bd, user login check failed 2016-02-25 21:26:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 3a3d40bd, user login check failed 2016-02-25 21:26:38 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 3a3d40bd, user login check failed 2016-02-25 21:26:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6ef5eb7e, user login check failed 2016-02-25 21:26:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6ef5eb7e, user login check failed 2016-02-25 21:26:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6365c9e8, user login check failed 2016-02-25 23:19:22 [4] kernel: Detect remote echo chargen attack, ip addr:185.94.111.1 2016-02-26 04:28:40 [4] kernel: Detect remote echo chargen attack, ip addr:194.63.142.32 2016-02-26 06:36:09 [4] kernel: Detect remote echo chargen attack, ip addr:192.99.63.194 2016-02-26 09:07:12 [4] kernel: Detect remote echo chargen attack, ip addr:198.24.169.98 2016-02-26 09:44:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session f2a709c, user login check failed 2016-02-26 09:44:55 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[] User admin session timeout and auto logout 2016-02-26 09:44:55 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[] User admin login success " Da notare che l'ultima riga del syslog è il mio accesso riuscito al modem. Non sono un esperto in materia ma mi pare di capire che qualcuno da remoto mi stia attacando con un attacco DoS/DDos, tramite un tipo di attacco chiamato "echo chargen attack". Stamattina ho visitato il sito "ShieldsUP!" ed ho effettutato tutti i tipi di test che vi sono presenti, e l'unico test con risultato negativo è stato quello relativo a "....ICMP echo qualcosa..." che guarda caso è proprio il tipo di attacco che viene mostrato nel syslog. Stamattina dunque ho rivisto in modo approfondito tutte le impostazioni del mio modem ed ho notato che nella sezione "Firewall" --> "ACL Configuration" vi è una tabella che riporta la scritta: "This page is used to configure the IP Address for Access Control List. If ACL is enabled, only these IP address that in the ACL Table can access CPE. Here you can add/delete IP Address." , inoltre nella tabella vi era il servizio ICMP attivo ovvero: Interface: PPoE_0_1 Service: ICMP - Enable: YES - Source IP: 0.0.0.0 - Source Mask Adress: 0.0.0.0 - Protocol: ICMP - Port: 0 Mi pare di capire dunque che da remoto il mio modem accetta richieste su protocollo ICMP da qualsiasi IP / dispositivo, a questo punto ho disabilitato questo servizio e ho rieffettuato tutti i test sul sito "ShieldsUP!" ed ora tutti i test sono registrati come passati anche il precedente test che il sito mi diceva di aver fallito. Cosa ne pensate?, i procedimenti che ho adottato e le deduzioni che ho tratto sono giuste?, sicuramente voi siete molto più esperti di me in questo genere di cose, dunque vi ho scritto per avere una vostra opinione. Posso stare tranquillo oppure devo prende qualche altra misura di sicurezza?, quello che mi sembra strano e che la mia è una semplice rete domestica, per quale motivo sto ricevendo questi tipi di attacchi? Grazie per la vostra attenzione, e mi scuso di nuovo per il lungo papiro che ho scritto. ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
