[Cerrado] Muchas alertas en mi log del router

Estado
Cerrado para nuevas respuestas.
Hola buenos dias
Revisando el log de mi router me encuentro con muchas alertas, sobretodo de intrusion kernel
Algien puede revisar mi log y decirme si es correcto o esta pasando algo?
Copio y pego el log:


Código:
Date/Time Facility Severity Message 
Mar 9 10:48:41 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=221.3.109.218 DST=37.15.196.89 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=37477 DF PROTO=TCP SPT=44869 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=221.3.109.218 DST=37.15.196.89 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=37478 DF PROTO=TCP SPT=44869 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:44 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=221.3.109.218 DST=37.15.196.89 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=37479 DF PROTO=TCP SPT=44869 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:48 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=221.3.109.218 DST=37.15.196.89 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=37480 DF PROTO=TCP SPT=44869 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:52 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=77.234.81.172 DST=37.15.196.89 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=40655 DF PROTO=TCP SPT=2526 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:52 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=188.230.44.203 DST=37.15.196.89 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=21831 DF PROTO=TCP SPT=54195 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:55 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=77.234.81.172 DST=37.15.196.89 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=40662 DF PROTO=TCP SPT=2526 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:48:55 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=188.230.44.203 DST=37.15.196.89 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=22107 DF PROTO=TCP SPT=54195 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:51:16 user crit kernel: Line 0: ADSL link down  
Mar 9 10:51:16 user crit kernel: Line 0: xDSL G.994 training  
Mar 9 10:51:16 daemon crit syslog: Clear IP addresses. PPP connection DOWN.  
Mar 9 10:51:16 daemon crit syslog: Clear IP addresses. Connection DOWN.  
Mar 9 10:51:30 user crit kernel: Line 0: ADSL G.992 started  
Mar 9 10:51:34 user crit kernel: Line 0: ADSL G.992 channel analysis  
Mar 9 10:51:39 user crit kernel: Line 0: ADSL G.992 message exchange  
Mar 9 10:51:40 user crit kernel: Line 0: ADSL link down  
Mar 9 10:51:41 user crit kernel: Line 0: xDSL G.994 training  
Mar 9 10:51:57 user crit kernel: Line 0: ADSL G.992 started  
Mar 9 10:52:01 user crit kernel: Line 0: ADSL G.992 channel analysis  
Mar 9 10:52:05 user crit kernel: Line 0: ADSL G.992 message exchange  
Mar 9 10:52:06 user crit kernel: Line 0: ADSL link up, Bearer 0, us=1022, ds=3481  
Mar 9 10:52:09 daemon crit syslog: PPP server detected.  
Mar 9 10:52:09 daemon crit syslog: PPP session established.  
Mar 9 10:52:12 daemon crit syslog: PPP LCP UP.  
Mar 9 10:52:14 daemon crit syslog: Received valid IP address from server. Connection UP.  
Mar 9 10:52:29 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=207.34.157.140 DST=37.15.155.157 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=22231 PROTO=TCP SPT=50522 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:52:29 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=151.51.18.129 DST=37.15.155.157 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=14004 DF PROTO=TCP SPT=1495 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:52:32 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=207.34.157.140 DST=37.15.155.157 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=22234 PROTO=TCP SPT=50522 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:52:32 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=151.51.18.129 DST=37.15.155.157 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=14012 DF PROTO=TCP SPT=1495 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:52:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=67.82.9.146 DST=37.15.155.157 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=22846 DF PROTO=TCP SPT=57458 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:52:33 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=116.23.203.94 DST=37.15.155.157 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=35269 DF PROTO=TCP SPT=1932 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:52:34 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=67.82.9.146 DST=37.15.155.157 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=14621 DF PROTO=TCP SPT=57458 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:53:41 user crit kernel: Line 0: ADSL link down  
Mar 9 10:53:41 user crit kernel: Line 0: xDSL G.994 training  
Mar 9 10:53:41 daemon crit syslog: Clear IP addresses. PPP connection DOWN.  
Mar 9 10:53:41 daemon crit syslog: Clear IP addresses. Connection DOWN.  
Mar 9 10:53:55 user crit kernel: Line 0: ADSL G.992 started  
Mar 9 10:53:59 user crit kernel: Line 0: ADSL G.992 channel analysis  
Mar 9 10:54:04 user crit kernel: Line 0: ADSL G.992 message exchange  
Mar 9 10:54:05 user crit kernel: Line 0: ADSL link down  
Mar 9 10:54:06 user crit kernel: Line 0: xDSL G.994 training  
Mar 9 10:54:22 user crit kernel: Line 0: ADSL G.992 started  
Mar 9 10:54:26 user crit kernel: Line 0: ADSL G.992 channel analysis  
Mar 9 10:54:30 user crit kernel: Line 0: ADSL G.992 message exchange  
Mar 9 10:54:31 user crit kernel: Line 0: ADSL link up, Bearer 0, us=1022, ds=3473  
Mar 9 10:54:34 daemon crit syslog: PPP server detected.  
Mar 9 10:54:34 daemon crit syslog: PPP session established.  
Mar 9 10:54:37 daemon crit syslog: PPP LCP UP.  
Mar 9 10:54:39 daemon crit syslog: Received valid IP address from server. Connection UP.  
Mar 9 10:54:54 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=99.41.51.142 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=3163 DF PROTO=TCP SPT=50789 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:54:54 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=95.111.159.239 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=18590 DF PROTO=TCP SPT=4106 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:54:57 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=99.41.51.142 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=3167 DF PROTO=TCP SPT=50789 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:54:57 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=95.111.159.239 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=18592 DF PROTO=TCP SPT=4106 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:54:58 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=99.74.229.110 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=8436 DF PROTO=TCP SPT=52121 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:54:58 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=70.75.135.119 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=20613 DF PROTO=TCP SPT=65171 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 10:55:01 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=99.74.229.110 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=8463 DF PROTO=TCP SPT=52121 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:09:42 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=109.67.227.129 DST=37.15.192.48 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=3617 DF PROTO=TCP SPT=59241 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:14:46 user crit kernel: Line 0: ADSL link down  
Mar 9 11:14:46 user crit kernel: Line 0: xDSL G.994 training  
Mar 9 11:14:46 daemon crit syslog: Clear IP addresses. PPP connection DOWN.  
Mar 9 11:14:46 daemon crit syslog: Clear IP addresses. Connection DOWN.  
Mar 9 11:15:00 user crit kernel: Line 0: ADSL G.992 started  
Mar 9 11:15:04 user crit kernel: Line 0: ADSL G.992 channel analysis  
Mar 9 11:15:09 user crit kernel: Line 0: ADSL G.992 message exchange  
Mar 9 11:15:10 user crit kernel: Line 0: ADSL link down  
Mar 9 11:15:11 user crit kernel: Line 0: xDSL G.994 training  
Mar 9 11:15:27 user crit kernel: Line 0: ADSL G.992 started  
Mar 9 11:15:31 user crit kernel: Line 0: ADSL G.992 channel analysis  
Mar 9 11:15:35 user crit kernel: Line 0: ADSL G.992 message exchange  
Mar 9 11:15:36 user crit kernel: Line 0: ADSL link up, Bearer 0, us=1022, ds=3698  
Mar 9 11:15:39 daemon crit syslog: PPP server detected.  
Mar 9 11:15:40 daemon crit syslog: PPP session established.  
Mar 9 11:15:43 daemon crit syslog: PPP LCP UP.  
Mar 9 11:15:45 daemon crit syslog: Received valid IP address from server. Connection UP.  
Mar 9 11:17:10 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=80.92.22.197 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=13059 DF PROTO=TCP SPT=1449 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:17:13 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=80.92.22.197 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=13724 DF PROTO=TCP SPT=1449 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:21:16 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=77.92.147.164 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=29702 DF PROTO=TCP SPT=3030 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:21:19 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=77.92.147.164 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=29910 DF PROTO=TCP SPT=3030 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:21:22 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=222.76.215.105 DST=37.15.192.48 LEN=40 TOS=0x00 PREC=0x00 TTL=100 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:28:27 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=88.156.4.64 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=38061 DF PROTO=TCP SPT=4067 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:43:14 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=68.122.248.26 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=38377 DF PROTO=TCP SPT=2049 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:49:29 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=178.206.179.115 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=54094 DF PROTO=TCP SPT=2588 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 11:57:59 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=91.82.38.173 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=48405 DF PROTO=TCP SPT=3251 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 12:10:39 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=175.180.67.237 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=52193 DF PROTO=TCP SPT=3939 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000  
Mar 9 12:21:50 user alert kernel: Intrusion -> IN=ppp0.1 OUT= MAC= SRC=114.42.178.204 DST=37.15.192.48 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=3540 DF PROTO=TCP SPT=2942 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
 
Re: Muchas alertas en mi log del router

badimafi dijo:
Hola buenos dias
Revisando el log de mi router me encuentro con muchas alertas, sobretodo de intrusion kernel
Algien puede revisar mi log y decirme si es correcto o esta pasando algo?
Copio y pego el log:

Código:
(...)


badimafi!

Gracias por exponer su consulta.

Con respecto al caso, tenga en cuenta que los datos que se muestran en el Log de conexión del router hacen referencias a conexiones o intentos de conexiones que son rechazadas por el firewall del equipo lo cual es normal.

Por otro lado, también se observa que la línea ha tenido algunos cortes (ADSL Link Down) por lo que recomendamos comprobar el funcionamiento desde el PTR.

Esperamos su respuesta.
Saludos.


[EDITADO 15/03/12]


Lamentablemente el usuario no ha comentado su hilo en 5 días por lo que se procede al cierre del mismo, de acuerdo a las reglas del foro [1].

Saludos!

[1] http://www.adslzone.net/postt126841.html



Para más información u otras consultas, debe abrir otro hilo en el foro AQUI :arrow:.
Si desea dejar su comentario de la calidad del servicio prestado en el foro, hágalo aqui :arrow:
 
Estado
Cerrado para nuevas respuestas.
Arriba