konstig utgående trafik blockerat i routern

Victor · Inlägg av **Victor** » 10 jan 2010, 17:17

Jag har en ubuntu 9.10 server uppe och kör. Jag har lighttpd uppe på port 80 och apache2 på 8080 vilket går att komma åt från nätet, dvs jag har öppnat upp portarna i routern. Jag har wtorrent installerat som använder sig av rtorrent. Jag har även samba och ssh. Det finns lite andra grejer men de kommer jag bara åt via det lokala nätverket.

Jag har problem med att min router startar om med jämna mellanrum och gick då in och kollade routerns logg vilket visade detta (bara ett utdrag från 16.00 till 16.01 idag, mer finns!) Kollade ett par addresser vilket visade att min server på 192.168.0.66 försöker skicka icmp-paket till bland annat ryssland och kina!? Är det vanligt? Kan tänka mig att det skulle vara rtorrent som försöker kontakta en peer men de torrentar jag har "igång" är gamla och jag ser ingen trafik på dem.

Kod: Markera allt

Priority	Time	Message
[INFO]	Sun Jan 10 16:01:23 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 211.160.122.24
[INFO]	Sun Jan 10 16:01:23 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 95.28.143.199
[INFO]	Sun Jan 10 16:01:23 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 121.221.2.224
[INFO]	Sun Jan 10 16:01:21 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 88.169.197.140
[INFO]	Sun Jan 10 16:01:20 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 87.17.99.148
[INFO]	Sun Jan 10 16:01:20 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 96.255.103.148
[INFO]	Sun Jan 10 16:01:19 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 60.165.64.17
[INFO]	Sun Jan 10 16:01:19 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 75.111.217.179
[INFO]	Sun Jan 10 16:01:18 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 60.165.64.17
[INFO]	Sun Jan 10 16:01:18 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 77.20.35.156
[INFO]	Sun Jan 10 16:01:18 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 86.193.232.215
[INFO]	Sun Jan 10 16:01:17 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 77.232.142.24
[INFO]	Sun Jan 10 16:01:17 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 71.190.175.187
[INFO]	Sun Jan 10 16:01:16 2010	Log viewed by IP address 192.168.0.66
[INFO]	Sun Jan 10 16:01:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 84.3.226.209
[INFO]	Sun Jan 10 16:01:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 77.78.159.80
[INFO]	Sun Jan 10 16:01:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 88.169.197.140
[INFO]	Sun Jan 10 16:01:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 86.63.81.79
[INFO]	Sun Jan 10 16:01:13 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 79.110.0.118
[INFO]	Sun Jan 10 16:01:12 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 83.26.180.30
[INFO]	Sun Jan 10 16:01:10 2010	Wireless restart
[INFO]	Sun Jan 10 16:01:08 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 125.26.65.241
[INFO]	Sun Jan 10 16:01:07 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 93.65.129.140
[INFO]	Sun Jan 10 16:01:07 2010	Blocked incoming TCP connection request from 93.81.106.59:2305 to 85.24.185.24:445
[INFO]	Sun Jan 10 16:01:07 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 67.242.56.235
[INFO]	Sun Jan 10 16:01:07 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 60.50.182.179
[INFO]	Sun Jan 10 16:01:06 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 201.21.146.198
[INFO]	Sun Jan 10 16:01:04 2010	Blocked incoming TCP connection request from 93.81.106.59:2305 to 85.24.185.24:445
[INFO]	Sun Jan 10 16:01:04 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 24.145.225.179
[INFO]	Sun Jan 10 16:01:03 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 81.5.127.191
[INFO]	Sun Jan 10 16:01:03 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 124.13.103.141
[INFO]	Sun Jan 10 16:01:02 2010	Wireless restart
[INFO]	Sun Jan 10 16:01:00 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 115.134.248.127
[INFO]	Sun Jan 10 16:00:59 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 91.76.28.240
[INFO]	Sun Jan 10 16:00:58 2010	Wireless restart
[INFO]	Sun Jan 10 16:00:56 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 80.235.63.6
[INFO]	Sun Jan 10 16:00:56 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 209.249.244.214
[INFO]	Sun Jan 10 16:00:56 2010	Above message repeated 5 times
[INFO]	Sun Jan 10 16:00:56 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 85.130.48.187
[INFO]	Sun Jan 10 16:00:56 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 90.194.95.232
[INFO]	Sun Jan 10 16:00:55 2010	Wireless restart
[INFO]	Sun Jan 10 16:00:52 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 78.97.220.251
[INFO]	Sun Jan 10 16:00:51 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 85.56.1.157
[INFO]	Sun Jan 10 16:00:51 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 58.8.206.9
[INFO]	Sun Jan 10 16:00:51 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 24.158.33.128
[INFO]	Sun Jan 10 16:00:48 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 89.239.115.113
[INFO]	Sun Jan 10 16:00:43 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 188.218.87.249
[INFO]	Sun Jan 10 16:00:42 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 95.155.31.131
[INFO]	Sun Jan 10 16:00:40 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 24.237.6.8
[INFO]	Sun Jan 10 16:00:40 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 81.88.124.33
[INFO]	Sun Jan 10 16:00:39 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 91.20.147.250
[INFO]	Sun Jan 10 16:00:39 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 201.68.161.59
[INFO]	Sun Jan 10 16:00:38 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 41.97.244.89
[INFO]	Sun Jan 10 16:00:38 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 82.212.181.75
[INFO]	Sun Jan 10 16:00:38 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 122.116.110.40
[INFO]	Sun Jan 10 16:00:37 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 82.224.86.127
[INFO]	Sun Jan 10 16:00:36 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 114.33.48.177
[INFO]	Sun Jan 10 16:00:35 2010	Allowed configuration authentication by IP address 192.168.0.66
[INFO]	Sun Jan 10 16:00:35 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 82.233.34.204
[INFO]	Sun Jan 10 16:00:34 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 86.105.226.26
[INFO]	Sun Jan 10 16:00:34 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 92.96.53.79
[INFO]	Sun Jan 10 16:00:34 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 114.128.178.53
[INFO]	Sun Jan 10 16:00:32 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 95.135.222.160
[INFO]	Sun Jan 10 16:00:32 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 24.214.62.95
[INFO]	Sun Jan 10 16:00:30 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 89.132.201.168
[INFO]	Sun Jan 10 16:00:29 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 112.142.6.152
[INFO]	Sun Jan 10 16:00:28 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 91.203.168.131
[INFO]	Sun Jan 10 16:00:28 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 41.97.244.89
[INFO]	Sun Jan 10 16:00:27 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 94.195.252.101
[INFO]	Sun Jan 10 16:00:26 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 90.15.10.158
[INFO]	Sun Jan 10 16:00:25 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 95.61.27.143
[INFO]	Sun Jan 10 16:00:25 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 174.26.20.239
[INFO]	Sun Jan 10 16:00:23 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 82.237.140.84
[INFO]	Sun Jan 10 16:00:22 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 77.35.24.25
[INFO]	Sun Jan 10 16:00:22 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 95.29.8.247
[INFO]	Sun Jan 10 16:00:22 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 95.25.119.92
[INFO]	Sun Jan 10 16:00:22 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 84.125.56.22
[INFO]	Sun Jan 10 16:00:21 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 93.96.193.4
[INFO]	Sun Jan 10 16:00:21 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 125.224.47.29
[INFO]	Sun Jan 10 16:00:19 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 99.29.220.228
[INFO]	Sun Jan 10 16:00:17 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 90.221.77.251
[INFO]	Sun Jan 10 16:00:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 69.228.171.238
[INFO]	Sun Jan 10 16:00:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 77.84.255.167
[INFO]	Sun Jan 10 16:00:15 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 85.84.210.177
[INFO]	Sun Jan 10 16:00:13 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 124.44.203.207
[INFO]	Sun Jan 10 16:00:13 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 222.37.5.210
[INFO]	Sun Jan 10 16:00:13 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 123.27.109.131
[INFO]	Sun Jan 10 16:00:12 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 110.164.254.68
[INFO]	Sun Jan 10 16:00:11 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 118.101.194.59
[INFO]	Sun Jan 10 16:00:09 2010	Blocked incoming TCP connection request from 85.140.186.43:1985 to 85.24.185.24:445
[INFO]	Sun Jan 10 16:00:09 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 203.59.129.47
[INFO]	Sun Jan 10 16:00:07 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 90.151.231.169
[INFO]	Sun Jan 10 16:00:07 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 86.97.248.144
[INFO]	Sun Jan 10 16:00:06 2010	Blocked incoming TCP connection request from 85.140.186.43:1985 to 85.24.185.24:445
[INFO]	Sun Jan 10 16:00:05 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 188.27.188.171
[INFO]	Sun Jan 10 16:00:04 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 125.224.47.29
[INFO]	Sun Jan 10 16:00:03 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 82.1.228.153
[INFO]	Sun Jan 10 16:00:01 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 91.124.24.253
[INFO]	Sun Jan 10 16:00:01 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 85.105.76.27
[INFO]	Sun Jan 10 16:00:01 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 83.33.127.129
[INFO]	Sun Jan 10 16:00:00 2010	Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.66 to 86.162.53.131

tycker allt verkar mystiskt och tänkte fråga er här om hjälp! Vad menas med det ovan!? (har ni även förslag på varför min router, en d-link dir-655, startar om nätverket får ni även svara. startar en annan tråd om det annars.)

tack på förhand

/victor

edit: såg nu att det "bara" var INFO-meddelanden. kanske inte så allvarligt, men likväl intresserad varför min server försöker kontakta massa konstiga addresser..?

Lars · Inlägg av **Lars** » 10 jan 2010, 22:05

"ICMP type 3" översätts till Destination Unreachable. Men varför den försöker skicka sådana vet jag inte. Destination Unreachable är väl typiskt något som en router skickar när den inte kan routa ett paket? Är det kanske brandväggen på 192.168.0.66 som skickar det? I så fall, varför?

Victor · Inlägg av **Victor** » 10 jan 2010, 22:27

Precis, varför? Jag har inte satt upp någon brandvägg faktiskt, och definitivt inte gjort några inställingar i sådan. Kan jag ha lyckats bli del i ett botnät?! Jag har faktiskt varit lite seg med uppdateringar. Kollade nu vilka portar jag har öppet utåt som svarar på tillfrågningar och de är port 80, 8080 och 22, dvs lighttpd, apache och ssh.. har även ytterligare en tjänst som snurrar och det är opendchub, men den är privat och bara registrerade användare kan komma in.. Jag kan verkligen inte tänka mig något på servern som skulle vilja kommunicera med utlandet direkt..

Rune.K · Inlägg av **Rune.K** » 10 jan 2010, 23:15

Kanske har det med rtorrent att göra, torrent genererar en massa trafik...

Victor · Inlägg av **Victor** » 10 jan 2010, 23:18

Rune.K skrev:Kanske har det med rtorrent att göra, torrent genererar en massa trafik...

Jepp, ska testa stänga av rtorrent imorgon och se om det fortfraande genereras trafik!

Ubuntu Sverige

konstig utgående trafik blockerat i routern

konstig utgående trafik blockerat i routern

Re: konstig utgående trafik blockerat i routern

Re: konstig utgående trafik blockerat i routern

Re: konstig utgående trafik blockerat i routern

Re: konstig utgående trafik blockerat i routern