Титла: Log от адсл модем
Публикувано от: kennedy в Aug 29, 2006, 20:23
Тъй като напоследък дизела започна да блокира непредсказуемо през 20-40-50 минути се наложи да си поприказвам с разни експерти из БТК-то които вежливо ми обясниха, че проблема идва от вируси, които флудват модема и той забива. Друг е въпроса, че това става дори да съм изритъл всички бози от нета и да съм пуснал единствено браузер. Един приятел ми каза вълшебна думичка и се сдобих с достъп до настройките и логовете на модемчето. Ето примерен ред
1st day 02:00:06 user alert
klogd: Intrusion -> IN=ppp33 OUT= MAC= SRC=87.126.134.20 DST=87.126.75.247 LEN=48 TOS=0x00 PREC=0x60 TTL=125 ID=53790 DF PROTO=TCP SPT=61881 DPT=9755 WINDOW=65535 RES=0x00 SYN URGP=0
което аз разчитам така натрапник 87.126.134.20 от порт 61881 се опитва да дойде до мен на порт 9755. само не ми е ясно ей това какво означава
WINDOW=65535
големината на пакета ли ще е ?
тук таме се среща и WINDOW=16384; WINDOW=64960
1st day 02:00:06 user alert
klogd: Intrusion -> IN=ppp33 OUT= MAC= SRC=87.126.134.20 DST=87.126.75.247 LEN=48 TOS=0x00 PREC=0x60 TTL=125 ID=53790 DF PROTO=TCP SPT=61881 DPT=9755 WINDOW=65535 RES=0x00 SYN URGP=0
което аз разчитам така натрапник 87.126.134.20 от порт 61881 се опитва да дойде до мен на порт 9755. само не ми е ясно ей това какво означава
WINDOW=65535
големината на пакета ли ще е ?
тук таме се среща и WINDOW=16384; WINDOW=64960
Титла: Log от адсл модем
Публикувано от: alex_c в Aug 29, 2006, 22:00
Параметъра WINDOW ти дава размера на плъзгащия прозорец - алгортитъм за управление на трафика при TCP връзки. В зависимост от мрежовия стек на операционната система началният размер на плъзгащия прозорец може да има различни размери. За повече подробности виж това: http://www.freesoft.org/CIE/Course/Section4/5.htm
или потърси в Гугъл за "TCP sliding window".
В случая не това ти е проблема.
За мен, обаче, е интересен форматът на лог-а от модема - досущ прилича на логовете, които дава Linux ядрото при определени обстоятелства. Просто за информация, ако някой знае - да не би ADSL модемите на БТК да са Linux-базирани?
Best wishes!
Alex
или потърси в Гугъл за "TCP sliding window".
В случая не това ти е проблема.
За мен, обаче, е интересен форматът на лог-а от модема - досущ прилича на логовете, които дава Linux ядрото при определени обстоятелства. Просто за информация, ако някой знае - да не би ADSL модемите на БТК да са Linux-базирани?
Best wishes!
Alex
Титла: Log от адсл модем
Публикувано от: kennedy в Aug 29, 2006, 22:16
да. 2.4 ядро ... но не ми се рестартва да вадя лога да го видиш. ако го мерна скоро ще го постна тука.
Титла: Log от адсл модем
Публикувано от: kennedy в Aug 29, 2006, 22:25
1st day 00:00:34 daemon crit pppd[148]: PPP session established.
1st day 00:00:34 daemon crit pppd[148]: PPP server detected.
1st day 00:00:34 user debug syslog: dhcpc -i nas26 &
1st day 00:00:31 user debug syslog: iptables -t nat -F
1st day 00:00:31 user debug syslog: iptables -F
1st day 00:00:24 user crit klogd: ADSL link up, fast, us=192, ds=640
1st day 00:00:24 user crit klogd: ADSL G.992 message exchange
1st day 00:00:20 user crit klogd: ADSL G.992 channel analysis
1st day 00:00:17 user crit klogd: ADSL G.992 started
1st day 00:00:16 user crit klogd: ADSL G.994 training
1st day 00:00:14 user crit klogd: ADSL link down
1st day 00:00:12 user debug syslog: ifconfig eth0 up
1st day 00:00:12 daemon notice pppd[148]: pppd 2.4.1 started by root, uid 0
1st day 00:00:11 user debug syslog: pppd -i nas33 -u 'FzX4NxvRzD2rNZwK' -p '****************' -c 33 &
1st day 00:00:09 user debug syslog: dproxy &
1st day 00:00:09 user crit klogd: ADSL G.992 channel analysis
1st day 00:00:09 user debug syslog: route add -net 172.16.0.0 netmask 255.240.0.0 metric 1 dev nas26 2>/dev/null
1st day 00:00:09 user debug syslog: route add -net 10.0.0.0 netmask 255.0.0.0 metric 1 dev nas26 2>/dev/null
1st day 00:00:08 user debug syslog: ifconfig nas26 up
1st day 00:00:08 user debug klogd: atm_connect (TX: cl 1,bw 0-0,sdu 1524; RX: cl 1,bw 0-0,sdu 1524,AAL 5)
1st day 00:00:08 daemon info pvc2684d: Communicating over ATM 0.0.40, encapsulation: LLC
1st day 00:00:08 user debug syslog: ifconfig nas26 hw ether 0a:d0
0:6b:53:fc
1st day 00:00:08 user debug syslog: pvc2684ctl -a -i 26 -v 0.0.40 -g broadcom &
1st day 00:00:08 user debug syslog: echo xxx.xxx.xxx.xxx > /proc/var/fyi/wan/nas26/ipaddress
1st day 00:00:08 user debug syslog: echo 0000 > /proc/var/fyi/wan/nas26/daemonstatus
1st day 00:00:08 user debug syslog: echo 0000 > /proc/var/fyi/wan/nas26/status
1st day 00:00:08 user debug syslog: dhcpd &> /dev/null &
1st day 00:00:08 user info syslog: insmod -s -k net-pf-10
1st day 00:00:08 user crit klogd: eth0 Link UP.
1st day 00:00:08 user debug syslog: brctl addif br0 nas33
1st day 00:00:08 user debug syslog: ifconfig nas33 up
1st day 00:00:08 user info syslog: insmod -s -k nas33
1st day 00:00:08 daemon info pvc2684d: Communicating over ATM 0.0.35, encapsulation: LLC
1st day 00:00:08 user debug klogd: atm_connect (TX: cl 1,bw 0-0,sdu 1524; RX: cl 1,bw 0-0,sdu 1524,AAL 5)
1st day 00:00:07 user debug syslog: ifconfig nas33 hw ether 0200:6b:53:fb
1st day 00:00:07 user debug syslog: pvc2684ctl -a -i 33 -v 0.0.35 -g broadcom -f &
1st day 00:00:07 user debug syslog: echo xxx.xxx.xxx.xxx > /proc/var/fyi/wan/ppp33/ipaddress
1st day 00:00:07 user debug syslog: echo 0000 > /proc/var/fyi/wan/ppp33/daemonstatus
1st day 00:00:07 user debug syslog: echo 0000 > /proc/var/fyi/wan/ppp33/status
1st day 00:00:07 user debug syslog: ifconfig br0 192.168.1.1 netmask 255.255.255.252 up
1st day 00:00:07 user debug syslog: sendarp -s br0 -d eth0
1st day 00:00:07 user info syslog: insmod -s -k net-pf-10
1st day 00:00:07 user crit klogd: ADSL G.992 started
1st day 00:00:07 user debug syslog: ifconfig br0 192.168.1.1 up; brctl addif br0 eth0; ifconfig eth0 0.0.0.0
1st day 00:00:07 user debug syslog: ifconfig eth0 up
1st day 00:00:07 user info syslog: insmod -s -k net-pf-10
1st day 00:00:07 user debug syslog: brctl setfd br0 0
1st day 00:00:06 user info syslog: insmod -s -k net-pf-10
1st day 00:00:06 user debug syslog: brctl stp br0 disable
1st day 00:00:06 user debug syslog: brctl addbr br0
1st day 00:00:06 user debug syslog: echo > /etc/pppmsg
1st day 00:00:06 user debug syslog: pvc2684d &
1st day 00:00:06 user debug syslog: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
1st day 00:00:06 user debug syslog: echo "1" > /proc/sys/net/ipv4/ip_dynaddr
1st day 00:00:06 user crit klogd: ADSL G.994 training
1st day 00:00:06 user warn klogd: eth0: MAC Address: 0000:6B:53:FA
1st day 00:00:06 user info klogd: BCM6345_ENET: 100 MB Full-Duplex (auto-neg)
1st day 00:00:06 user warn klogd: Broadcom BCM6345A0 Ethernet Network Device v0.1 Feb 16 2005 16:04:33 Internal PHY
1st day 00:00:06 user info klogd: var 1.0 initialised
1st day 00:00:06 user warn klogd: Algorithmics/MIPS FPU Emulator v1.5
1st day 00:00:06 user warn klogd: Freeing unused kernel memory: 44k freed
1st day 00:00:06 user debug syslog: echo "1" > /proc/sys/net/ipv4/ip_forward
1st day 00:00:06 user warn klogd: VFS: Mounted root (squashfs filesystem) readonly.
1st day 00:00:06 user warn klogd: high 343
1st day 00:00:06 kern info klogd: Ebtables v2.0 registeredNET4: Ethernet Bridge 008 for NET4.0
1st day 00:00:06 user info klogd: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
1st day 00:00:06 user info klogd: Linux IP multicast router 0.06 plus PIM-SM
1st day 00:00:06 user warn klogd: TCP: Hash tables configured (established 512 bind 1024)
1st day 00:00:06 user warn klogd: IP: routing cache hash table of 512 buckets, 4Kbytes
1st day 00:00:06 user info klogd: IP Protocols: ICMP, UDP, TCP, IGMP
1st day 00:00:06 user info klogd: NET4: Linux TCP/IP 1.0 for NET4.0
1st day 00:00:06 user warn klogd: adsl: adsl_init entry
1st day 00:00:06 user warn klogd: blaadd: blaa_detect entry
1st day 00:00:06 user info klogd: PPP generic driver version 2.4.1
1st day 00:00:06 user warn klogd: block: 64 slots per queue, batch=16
1st day 00:00:06 user warn klogd: Your memory is set to 8M
1st day 00:00:06 user warn klogd: brcmboard: brcm_board_init entry
1st day 00:00:06 user warn klogd: Module bcm6345_cons.c v1.1 Feb 16 2005 16:02:36
1st day 00:00:06 user warn klogd: Starting kswapd
1st day 00:00:06 user warn klogd: Initializing RT netlink socket
1st day 00:00:06 user info klogd: Based upon Swansea University Computer Society NET3.039
1st day 00:00:06 user info klogd: Linux NET4.0 for Linux 2.4
1st day 00:00:06 user warn klogd: POSIX conformance testing by UNIFIX
1st day 00:00:06 user warn klogd: Checking for 'wait' instruction... unavailable.
1st day 00:00:06 user warn klogd: Page-cache hash table entries: 2048 (order: 1, 8192 bytes)
1st day 00:00:06 user warn klogd: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
1st day 00:00:06 user warn klogd: Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
1st day 00:00:06 user warn klogd: Inode-cache hash table entries: 512 (order: 0, 4096 bytes)
1st day 00:00:06 user warn klogd: Dentry-cache hash table entries: 1024 (order: 1, 8192 bytes)
1st day 00:00:06 user warn klogd: Memory: 6008k/7936k available (1462k kernel code, 1928k reserved, 84k data, 44k init, 0k highmem)
1st day 00:00:06 user warn klogd: Calibrating delay loop... 92.97 BogoMIPS
1st day 00:00:06 user warn klogd: bcm_console_setup
1st day 00:00:06 user warn klogd: Kernel command line: root=/dev/mtdblock0 ro
1st day 00:00:06 user warn klogd: zone(2): 0 pages.
1st day 00:00:06 user warn klogd: zone(1): 0 pages.
1st day 00:00:06 user warn klogd: zone(0): 1984 pages.
1st day 00:00:06 user warn klogd: On node 0 totalpages: 1984
1st day 00:00:06 user warn klogd: memory: 007c0000 @ 00000000 (usable)
1st day 00:00:06 user warn klogd: Determined physical RAM map:
1st day 00:00:06 user warn klogd: Linux version 2.4.17 (leon_zhou@localhost.localdomain) (gcc version 3.1) #11 Sat Feb 19 14:24:59 CST 2005
1st day 00:00:06 user warn klogd: Primary data cache 4kb, linesize 16 bytes (2 ways)
1st day 00:00:06 user warn klogd: Primary instruction cache 8kb, linesize 16 bytes (2 ways)
1st day 00:00:06 user warn klogd: CPU revision is: 00028000
1st day 00:00:06 user warn klogd: Your memory is set to 8M
1st day 00:00:06 user warn klogd: Board ID(RTA230) prom init
1st day 00:00:06 user warn klogd: Scratch pad is not used for this flash part.
1st day 00:00:06 user warn klogd: Total Flash size: 2048K with 35 sectors
1st day 00:00:06 syslog notice klogd: klogd started: BusyBox v0.60.4 (2005.02.16-08:05+0000)
1st day 00:00:06 syslog emerg BCM96345 started: BusyBox v0.60.4 (2005.02.16-08:05+0000)
1st day 00:00:34 daemon crit pppd[148]: PPP server detected.
1st day 00:00:34 user debug syslog: dhcpc -i nas26 &
1st day 00:00:31 user debug syslog: iptables -t nat -F
1st day 00:00:31 user debug syslog: iptables -F
1st day 00:00:24 user crit klogd: ADSL link up, fast, us=192, ds=640
1st day 00:00:24 user crit klogd: ADSL G.992 message exchange
1st day 00:00:20 user crit klogd: ADSL G.992 channel analysis
1st day 00:00:17 user crit klogd: ADSL G.992 started
1st day 00:00:16 user crit klogd: ADSL G.994 training
1st day 00:00:14 user crit klogd: ADSL link down
1st day 00:00:12 user debug syslog: ifconfig eth0 up
1st day 00:00:12 daemon notice pppd[148]: pppd 2.4.1 started by root, uid 0
1st day 00:00:11 user debug syslog: pppd -i nas33 -u 'FzX4NxvRzD2rNZwK' -p '****************' -c 33 &
1st day 00:00:09 user debug syslog: dproxy &
1st day 00:00:09 user crit klogd: ADSL G.992 channel analysis
1st day 00:00:09 user debug syslog: route add -net 172.16.0.0 netmask 255.240.0.0 metric 1 dev nas26 2>/dev/null
1st day 00:00:09 user debug syslog: route add -net 10.0.0.0 netmask 255.0.0.0 metric 1 dev nas26 2>/dev/null
1st day 00:00:08 user debug syslog: ifconfig nas26 up
1st day 00:00:08 user debug klogd: atm_connect (TX: cl 1,bw 0-0,sdu 1524; RX: cl 1,bw 0-0,sdu 1524,AAL 5)
1st day 00:00:08 daemon info pvc2684d: Communicating over ATM 0.0.40, encapsulation: LLC
1st day 00:00:08 user debug syslog: ifconfig nas26 hw ether 0a:d0
0:6b:53:fc1st day 00:00:08 user debug syslog: pvc2684ctl -a -i 26 -v 0.0.40 -g broadcom &
1st day 00:00:08 user debug syslog: echo xxx.xxx.xxx.xxx > /proc/var/fyi/wan/nas26/ipaddress
1st day 00:00:08 user debug syslog: echo 0000 > /proc/var/fyi/wan/nas26/daemonstatus
1st day 00:00:08 user debug syslog: echo 0000 > /proc/var/fyi/wan/nas26/status
1st day 00:00:08 user debug syslog: dhcpd &> /dev/null &
1st day 00:00:08 user info syslog: insmod -s -k net-pf-10
1st day 00:00:08 user crit klogd: eth0 Link UP.
1st day 00:00:08 user debug syslog: brctl addif br0 nas33
1st day 00:00:08 user debug syslog: ifconfig nas33 up
1st day 00:00:08 user info syslog: insmod -s -k nas33
1st day 00:00:08 daemon info pvc2684d: Communicating over ATM 0.0.35, encapsulation: LLC
1st day 00:00:08 user debug klogd: atm_connect (TX: cl 1,bw 0-0,sdu 1524; RX: cl 1,bw 0-0,sdu 1524,AAL 5)
1st day 00:00:07 user debug syslog: ifconfig nas33 hw ether 02
00:6b:53:fb1st day 00:00:07 user debug syslog: pvc2684ctl -a -i 33 -v 0.0.35 -g broadcom -f &
1st day 00:00:07 user debug syslog: echo xxx.xxx.xxx.xxx > /proc/var/fyi/wan/ppp33/ipaddress
1st day 00:00:07 user debug syslog: echo 0000 > /proc/var/fyi/wan/ppp33/daemonstatus
1st day 00:00:07 user debug syslog: echo 0000 > /proc/var/fyi/wan/ppp33/status
1st day 00:00:07 user debug syslog: ifconfig br0 192.168.1.1 netmask 255.255.255.252 up
1st day 00:00:07 user debug syslog: sendarp -s br0 -d eth0
1st day 00:00:07 user info syslog: insmod -s -k net-pf-10
1st day 00:00:07 user crit klogd: ADSL G.992 started
1st day 00:00:07 user debug syslog: ifconfig br0 192.168.1.1 up; brctl addif br0 eth0; ifconfig eth0 0.0.0.0
1st day 00:00:07 user debug syslog: ifconfig eth0 up
1st day 00:00:07 user info syslog: insmod -s -k net-pf-10
1st day 00:00:07 user debug syslog: brctl setfd br0 0
1st day 00:00:06 user info syslog: insmod -s -k net-pf-10
1st day 00:00:06 user debug syslog: brctl stp br0 disable
1st day 00:00:06 user debug syslog: brctl addbr br0
1st day 00:00:06 user debug syslog: echo > /etc/pppmsg
1st day 00:00:06 user debug syslog: pvc2684d &
1st day 00:00:06 user debug syslog: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
1st day 00:00:06 user debug syslog: echo "1" > /proc/sys/net/ipv4/ip_dynaddr
1st day 00:00:06 user crit klogd: ADSL G.994 training
1st day 00:00:06 user warn klogd: eth0: MAC Address: 00
00:6B:53:FA1st day 00:00:06 user info klogd: BCM6345_ENET: 100 MB Full-Duplex (auto-neg)
1st day 00:00:06 user warn klogd: Broadcom BCM6345A0 Ethernet Network Device v0.1 Feb 16 2005 16:04:33 Internal PHY
1st day 00:00:06 user info klogd: var 1.0 initialised
1st day 00:00:06 user warn klogd: Algorithmics/MIPS FPU Emulator v1.5
1st day 00:00:06 user warn klogd: Freeing unused kernel memory: 44k freed
1st day 00:00:06 user debug syslog: echo "1" > /proc/sys/net/ipv4/ip_forward
1st day 00:00:06 user warn klogd: VFS: Mounted root (squashfs filesystem) readonly.
1st day 00:00:06 user warn klogd: high 343
1st day 00:00:06 kern info klogd: Ebtables v2.0 registeredNET4: Ethernet Bridge 008 for NET4.0
1st day 00:00:06 user info klogd: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
1st day 00:00:06 user info klogd: Linux IP multicast router 0.06 plus PIM-SM
1st day 00:00:06 user warn klogd: TCP: Hash tables configured (established 512 bind 1024)
1st day 00:00:06 user warn klogd: IP: routing cache hash table of 512 buckets, 4Kbytes
1st day 00:00:06 user info klogd: IP Protocols: ICMP, UDP, TCP, IGMP
1st day 00:00:06 user info klogd: NET4: Linux TCP/IP 1.0 for NET4.0
1st day 00:00:06 user warn klogd: adsl: adsl_init entry
1st day 00:00:06 user warn klogd: blaadd: blaa_detect entry
1st day 00:00:06 user info klogd: PPP generic driver version 2.4.1
1st day 00:00:06 user warn klogd: block: 64 slots per queue, batch=16
1st day 00:00:06 user warn klogd: Your memory is set to 8M
1st day 00:00:06 user warn klogd: brcmboard: brcm_board_init entry
1st day 00:00:06 user warn klogd: Module bcm6345_cons.c v1.1 Feb 16 2005 16:02:36
1st day 00:00:06 user warn klogd: Starting kswapd
1st day 00:00:06 user warn klogd: Initializing RT netlink socket
1st day 00:00:06 user info klogd: Based upon Swansea University Computer Society NET3.039
1st day 00:00:06 user info klogd: Linux NET4.0 for Linux 2.4
1st day 00:00:06 user warn klogd: POSIX conformance testing by UNIFIX
1st day 00:00:06 user warn klogd: Checking for 'wait' instruction... unavailable.
1st day 00:00:06 user warn klogd: Page-cache hash table entries: 2048 (order: 1, 8192 bytes)
1st day 00:00:06 user warn klogd: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
1st day 00:00:06 user warn klogd: Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
1st day 00:00:06 user warn klogd: Inode-cache hash table entries: 512 (order: 0, 4096 bytes)
1st day 00:00:06 user warn klogd: Dentry-cache hash table entries: 1024 (order: 1, 8192 bytes)
1st day 00:00:06 user warn klogd: Memory: 6008k/7936k available (1462k kernel code, 1928k reserved, 84k data, 44k init, 0k highmem)
1st day 00:00:06 user warn klogd: Calibrating delay loop... 92.97 BogoMIPS
1st day 00:00:06 user warn klogd: bcm_console_setup
1st day 00:00:06 user warn klogd: Kernel command line: root=/dev/mtdblock0 ro
1st day 00:00:06 user warn klogd: zone(2): 0 pages.
1st day 00:00:06 user warn klogd: zone(1): 0 pages.
1st day 00:00:06 user warn klogd: zone(0): 1984 pages.
1st day 00:00:06 user warn klogd: On node 0 totalpages: 1984
1st day 00:00:06 user warn klogd: memory: 007c0000 @ 00000000 (usable)
1st day 00:00:06 user warn klogd: Determined physical RAM map:
1st day 00:00:06 user warn klogd: Linux version 2.4.17 (leon_zhou@localhost.localdomain) (gcc version 3.1) #11 Sat Feb 19 14:24:59 CST 2005
1st day 00:00:06 user warn klogd: Primary data cache 4kb, linesize 16 bytes (2 ways)
1st day 00:00:06 user warn klogd: Primary instruction cache 8kb, linesize 16 bytes (2 ways)
1st day 00:00:06 user warn klogd: CPU revision is: 00028000
1st day 00:00:06 user warn klogd: Your memory is set to 8M
1st day 00:00:06 user warn klogd: Board ID(RTA230) prom init
1st day 00:00:06 user warn klogd: Scratch pad is not used for this flash part.
1st day 00:00:06 user warn klogd: Total Flash size: 2048K with 35 sectors
1st day 00:00:06 syslog notice klogd: klogd started: BusyBox v0.60.4 (2005.02.16-08:05+0000)
1st day 00:00:06 syslog emerg BCM96345 started: BusyBox v0.60.4 (2005.02.16-08:05+0000)
Титла: Log от адсл модем
Публикувано от: buboleck в Aug 29, 2006, 22:41
БТК ползват на опен сорс. Ще се спукам от смях, като им знам услугите...