目前我使用中華電信固2 IP 300/100M 光世代
最近這幾天發現我電腦的軟體連外速度變得很慢
但這現象在相同的軟體透過手機電信基地台連出去卻很正常
舉例來說
在家玩爐石戰記的時候整個遊戲反應速度變得很慢
不管是自己出牌或是等待對方出牌
整個流程明顯異常變慢
但相同遊戲軟體在手機上透過電信基地台卻很正常
在家中電腦除了遊戲軟體外其餘的連外部伺服器的軟體也是有明顯反應變慢的現象
本來以為這只是網路短暫的異常
因為我有使用Hinet測速軟體上下傳速度是正常的
一直到今天早上突然收到家中NAS主機發信給我
通知說我家中的iPad嘗試登入我的NAS密碼輸入錯誤達到次數上限而被封鎖
但我當下根本沒有在使用iPad
所以才驚覺應該是被駭客入侵了
於是早上趕緊登入Router看記錄檔
看到了以下內容: (家中內部設備的MAC address已經被我改成xx:xx:xx:xx:xx:xx)
[DHCP IP: (192.168.1.11)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 09:06:01
[DHCP IP: (192.168.1.3)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 09:04:50
[Admin login] from source 192.168.1.7, Saturday, Jun 30,2018 08:59:53
[DHCP IP: (192.168.1.7)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 08:52:45
[DHCP IP: (192.168.1.9)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 08:40:26
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 07:44:11
[DHCP IP: (192.168.1.6)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 06:40:47
[DHCP IP: (192.168.1.4)] to MAC address xx:xx:xx:xx:xx:xx, Saturday, Jun 30,2018 06:27:06
[WLAN access rejected: incorrect security] from MAC 68:48:98:9D:D1:DC, Saturday, Jun 30,2018 05:28:29
[WLAN access rejected: incorrect security] from MAC 68:48:98:9D:D1:DC, Saturday, Jun 30,2018 05:17:28
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [31.13.87.1], Saturday, Jun 30,2018 04:05:47
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [104.115.175.11], Friday, Jun 29,2018 23:12:25
[DHCP IP: (192.168.1.10)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 21:59:25
[WLAN access rejected: incorrect security] from MAC 68:48:98:9D:D1:DC, Friday, Jun 29,2018 21:38:06
[Admin login] from source 192.168.1.7, Friday, Jun 29,2018 21:16:08
[DHCP IP: (192.168.1.5)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 21:12:20
[DHCP IP: (192.168.1.11)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 21:06:01
[DHCP IP: (192.168.1.3)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 21:04:49
[DHCP IP: (192.168.1.7)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 20:40:54
[DHCP IP: (192.168.1.9)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 20:40:25
[DHCP IP: (192.168.1.4)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 20:40:09
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 19:44:11
[DHCP IP: (192.168.1.6)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 19:09:34
[DHCP IP: (192.168.1.10)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 09:30:40
[DHCP IP: (192.168.1.5)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 09:10:26
[DHCP IP: (192.168.1.11)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 09:05:59
[DHCP IP: (192.168.1.3)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 09:04:50
[DHCP IP: (192.168.1.4)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 07:49:20
[DHCP IP: (192.168.1.4)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 07:48:49
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 07:44:11
[DHCP IP: (192.168.1.6)] to MAC address xx:xx:xx:xx:xx:xx, Friday, Jun 29,2018 07:38:23
[DHCP IP: (192.168.1.10)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 21:27:48
[DHCP IP: (192.168.1.5)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 21:08:30
[DHCP IP: (192.168.1.11)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 21:05:59
[DHCP IP: (192.168.1.3)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 21:04:49
[DHCP IP: (192.168.1.6)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 20:07:09
[DHCP IP: (192.168.1.7)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 19:49:31
[DHCP IP: (192.168.1.9)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 19:49:01
[DHCP IP: (192.168.1.4)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 19:48:48
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 19:44:11
[DHCP IP: (192.168.1.10)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 09:24:20
[DHCP IP: (192.168.1.5)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 09:06:36
[DHCP IP: (192.168.1.11)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 09:05:58
[DHCP IP: (192.168.1.3)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 09:04:49
[DHCP IP: (192.168.1.6)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 08:35:58
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 07:44:11
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Thursday, Jun 28,2018 07:42:39
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [23.53.74.182], Thursday, Jun 28,2018 00:25:43
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [23.48.143.4], Thursday, Jun 28,2018 00:25:40
[DHCP IP: (192.168.1.7)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:54:35
[DHCP IP: (192.168.1.7)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:54:01
[DHCP IP: (192.168.1.10)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:15:08
[DHCP IP: (192.168.1.10)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:06:14
[DHCP IP: (192.168.1.11)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:05:58
[DHCP IP: (192.168.1.8)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:05:11
[DHCP IP: (192.168.1.9)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:53
[Time synchronized with NTP server] Wednesday, Jun 27,2018 21:04:50
[Internet connected] IP address: xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:50
[DHCP IP: (192.168.1.3)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:49
[DHCP IP: (192.168.1.7)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:48
[DHCP IP: (192.168.1.6)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:47
[DHCP IP: (192.168.1.5)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:47
[DHCP IP: (192.168.1.4)] to MAC address xx:xx:xx:xx:xx:xx, Wednesday, Jun 27,2018 21:04:47
[Initialized, firmware version: V1.0.9.32] Wednesday, Jun 27,2018 21:04:45
紅色標示的看起來是有問題的地方
其中看起來駭客有嘗試透過WLAN登入
[WLAN access rejected: incorrect security] from MAC 68:48:98:9D:D1:DC, Saturday, Jun 30,2018 05:28:29
[WLAN access rejected: incorrect security] from MAC 68:48:98:9D:D1:DC, Saturday, Jun 30,2018 05:17:28
請問這表示駭客是在我住家附近嗎?
還有要如何透過有限的資訊(對方的MAC address or IP address)
查詢對方是否是我家附近的鄰居
又或是假的甚至是跳板
我又該如何做防護?
但我只是一般使用者
不會去花萬把來塊去買硬體防火牆或是跟中華租資安設備
目前對我比較困擾的是從家裡執行需要連外的軟體
反應速度都變慢
應該是駭客有對我的router做一些事情
讓整個網路反應變慢
還請高手不吝賜教
謝謝
個人積分:14153分
文章編號:69132102
個人積分:287分
文章編號:69132157
個人積分:287分
文章編號:69132359
看起來是假IP
我懷疑那4個IP其實是在國內的
只是利用隱藏DNS的方式避掉被反查
因為如果IP是來自國外但trace後routing節點卻很少
甚至latency也非常低
然後透過https://mac.51240.com/這個網站
查了一下那個MAC address的設備
得到這樣的結果
當然這也有可能是假的
但他是如何嘗試用這樣的設備透過WLAN連到我的router?
會真的是我家鄰居做的嗎?
不然一般無線路由器的訊號不可能遠到國外都可以連的到吧(笑)
個人積分:47分
文章編號:69132569
個人積分:287分
文章編號:69132640
個人積分:355分
文章編號:69132850
個人積分:287分
文章編號:69133001
專回你的文 wrote:
你的紀錄檔只看得到...(恕刪)
NAS上顯示因為密碼輸入錯誤次數達上限而被封鎖的是192.168.1.10
然後透過router上已連接設備表上看到該ip是iPad
所以我才說駭客是透過我的iPad嘗試登入我的NAS
但這也表示駭客已經透過我的router進入後端的設備了
我有致電中華企業客服
他們幫忙查流量後說應該不是真的DDoS攻擊
因為流量不大
所以我個人猜測應該是一般新手想嘗試用駭客軟體這種比較簡單的方式入侵
所以DoS攻擊的量就沒有很大
因為真正DDoS攻擊是會導致你整個網路癱瘓
無法連出與連進
但我的只是網路回應變慢
Anyway我已經報案了
這段期間我無法確定我的資料是否有被竊取
但我查了一下網路
私人電腦被駭客入侵是刑事責任
是告訴乃論
所以我還是去警局報案了
個人積分:1489分
文章編號:69133081
個人積分:4381分
文章編號:69133206
