Gerät: LC1711 FW 7.80
Die Firewall meldet alle paar Sekunden Verbindungsversuche von verschiedenen russischen Quell-IPs zu NTP-Servern der PTB (siehe Auszug aus dem Trace unten). Ich habe versuchsweise den kompletten IP-Bereich von 5.0.0.0 bis 5.255.255.255 per REJECT-Regel gesperrt. Der Spuk hört trotzdem nicht auf.
Ist das normal oder mache ich was falsch? Besteht Anlaß zur Sorge, z.B. Bruteforce-Angriff?
Im Voraus vielen Dank für eure Hilfe!
Auszug vom Trace:
[Firewall] 2012/09/07 12:24:02,178 Devicetime: 2012/09/07 12:24:02,530
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:02,378 Devicetime: 2012/09/07 12:24:02,530
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:02,977 Devicetime: 2012/09/07 12:24:03,330
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.155.42.140, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:02,977 Devicetime: 2012/09/07 12:24:03,330
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.155.42.140, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:08,994 Devicetime: 2012/09/07 12:24:09,350
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.93.158.246, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:08,994 Devicetime: 2012/09/07 12:24:09,350
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.93.158.246, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:10,745 Devicetime: 2012/09/07 12:24:11,100
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.240.100.222, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:10,745 Devicetime: 2012/09/07 12:24:11,100
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.240.100.222, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:18,192 Devicetime: 2012/09/07 12:24:18,550
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:18,192 Devicetime: 2012/09/07 12:24:18,550
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123
Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped