permanente Intruder Detection von russischer IP trotz Regel

[Q [kju:]]

Hallo und Sorry für die Freitag Nachmittag Anfrage !

Gerät: LC1711 FW 7.80

Die Firewall meldet alle paar Sekunden Verbindungsversuche von verschiedenen russischen Quell-IPs zu NTP-Servern der PTB (siehe Auszug aus dem Trace unten). Ich habe versuchsweise den kompletten IP-Bereich von 5.0.0.0 bis 5.255.255.255 per REJECT-Regel gesperrt. Der Spuk hört trotzdem nicht auf.

Ist das normal oder mache ich was falsch? Besteht Anlaß zur Sorge, z.B. Bruteforce-Angriff?

Im Voraus vielen Dank für eure Hilfe!

Auszug vom Trace:

[Firewall] 2012/09/07 12:24:02,178 Devicetime: 2012/09/07 12:24:02,530
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:02,378 Devicetime: 2012/09/07 12:24:02,530
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:02,977 Devicetime: 2012/09/07 12:24:03,330
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.155.42.140, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:02,977 Devicetime: 2012/09/07 12:24:03,330
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.155.42.140, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:08,994 Devicetime: 2012/09/07 12:24:09,350
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.93.158.246, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:08,994 Devicetime: 2012/09/07 12:24:09,350
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.93.158.246, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:10,745 Devicetime: 2012/09/07 12:24:11,100
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.240.100.222, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:10,745 Devicetime: 2012/09/07 12:24:11,100
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.240.100.222, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:18,192 Devicetime: 2012/09/07 12:24:18,550
Packet matched rule intruder detection
DstIP: 192.53.103.108, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped
[Firewall] 2012/09/07 12:24:18,192 Devicetime: 2012/09/07 12:24:18,550
Packet matched rule intruder detection
DstIP: 192.53.103.104, SrcIP: 5.73.51.224, Len: 76, DSCP/TOS: 0x00
Prot.: UDP (17), DstPort: 123, SrcPort: 123

Filter info: packet received from invalid interface LAN-1
send SNMP trap
packet dropped

[Q [kju:]]

Nur zur Info: Das Mysterium hat sich inzwischen aufgeklärt. Die Verbindungsanfragen kamen nicht von extern, sondern wurden durch (ohne mein Wissen installierte) Hamachi-Clients im lokalen Netz verursacht.