WebConfig unerreichbar

Snugel · Beitrag von **Snugel** » 19 Mai 2020, 20:19

Hallo Lancom-Forum,

nach dem ich in der Firewall DoS Verwerfen aktiviert habe, lässt mich mein Router nicht mehr in die WebConfig. Das wäre auch ok, wenn ich da nicht die Einträge im Lancom im Bereich Management > Admin > Zugriffseinstellungen > Konfigurations-Zugriffs-Wege wären.
Alle drei Einstellungspunkte bin ich durchgegangen und habe den Zugriff vom LAN und WAN erlaubt.

Ich habe die IP meines PCs geprüft. Sie ist bestandteil der IPs die erlaubt sind und vorallem Statisch vom DHCP ausgeteillt. HTTP/HTTPS auf Port 80/443 WebConfig ist sowohl über WAN und LAN erlaubt. Wenn Port 80 genutzt wird, erfolgt ein Redirec auf HTTPS 443.

Die Log-Mail die ich dann bekomme ist folgende:

Betreff: DoS attack

Nachricht:
Date: 5/16/2020 10:10:34

The packet below

Src: 192.168.87.102:60959 Dst: 192.168.87.1:443 (TCP)

MAC-Header (14 Bytes)
Hex-Werte

IP-Packet (52 Bytes):
Hex-Werte

matched this filter rule: DoS protection
filter info: possible SYN flooding attack against 192.168.87.1

because of this the actions below were performed:
drop
send syslog message
send SNMP trap
send email to administrator
block source address for 72 hours

Ich habe, nachdem das Passiert ist, erstmal die Sperre für 72 Stunden rausgenommen.

Wieso meint der Lancom, dass er hier einem möglichen DoS unterliegt?
Wieso sperrt er mich, obwohl sich die IP meines rechners, unter den erlaubten befindet?

GrandDixence · Beitrag von **GrandDixence** » 20 Mai 2020, 16:33

Offenbar empfängt der LANCOM-Router zu viele TCP SYN in einem sehr kurzen Zeitraum vom PC.
https://de.wikipedia.org/wiki/Transmiss ... l_Protocol

Was als "SYN-Flood"-Angriff taxiert wird:
https://de.wikipedia.org/wiki/SYN-Flood

Weshalb dieser PC oder Webbrowser so viele TCP SYN's sendet, muss mit Wireshark untersucht werden:
alles-zum-lancom-advanced-vpn-client-f3 ... tml#p99943

backslash · Beitrag von **backslash** » 20 Mai 2020, 16:54

Hi GrandDixence,

Weshalb dieser PC oder Webbrowser so viele TCP SYN's sendet

Vorsicht... SYN-Floodings zeichnen sich dadurch aus, daß die Absenderadresse gefälscht wird, d.h. das Gerät empfängt mehr als die unter DoS -> Maximalzahl halboffener Verbidungen konfigurierten SYNs von verscheidenen Adressen (ohne abschloießendes ACK). Der PC hat halt nur eine davon...

Es ist aber richtig: Es muß untersucht werden, wer das LANCOM zuflutet...

Gruß
Backslash

Snugel · Beitrag von **Snugel** » 27 Mai 2020, 19:40

Hallo zusammen.

Sorry für die verspätung.

@GrandDixence und @backslash
Hier ein Teil des WireShark Mitschnitts:

Code: Alles auswählen

1	0.000000	192.168.87.102	192.168.87.15	TCP	66	4789 → 5510 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
2	0.000247	192.168.87.15	192.168.87.102	TCP	66	5510 → 4789 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
3	0.000309	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
4	0.000479	192.168.87.102	192.168.87.15	TLSv1.2	152	Ignored Unknown Record
5	0.000652	192.168.87.15	192.168.87.102	TCP	60	5510 → 4789 [ACK] Seq=1 Ack=99 Win=29312 Len=0
6	0.001076	192.168.87.15	192.168.87.102	TLSv1.2	411	Ignored Unknown Record
7	0.003518	192.168.87.102	192.168.87.15	TLSv1.2	241	Client Hello
8	0.003911	192.168.87.15	192.168.87.102	TLSv1.2	939	Server Hello, Certificate, Server Hello Done
9	0.004079	192.168.87.102	192.168.87.15	TLSv1.2	372	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
10	0.009259	192.168.87.15	192.168.87.102	TLSv1.2	280	New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
11	0.009369	192.168.87.102	192.168.87.15	TLSv1.2	84	Application Data
12	0.049086	192.168.87.15	192.168.87.102	TCP	60	5510 → 4789 [ACK] Seq=1469 Ack=634 Win=31360 Len=0
13	0.049109	192.168.87.102	192.168.87.15	TLSv1.2	1342	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
14	0.049327	192.168.87.15	192.168.87.102	TCP	60	5510 → 4789 [ACK] Seq=1469 Ack=1922 Win=33920 Len=0
15	0.050518	192.168.87.15	192.168.87.102	TLSv1.2	84	Application Data
16	0.050775	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
17	0.050790	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [ACK] Seq=1922 Ack=2959 Win=2102272 Len=0
18	0.050950	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
19	0.050952	192.168.87.15	192.168.87.102	TLSv1.2	124	Application Data, Application Data, Application Data
20	0.050967	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [ACK] Seq=1922 Ack=4489 Win=2102272 Len=0
21	0.051150	192.168.87.15	192.168.87.102	TLSv1.2	1336	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
22	0.051339	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
23	0.051353	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [ACK] Seq=1922 Ack=7231 Win=2102272 Len=0
24	0.051515	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
25	0.051517	192.168.87.15	192.168.87.102	TLSv1.2	85	Application Data, Application Data
26	0.051532	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [ACK] Seq=1922 Ack=8722 Win=2102272 Len=0
27	0.051692	192.168.87.15	192.168.87.102	TLSv1.2	513	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
28	0.052054	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [FIN, ACK] Seq=1922 Ack=9181 Win=2101760 Len=0
29	0.052325	192.168.87.15	192.168.87.102	TCP	60	5510 → 4789 [FIN, ACK] Seq=9181 Ack=1923 Win=33920 Len=0
30	0.052343	192.168.87.102	192.168.87.15	TCP	54	4789 → 5510 [ACK] Seq=1923 Ack=9182 Win=2101760 Len=0
31	0.869990	192.168.87.102	192.168.87.15	TLSv1.2	84	Application Data
32	0.870139	192.168.87.102	192.168.87.15	TLSv1.2	1526	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
33	0.870356	192.168.87.15	192.168.87.102	TCP	60	5510 → 4137 [ACK] Seq=1 Ack=1503 Win=1323 Len=0
34	0.870425	192.168.87.102	192.168.87.15	TLSv1.2	301	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
35	0.871170	192.168.87.15	192.168.87.102	TLSv1.2	84	Application Data
36	0.871417	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
37	0.871434	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=1491 Win=8212 Len=0
38	0.871596	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
39	0.871598	192.168.87.15	192.168.87.102	TLSv1.2	153	Application Data, Application Data, Application Data, Application Data
40	0.871615	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=3050 Win=8212 Len=0
41	0.871786	192.168.87.15	192.168.87.102	TLSv1.2	1088	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
42	0.922310	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=4084 Win=8208 Len=0
43	0.922541	192.168.87.15	192.168.87.102	TLSv1.2	543	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
44	0.968928	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=4573 Win=8212 Len=0
45	1.007111	192.168.87.102	192.168.87.15	TCP	66	4790 → 5510 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
46	1.007321	192.168.87.15	192.168.87.102	TCP	66	5510 → 4790 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
47	1.007374	192.168.87.102	192.168.87.15	TCP	54	4790 → 5510 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
48	1.007490	192.168.87.102	192.168.87.15	TLSv1.2	152	Ignored Unknown Record
49	1.007648	192.168.87.15	192.168.87.102	TCP	60	5510 → 4790 [ACK] Seq=1 Ack=99 Win=29312 Len=0
50	1.008065	192.168.87.15	192.168.87.102	TLSv1.2	411	Ignored Unknown Record
51	1.010458	192.168.87.102	192.168.87.15	TLSv1.2	241	Client Hello
52	1.010991	192.168.87.15	192.168.87.102	TLSv1.2	939	Server Hello, Certificate, Server Hello Done
53	1.011168	192.168.87.102	192.168.87.15	TLSv1.2	372	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
54	1.015866	192.168.87.15	192.168.87.102	TLSv1.2	280	New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
55	1.016029	192.168.87.102	192.168.87.15	TLSv1.2	84	Application Data
56	1.016159	192.168.87.102	192.168.87.15	TLSv1.2	1526	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
57	1.016358	192.168.87.15	192.168.87.102	TCP	60	5510 → 4790 [ACK] Seq=1469 Ack=2106 Win=34304 Len=0
58	1.016422	192.168.87.102	192.168.87.15	TLSv1.2	1300	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
59	1.017967	192.168.87.15	192.168.87.102	TLSv1.2	84	Application Data
60	1.018209	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
61	1.018223	192.168.87.102	192.168.87.15	TCP	54	4790 → 5510 [ACK] Seq=3352 Ack=2959 Win=2102272 Len=0
62	1.018386	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
63	1.018388	192.168.87.15	192.168.87.102	TLSv1.2	65	Application Data
64	1.018403	192.168.87.102	192.168.87.15	TCP	54	4790 → 5510 [ACK] Seq=3352 Ack=4430 Win=2102272 Len=0
65	1.018589	192.168.87.15	192.168.87.102	TLSv1.2	1398	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
66	1.068653	192.168.87.102	192.168.87.15	TCP	54	4790 → 5510 [ACK] Seq=3352 Ack=5774 Win=2100992 Len=0
67	1.068853	192.168.87.15	192.168.87.102	TLSv1.2	948	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
68	1.069331	192.168.87.102	192.168.87.15	TCP	54	4790 → 5510 [FIN, ACK] Seq=3352 Ack=6668 Win=2102272 Len=0
69	1.069623	192.168.87.15	192.168.87.102	TCP	60	5510 → 4790 [FIN, ACK] Seq=6668 Ack=3353 Win=37248 Len=0
70	1.069640	192.168.87.102	192.168.87.15	TCP	54	4790 → 5510 [ACK] Seq=3353 Ack=6669 Win=2102272 Len=0

Wenn ich das richtig interpretiere, schütten meine Geräte aus meinem Netzwerk den Lancom zu. Hinter 192.168.87.15 steckt ein NAS von Synology. Das Ding mit der 102 am Ende, ist mein PC.

GrandDixence · Beitrag von **GrandDixence** » 27 Mai 2020, 20:08

Der Wireshark-Mitschnitt weist keine Datenpakete mit Ziel IP: 192.168.87.1 Port TCP 443 auf. Nur Datenpakete mit gesetzten TCP-Flag SYN und Ziel IP: 192.168.87.1 Port TCP 443 sind von Interesse. Da nur diese Datenpakete den TCP SYN-Flood-Attacke-Alarm auslösen.

Diese interessanten Datenpakete kann man nur aufzeichnen, wenn man im Webbrowser aktiv eine Verbindung zum LANCOM-Router über WebConfig (TCP Port 443) aufbaut!

Snugel · Beitrag von **Snugel** » 27 Mai 2020, 20:46

GrandDixence hat geschrieben: ↑27 Mai 2020, 20:08 Der Wireshark-Mitschnitt weist keine Datenpakete mit Ziel IP: 192.168.87.1 Port TCP 443 auf. Nur Datenpakete mit gesetzten TCP-Flag SYN und Ziel IP: 192.168.87.1 Port TCP 443 sind von Interesse. Da nur diese Datenpakete den TCP SYN-Flood-Attacke-Alarm auslösen.

Diese interessanten Datenpakete kann man nur aufzeichnen, wenn man im Webbrowser aktiv eine Verbindung zum LANCOM-Router über WebConfig (TCP Port 443) aufbaut!

Ok. Ich habe eben mal den Browser geschlossen, so dass die Sitzungsdaten nicht mehr da sind. Außerdem habe ich die Cookies manuel entfernt. Dann habe ich einen Tab vorbereitet, in den ich https://192.168.87.1 eingetragen habe aber noch nicht mit der Eingabetaste bestätigt. Dann habe ich WS gestartet und die Ethernet-Schnittstelle ausgewählt. Kurzgewartet und dann im Browser-Tab die Eingabetaste gedrückt. Das Resultat ist folgendes (diesmal mit Ziel-IP 192.168.87.1):

Code: Alles auswählen

1	0.000000	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
2	0.621361	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
3	0.806908	172.65.212.243	192.168.87.102	TCP	60	443 → 5914 [ACK] Seq=1 Ack=1 Win=68 Len=0
4	0.806947	192.168.87.102	172.65.212.243	TCP	54	[TCP ACKed unseen segment] 5914 → 443 [ACK] Seq=1 Ack=2 Win=1022 Len=0
5	1.622159	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
6	1.637921	192.168.87.102	192.168.87.15	TLSv1.2	84	Application Data
7	1.638030	192.168.87.102	192.168.87.15	TLSv1.2	1526	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
8	1.638400	192.168.87.15	192.168.87.102	TCP	60	5510 → 4141 [ACK] Seq=1 Ack=1503 Win=1429 Len=0
9	1.638444	192.168.87.102	192.168.87.15	TLSv1.2	301	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
10	1.639146	192.168.87.15	192.168.87.102	TLSv1.2	84	Application Data
11	1.639393	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
12	1.639401	192.168.87.102	192.168.87.15	TCP	54	4141 → 5510 [ACK] Seq=1750 Ack=1491 Win=8212 Len=0
13	1.639577	192.168.87.15	192.168.87.102	TLSv1.2	1424	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
14	1.639768	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
15	1.639775	192.168.87.102	192.168.87.15	TCP	54	4141 → 5510 [ACK] Seq=1750 Ack=4321 Win=8212 Len=0
16	1.639933	192.168.87.15	192.168.87.102	TLSv1.2	306	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
17	1.684646	192.168.87.102	192.168.87.15	TCP	54	4141 → 5510 [ACK] Seq=1750 Ack=4573 Win=8211 Len=0
18	2.627314	192.168.87.102	192.168.87.1	TCP	66	5993 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
19	2.628430	192.168.87.1	192.168.87.102	TCP	62	443 → 5993 [SYN, ACK] Seq=0 Ack=1 Win=11680 Len=0 MSS=1460 WS=16
20	2.628486	192.168.87.102	192.168.87.1	TCP	54	5993 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
21	2.629277	192.168.87.102	192.168.87.1	TLSv1.3	571	Client Hello
22	2.629426	192.168.87.1	192.168.87.102	TCP	60	[TCP Window Update] 443 → 5993 [ACK] Seq=1 Ack=1 Win=11680 Len=0
23	2.673802	fe80::3599:38cd:65a6:8d09	fe80::2a0:57ff:fe1f:2ead	DNS	106	Standard query 0xaaa1 A resolver4.gdata.ctmail.com
24	2.677947	192.168.87.1	192.168.87.102	TLSv1.3	187	Server Hello, Change Cipher Spec
25	2.679015	192.168.87.1	192.168.87.102	TLSv1.3	1514	Application Data
26	2.679040	192.168.87.102	192.168.87.1	TCP	54	5993 → 443 [ACK] Seq=518 Ack=1594 Win=262656 Len=0
27	2.680027	192.168.87.1	192.168.87.102	TLSv1.3	732	Application Data
28	2.699361	fe80::2a0:57ff:fe1f:2ead	fe80::3599:38cd:65a6:8d09	DNS	151	Standard query response 0xaaa1 A resolver4.gdata.ctmail.com CNAME resolver.4.geo.ctmail.com A 103.5.198.210
29	2.720679	192.168.87.102	192.168.87.1	TCP	54	5993 → 443 [ACK] Seq=518 Ack=2272 Win=261888 Len=0
30	2.721622	192.168.87.1	192.168.87.102	TLSv1.3	398	Application Data, Application Data
31	2.721916	192.168.87.102	192.168.87.1	TLSv1.3	118	Change Cipher Spec, Application Data
32	2.722008	192.168.87.102	192.168.87.1	TLSv1.3	430	Application Data
33	2.722994	192.168.87.1	192.168.87.102	TCP	60	443 → 5993 [ACK] Seq=2616 Ack=958 Win=10720 Len=0
34	2.723516	192.168.87.1	192.168.87.102	TLSv1.3	157	Application Data
35	2.726556	192.168.87.1	192.168.87.102	TCP	1514	443 → 5993 [ACK] Seq=2719 Ack=958 Win=12192 Len=1460 [TCP segment of a reassembled PDU]
36	2.726608	192.168.87.102	192.168.87.1	TCP	54	5993 → 443 [ACK] Seq=958 Ack=4179 Win=262656 Len=0
37	2.727525	192.168.87.1	192.168.87.102	TLSv1.3	589	Application Data, Application Data
38	2.727774	192.168.87.102	192.168.87.1	TLSv1.3	78	Application Data
39	2.727795	192.168.87.102	192.168.87.1	TCP	54	5993 → 443 [FIN, ACK] Seq=982 Ack=4714 Win=262144 Len=0
40	2.728992	192.168.87.1	192.168.87.102	TCP	60	443 → 5993 [ACK] Seq=4714 Ack=983 Win=12160 Len=0
41	2.729065	192.168.87.1	192.168.87.102	TCP	60	443 → 5993 [FIN, ACK] Seq=4714 Ack=983 Win=12160 Len=0
42	2.729166	192.168.87.102	192.168.87.1	TCP	54	5993 → 443 [ACK] Seq=983 Ack=4715 Win=262144 Len=0
43	2.777360	192.168.87.102	192.168.87.1	TCP	66	5994 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
44	2.777519	192.168.87.102	192.168.87.1	TCP	66	5995 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
45	2.778695	192.168.87.1	192.168.87.102	TCP	62	443 → 5994 [SYN, ACK] Seq=0 Ack=1 Win=11680 Len=0 MSS=1460 WS=16
46	2.778697	192.168.87.1	192.168.87.102	TCP	62	443 → 5995 [SYN, ACK] Seq=0 Ack=1 Win=11680 Len=0 MSS=1460 WS=16
47	2.778760	192.168.87.102	192.168.87.1	TCP	54	5994 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
48	2.778771	192.168.87.102	192.168.87.1	TCP	54	5995 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
49	2.779506	192.168.87.102	192.168.87.1	TLSv1.3	571	Client Hello
50	2.779760	192.168.87.1	192.168.87.102	TCP	60	[TCP Window Update] 443 → 5994 [ACK] Seq=1 Ack=1 Win=11680 Len=0
51	2.779861	192.168.87.1	192.168.87.102	TCP	60	[TCP Window Update] 443 → 5995 [ACK] Seq=1 Ack=1 Win=11680 Len=0
52	2.780123	192.168.87.102	192.168.87.1	TLSv1.3	571	Client Hello
53	2.827266	192.168.87.1	192.168.87.102	TLSv1.3	193	Server Hello, Change Cipher Spec
54	2.874025	192.168.87.1	192.168.87.102	TLSv1.3	193	Server Hello, Change Cipher Spec
55	2.886581	192.168.87.102	192.168.87.1	TCP	54	5994 → 443 [ACK] Seq=518 Ack=140 Win=262656 Len=0
56	2.887662	192.168.87.1	192.168.87.102	TLSv1.3	140	Application Data, Application Data
57	2.887920	192.168.87.102	192.168.87.1	TLSv1.3	118	Change Cipher Spec, Application Data
58	2.889169	192.168.87.102	192.168.87.1	TLSv1.3	357	Application Data
59	2.890110	192.168.87.1	192.168.87.102	TCP	60	443 → 5994 [ACK] Seq=226 Ack=885 Win=10784 Len=0
60	2.917837	192.168.87.102	192.168.87.1	TCP	54	5995 → 443 [ACK] Seq=518 Ack=140 Win=262656 Len=0
61	2.918836	192.168.87.1	192.168.87.102	TLSv1.3	140	Application Data, Application Data
62	2.919101	192.168.87.102	192.168.87.1	TLSv1.3	118	Change Cipher Spec, Application Data
63	2.920243	192.168.87.102	192.168.87.1	TLSv1.3	339	Application Data
64	2.921181	192.168.87.1	192.168.87.102	TCP	60	443 → 5995 [ACK] Seq=226 Ack=867 Win=10800 Len=0
65	2.941247	192.168.87.1	192.168.87.102	TLSv1.3	1079	Application Data
66	2.977125	192.168.87.1	192.168.87.102	TCP	1514	443 → 5995 [ACK] Seq=226 Ack=867 Win=10800 Len=1460 [TCP segment of a reassembled PDU]
67	2.977157	192.168.87.1	192.168.87.102	TCP	1514	443 → 5995 [ACK] Seq=1686 Ack=867 Win=10800 Len=1460 [TCP segment of a reassembled PDU]
68	2.977159	192.168.87.1	192.168.87.102	TCP	1514	443 → 5995 [ACK] Seq=3146 Ack=867 Win=10800 Len=1460 [TCP segment of a reassembled PDU]
69	2.977161	192.168.87.1	192.168.87.102	TCP	1514	443 → 5995 [PSH, ACK] Seq=4606 Ack=867 Win=10800 Len=1460 [TCP segment of a reassembled PDU]
70	2.977180	192.168.87.102	192.168.87.1	TCP	54	5995 → 443 [ACK] Seq=867 Ack=6066 Win=262656 Len=0
71	2.986941	192.168.87.1	192.168.87.102	TLSv1.3	1404	Application Data
72	2.987062	192.168.87.1	192.168.87.102	TCP	1514	443 → 5995 [ACK] Seq=7416 Ack=867 Win=10800 Len=1460 [TCP segment of a reassembled PDU]
73	2.987077	192.168.87.102	192.168.87.1	TCP	54	5995 → 443 [ACK] Seq=867 Ack=8876 Win=262656 Len=0
74	2.988178	192.168.87.1	192.168.87.102	TLSv1.3	627	Application Data, Application Data
75	2.988343	192.168.87.102	192.168.87.1	TCP	54	5994 → 443 [ACK] Seq=885 Ack=1251 Win=261376 Len=0
76	2.988497	192.168.87.102	192.168.87.1	TLSv1.3	78	Application Data
77	2.988531	192.168.87.102	192.168.87.1	TCP	54	5995 → 443 [FIN, ACK] Seq=891 Ack=9449 Win=262144 Len=0
78	2.990331	192.168.87.1	192.168.87.102	TLSv1.3	78	Application Data
79	2.990333	192.168.87.1	192.168.87.102	TCP	60	443 → 5995 [ACK] Seq=9449 Ack=892 Win=10784 Len=0
80	2.990334	192.168.87.1	192.168.87.102	TCP	60	443 → 5995 [FIN, ACK] Seq=9449 Ack=892 Win=10784 Len=0
81	2.990454	192.168.87.102	192.168.87.1	TCP	54	5995 → 443 [ACK] Seq=892 Ack=9450 Win=262144 Len=0
82	2.990675	192.168.87.102	192.168.87.1	TLSv1.3	78	Application Data
83	2.990708	192.168.87.102	192.168.87.1	TCP	54	5994 → 443 [FIN, ACK] Seq=909 Ack=1275 Win=261376 Len=0
84	2.991000	192.168.87.102	192.168.87.1	TCP	66	5996 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
85	2.991091	192.168.87.102	192.168.87.1	TCP	66	5997 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
86	2.992133	192.168.87.1	192.168.87.102	TCP	60	443 → 5994 [ACK] Seq=1275 Ack=910 Win=10768 Len=0
87	2.992135	192.168.87.1	192.168.87.102	TCP	62	443 → 5996 [SYN, ACK] Seq=0 Ack=1 Win=11680 Len=0 MSS=1460 WS=16
88	2.992136	192.168.87.1	192.168.87.102	TCP	62	443 → 5997 [SYN, ACK] Seq=0 Ack=1 Win=11680 Len=0 MSS=1460 WS=16
89	2.992178	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
90	2.992184	192.168.87.102	192.168.87.1	TCP	54	5997 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
91	2.992433	192.168.87.1	192.168.87.102	TCP	60	443 → 5994 [FIN, ACK] Seq=1275 Ack=910 Win=10768 Len=0
92	2.992536	192.168.87.102	192.168.87.1	TCP	54	5994 → 443 [ACK] Seq=910 Ack=1276 Win=261376 Len=0
93	2.992936	192.168.87.102	192.168.87.1	TLSv1.3	571	Client Hello
94	2.993565	192.168.87.102	192.168.87.1	TLSv1.3	571	Client Hello
95	2.996893	192.168.87.1	192.168.87.102	TCP	60	[TCP Window Update] 443 → 5996 [ACK] Seq=1 Ack=1 Win=11680 Len=0
96	2.996895	192.168.87.1	192.168.87.102	TCP	60	[TCP Window Update] 443 → 5997 [ACK] Seq=1 Ack=1 Win=11680 Len=0
97	3.040546	192.168.87.1	192.168.87.102	TLSv1.3	193	Server Hello, Change Cipher Spec
98	3.087246	192.168.87.1	192.168.87.102	TLSv1.3	193	Server Hello, Change Cipher Spec
99	3.088592	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=518 Ack=140 Win=262656 Len=0
100	3.089664	192.168.87.1	192.168.87.102	TLSv1.3	140	Application Data, Application Data
101	3.089882	192.168.87.102	192.168.87.1	TLSv1.3	118	Change Cipher Spec, Application Data
102	3.090942	192.168.87.102	192.168.87.1	TLSv1.3	361	Application Data
103	3.091880	192.168.87.1	192.168.87.102	TCP	60	443 → 5996 [ACK] Seq=226 Ack=889 Win=10784 Len=0
104	3.142020	192.168.87.102	192.168.87.1	TCP	54	5997 → 443 [ACK] Seq=518 Ack=140 Win=262656 Len=0
105	3.142375	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=226 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
106	3.142407	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=1686 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
107	3.142409	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=3146 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
108	3.142411	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [PSH, ACK] Seq=4606 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
109	3.142430	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=889 Ack=6066 Win=262656 Len=0
110	3.142961	192.168.87.1	192.168.87.102	TLSv1.3	140	Application Data, Application Data
111	3.143193	192.168.87.102	192.168.87.1	TLSv1.3	118	Change Cipher Spec, Application Data
112	3.144231	192.168.87.102	192.168.87.1	TLSv1.3	359	Application Data
113	3.145214	192.168.87.1	192.168.87.102	TCP	60	443 → 5997 [ACK] Seq=226 Ack=887 Win=10784 Len=0
114	3.152243	192.168.87.1	192.168.87.102	TLSv1.3	1404	Application Data
115	3.152529	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=7416 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
116	3.152543	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=889 Ack=8876 Win=262656 Len=0
117	3.152563	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=8876 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
118	3.152565	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=10336 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
119	3.152567	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=11796 Ack=889 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
120	3.152583	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=889 Ack=13256 Win=262656 Len=0
121	3.153457	192.168.87.1	192.168.87.102	TCP	164	443 → 5996 [PSH, ACK] Seq=13256 Ack=889 Win=10784 Len=110 [TCP segment of a reassembled PDU]
122	3.153468	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=889 Ack=13366 Win=262656 Len=0
123	3.162362	192.168.87.1	192.168.87.102	TLSv1.3	332	Application Data
124	3.195608	192.168.87.1	192.168.87.102	TCP	1514	443 → 5997 [ACK] Seq=226 Ack=887 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
125	3.195807	192.168.87.1	192.168.87.102	TCP	1514	443 → 5997 [ACK] Seq=1686 Ack=887 Win=10784 Len=1460 [TCP segment of a reassembled PDU]
126	3.195821	192.168.87.102	192.168.87.1	TCP	54	5997 → 443 [ACK] Seq=887 Ack=3146 Win=262656 Len=0
127	3.196711	192.168.87.1	192.168.87.102	TLSv1.3	951	Application Data
128	3.205982	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=889 Ack=13644 Win=262400 Len=0
129	3.211814	192.168.87.102	192.168.87.1	TLSv1.3	358	Application Data
130	3.242264	192.168.87.102	192.168.87.1	TCP	54	5997 → 443 [ACK] Seq=887 Ack=4043 Win=261888 Len=0
131	3.242988	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=13644 Ack=1193 Win=12192 Len=1460 [TCP segment of a reassembled PDU]
132	3.243026	192.168.87.1	192.168.87.102	TCP	1514	443 → 5996 [ACK] Seq=15104 Ack=1193 Win=12192 Len=1460 [TCP segment of a reassembled PDU]
133	3.243039	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=1193 Ack=16564 Win=262656 Len=0
134	3.243902	192.168.87.1	192.168.87.102	TLSv1.3	1031	Application Data
135	3.289117	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [ACK] Seq=1193 Ack=17541 Win=261632 Len=0
136	4.006403	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
137	4.623359	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
138	4.868693	LANCOM_1f:2e:ad	LLDP_Multicast	LLDP	226	MA/00:a0:57:1f:2e:ad IN/LAN-1 120 SysN=RO01 SysD=LANCOM 1781VAW (over ISDN) 10.32.0176RU9 / 21.04.2020 4003077118100186 
139	5.625845	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
140	7.567252	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
141	7.613762	fe80::3599:38cd:65a6:8d09	fe80::2a0:57ff:fe1f:2ead	ICMPv6	86	Neighbor Solicitation for fe80::2a0:57ff:fe1f:2ead from 2c:f0:5d:08:30:8f
142	7.614864	fe80::2a0:57ff:fe1f:2ead	fe80::3599:38cd:65a6:8d09	ICMPv6	86	Neighbor Advertisement fe80::2a0:57ff:fe1f:2ead (rtr, sol, ovr) is at 00:a0:57:1f:2e:ad
143	7.699159	fe80::2a0:57ff:fe1f:2ead	fe80::3599:38cd:65a6:8d09	ICMPv6	86	Neighbor Solicitation for fe80::3599:38cd:65a6:8d09 from 00:a0:57:1f:2e:ad
144	7.699180	fe80::3599:38cd:65a6:8d09	fe80::2a0:57ff:fe1f:2ead	ICMPv6	86	Neighbor Advertisement fe80::3599:38cd:65a6:8d09 (sol, ovr) is at 2c:f0:5d:08:30:8f
145	7.714115	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
146	7.983551	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
147	8.516336	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
148	8.654297	192.168.87.102	192.168.87.15	TLSv1.2	84	Application Data
149	8.654425	192.168.87.102	192.168.87.15	TLSv1.2	1526	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
150	8.654789	192.168.87.15	192.168.87.102	TCP	60	5510 → 4139 [ACK] Seq=1 Ack=1503 Win=1429 Len=0
151	8.654838	192.168.87.102	192.168.87.15	TLSv1.2	301	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
152	8.655480	192.168.87.15	192.168.87.102	TLSv1.2	84	Application Data
153	8.655743	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
154	8.655756	192.168.87.102	192.168.87.15	TCP	54	4139 → 5510 [ACK] Seq=1750 Ack=1491 Win=8212 Len=0
155	8.655923	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
156	8.655925	192.168.87.15	192.168.87.102	TLSv1.2	248	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
157	8.655939	192.168.87.102	192.168.87.15	TCP	54	4139 → 5510 [ACK] Seq=1750 Ack=3145 Win=8212 Len=0
158	8.656110	192.168.87.15	192.168.87.102	TLSv1.2	1117	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
159	8.700560	192.168.87.102	192.168.87.15	TCP	54	4139 → 5510 [ACK] Seq=1750 Ack=4208 Win=8208 Len=0
160	8.700727	192.168.87.15	192.168.87.102	TLSv1.2	419	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
161	8.754150	192.168.87.102	192.168.87.15	TCP	54	4139 → 5510 [ACK] Seq=1750 Ack=4573 Win=8206 Len=0
162	8.898550	172.65.253.13	192.168.87.102	TCP	60	443 → 5863 [ACK] Seq=1 Ack=1 Win=76 Len=0
163	8.898578	192.168.87.102	172.65.253.13	TCP	54	[TCP ACKed unseen segment] 5863 → 443 [ACK] Seq=1 Ack=2 Win=1021 Len=0
164	9.008265	172.65.226.29	192.168.87.102	TCP	60	443 → 5902 [ACK] Seq=1 Ack=1 Win=68 Len=0
165	9.008280	192.168.87.102	172.65.226.29	TCP	54	[TCP ACKed unseen segment] 5902 → 443 [ACK] Seq=1 Ack=2 Win=1023 Len=0
166	9.062233	0.0.0.0	224.0.0.106	IGMP	56	Unknown Type:0x30
167	9.586647	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
168	11.197398	192.168.87.1	192.168.87.102	TLSv1.3	78	Application Data
169	11.197646	192.168.87.102	192.168.87.1	TLSv1.3	78	Application Data
170	11.197663	192.168.87.102	192.168.87.1	TCP	54	5997 → 443 [FIN, ACK] Seq=911 Ack=4067 Win=261632 Len=0
171	11.198871	192.168.87.1	192.168.87.102	TCP	60	443 → 5997 [ACK] Seq=4067 Ack=912 Win=10768 Len=0
172	11.198954	192.168.87.1	192.168.87.102	TCP	60	443 → 5997 [RST, ACK] Seq=4067 Ack=912 Win=10768 Len=0
173	11.244626	192.168.87.1	192.168.87.102	TLSv1.3	78	Application Data
174	11.244781	192.168.87.102	192.168.87.1	TLSv1.3	78	Application Data
175	11.244795	192.168.87.102	192.168.87.1	TCP	54	5996 → 443 [FIN, ACK] Seq=1217 Ack=17565 Win=261632 Len=0
176	11.245896	192.168.87.1	192.168.87.102	TCP	60	443 → 5996 [ACK] Seq=17565 Ack=1218 Win=12160 Len=0
177	11.246083	192.168.87.1	192.168.87.102	TCP	60	443 → 5996 [RST, ACK] Seq=17565 Ack=1218 Win=12160 Len=0
178	11.594647	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
179	12.010382	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
180	12.612439	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
181	13.597665	192.168.87.102	239.255.255.250	UDP	698	57342 → 3702 Len=656
182	13.613189	Micro-St_08:30:8f	Broadcast	ARP	42	Who has 192.168.87.31? Tell 192.168.87.102
183	13.929927	fe80::2a0:57ff:fe1f:2ead	ff02::1	ICMPv6	86	Router Advertisement from 00:a0:57:1f:2e:ad
184	14.711803	192.168.87.102	192.168.87.15	TLSv1.2	84	Application Data
185	14.711917	192.168.87.102	192.168.87.15	TLSv1.2	1526	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
186	14.712109	192.168.87.15	192.168.87.102	TCP	60	5510 → 4137 [ACK] Seq=1 Ack=1491 Win=2388 Len=0
187	14.712143	192.168.87.102	192.168.87.15	TLSv1.2	301	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
188	14.712570	192.168.87.15	192.168.87.102	TCP	60	5510 → 4137 [ACK] Seq=1 Ack=1750 Win=2388 Len=0
189	14.713004	192.168.87.15	192.168.87.102	TLSv1.2	84	Application Data
190	14.713253	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
191	14.713268	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=1491 Win=8212 Len=0
192	14.713431	192.168.87.15	192.168.87.102	TLSv1.2	1514	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
193	14.713433	192.168.87.15	192.168.87.102	TLSv1.2	248	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
194	14.713448	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=3145 Win=8212 Len=0
195	14.713616	192.168.87.15	192.168.87.102	TLSv1.2	993	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
196	14.764546	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=4084 Win=8208 Len=0
197	14.764719	192.168.87.15	192.168.87.102	TLSv1.2	543	Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data
198	14.811686	192.168.87.102	192.168.87.15	TCP	54	4137 → 5510 [ACK] Seq=1750 Ack=4573 Win=8206 Len=0
199	14.881045	192.168.87.102	148.251.91.71	TLSv1.2	100	Application Data

GrandDixence · Beitrag von **GrandDixence** » 27 Mai 2020, 22:26

Code: Alles auswählen

# more /tmp/test.txt |grep -i 192.168.87.1 |grep -i "\[syn\]"
18	2.627314	192.168.87.102	192.168.87.1	TCP	66	5993 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
43	2.777360	192.168.87.102	192.168.87.1	TCP	66	5994 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
44	2.777519	192.168.87.102	192.168.87.1	TCP	66	5995 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
84	2.991000	192.168.87.102	192.168.87.1	TCP	66	5996 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
85	2.991091	192.168.87.102	192.168.87.1	TCP	66	5997 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1

Der eingesetzte Webbrowser feuert 5 TCP SYN innerhalb 365 Millisekunden von der gleichen IP-Adresse ab. Dies löst wahrscheinlich den TCP SYN-Attacke-Alarm aus.

Dieses Verhalten kann ich mit meinem Webbrowser (Firefox ESR 68) nicht reproduzieren: Mein Webbrowser feuert die 5 TCP SYN's in 1079 Millisekunden ab. Was woll reicht, dass der TCP SYN-Attacke-Alarm nicht ausgelöst wird.

Bildschirmfoto von 2020-05-27 22-42-09.png

Ich empfehle den Test mit dem Webbrowser Firefox ESR und einer LCOS-Version aus dem Stable-Zweig (LCOS 10.32 RU<x>) zu wiederholen:
https://www.mozilla.org/de/firefox/enterprise/

https://www.lancom-systems.de/produkte/ ... ebersicht/

Und im Firefox ESR die Unterstützung von 0-RTT auszuschalten und den TLS-Downgrade-Check einzuschalten:
https://blog.cloudflare.com/introducing-0-rtt/

fragen-zum-thema-vpn-f14/https-ssl-tls- ... ml#p101557

Webseite: "about:config" aufrufen:

Code: Alles auswählen

lockPref("security.tls.enable_0rtt_data", false);
lockPref("security.tls.hello_downgrade_check", true);

https://developer.mozilla.org/de/docs/M ... nternehmen
=> nach unten zum Kapitel "Konfiguration" scrollen

https://github.com/mozilla/policy-templates/releases
=> Auf "README.md" klicken/tippen

MoinMoin · Beitrag von **MoinMoin** » 28 Mai 2020, 10:22

Moin, moin,

wäre die korrekte Lösung nicht eher, die Schwelle im LCOS anzupassen, anstatt einen langsameren Browser zu propagieren?

Ciao, Georg

GrandDixence · Beitrag von **GrandDixence** » 28 Mai 2020, 17:26

Ja, nur welcher DoS-Schutz-Konfigurationsparameter unter Setup > IP-Router > Firewall sollte Snugel umkonfigurieren? Die "Maximalzahl halboffener Verbindungen" gemäss dem Beitrag von Backslash sind wohl kaum schon erreicht (5 von 50 halboffenen TCP-Verbindungen?).

=> Nur wegen WebConfig würde ich persönlich keinen DoS-Schutz-Parameter umkonfigurieren.

backslash · Beitrag von **backslash** » 28 Mai 2020, 17:29

Hi,

der Standard-Wert für die halboffenen Verbindungen liegt bei 100 (Firewall/Qos -> DoS), d.h. der Browser müßte schon 100 Sessions anfordern, um die Reaktion zu triggern. Oder hat Snugel dem Wert geändert um besonders "sicher" zu sein? Dann wäre er wohl "selbst schuld"... Was ich leider fast schon vermute, da er auch den Unsinn mit der Absendersperre (72 Stunden) drin hatte...

Dazu kann ich nur immer wieder das gleiche sagen: Diese Sperren gibt es nur, weil die selbsternannten "Experten" diverser Computer-Zeitschriften meinen, sie würde die Sicherheit erhöhen und Firewalls abwerten, die das nicht können. Andersherum wird aber ein Schuh d'raus... Die Sperren machen DoS-Angriffe am Ende erst erfolgreich... Die Begründung dazu hab ich schon mehrfach hier im Forum ausgerollt - der geneigte Leser mag selbst danach suchen.

Gleiches gilt i.Ü.für Ping-Blockaden und Stealth-Mode... Sie verstecken den Router nicht, sodern machen erst recht mit einem roten blinkenden Pfeil auf ihn aufmerksam.

Gruß
Backsalsh

Snugel · Beitrag von **Snugel** » 29 Mai 2020, 09:16

@backslash
Auf deine Nachricht hin habe ich versucht, dass zu kontrollieren. Folgendes habe ich dabei gefunden:
unter Firewall > Allgemein Ping Blockieren ist der Wert auf Aus.
Unter Firewall > Allgemein war der Stealth-Modus Aus.

Der Standard-Wert für die halboffenen Verbindungen war tatsächlich 90. Den habe ich nun geändert und auf 100 angehoben.

In einem ersten Test sieht es soweit ganz gut aus. Scheinbar bleibt die Sitzung erhalten und wird nicht gedropt.

Vielen Dank an alle für die Hilfe.

Snugel · Beitrag von **Snugel** » 31 Mai 2020, 10:45

Kann man das Thema schließen oder bleibt der Status hier immer offen oder wird es von einem Moderator geschlossen?

backslash · Beitrag von **backslash** » 02 Jun 2020, 11:23

Hi Snugel,

du kannst den Titel gerne um ein "(erledigt)" ö.Ä. erghänzen, wenn dir danach ist. Der Thread bleibt hier aber bestehen und natürlich auch für alle sichtbar, damit Leute mit ähnlichen Problemen eine Lösung finden können.

Gruß
Backslash

Snugel · Beitrag von **Snugel** » 02 Jun 2020, 21:27

Hi backslash,

backslash hat geschrieben: ↑02 Jun 2020, 11:23 Hi Snugel,

du kannst den Titel gerne um ein "(erledigt)" ö.Ä. erghänzen, wenn dir danach ist. Der Thread bleibt hier aber bestehen und natürlich auch für alle sichtbar, damit Leute mit ähnlichen Problemen eine Lösung finden können.

Weder wollte ich den Thread unsichtbar oder ihn ungeschehen machen. Bin mir zwar nicht sicher, wie Du darauf kommst aber gemeint war, das man in anderen Foren immer blöd angemacht wird, wenn man den Thread nicht schließt.

LANCOM-Forum.de

WebConfig unerreichbar

WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar

Re: WebConfig unerreichbar