Attak DdoS -> "Land" -> WinXP -> Pomocy!

[Ajaks112]

Witam, padłem ofiarą attaku DdoS, używałem wielu programów blokujących porty, najlepszym okazał się chyba Alarmzone... Lecz i tak nic nie pomógł i gościu dalej mnie Ddosuje i pada mi net, a nieraz nawet cały pc się zawiesza.

Tutaj daje loga z AlarmZone ---- IP kończące się na "xx" jest moje.

Kod:

ZoneAlarm Logging Client v11.0.000.057
Windows XP-5.1.2600-Dodatek Service Pack 2-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:54188,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAANOsAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQDE5C0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.55:53,109.199.76.XX:6391,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Sajdtx0wlADUAABj3AAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQAU5S0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.55:53,109.199.76.XX:45470,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Sajdtx0wlADUAALGeAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQCQ5i0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:58831,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAAOXPAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQBN6S0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.55:53,109.199.76.XX:20544,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Sajdtx0wlADUAAFBAAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQCT6S0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:7491,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAAB1DAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQAG6y0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:4727,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAABJ3AAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQAG6y0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:27110,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAAGnmAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQB47C0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.35:53,109.199.76.XX:25175,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/SaiNtx0wlADUAAGJXAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQAXXS0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:29676,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAAHPsAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQD17S0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.55:53,109.199.76.XX:50880,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Sajdtx0wlADUAAMbAAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQBZ7i0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:39814,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAAJuGAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQAh7y0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm
FWIN,2013/02/11,21:42:26 +1:00 GMT,31.210.106.40:53,109.199.76.XX:29125,UDP,http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AR/Saihtx0wlADUAAHHFAAABAAAAAQAAAAEAAAABAAAAooYBADAyMDIVBAIAAQANAQAr7y0AAAAAAAACAAAA//8Q+ZLN116782329981693-1001,,,,Windows+XP-5.1.2600-Dodatek+Service+Pack+2-SP,11.0.000.057,BlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

[Elitegroup]

1. Dlaczego używasz XP z SP2 ?
2. Co do DDoS to nie ma skutecznej ochrony przed tym ponieważ ten atak działa jakby legalnie i jest niezależny od wersji usług.

Wg schematu biznes który uległ takiemu atakowi powinien zrobić:
- Wersję minimalną
- Mirror(s) z innym adres(ami)
- Niezwłocznie powiadomić policję - tylko zorganizowana grupa expertów IT jest w stanie przy pomocy uprawnień policji dotrzeć do źródeł - o ile za komputerem nie siedzi oczywiście Kevin Mitnick : )