Router-Prot richtig "deuten"

[scanni39]

Moin Leutz,
ich habe mir mal von meinem Router ein Protokoll mit folgendem Inhalt geholt:

Thu, 2006-02-09 10:09:21 - LCP is allowed to come up.
Thu, 2006-02-09 10:09:24 - PAP authentication success
Thu, 2006-02-09 10:15:52 - UDP Packet - Source:61.180.228.244,48317 Destination:213.54.82.211,1026 - [DOS]
Thu, 2006-02-09 10:15:52 - UDP Packet - Source:61.180.228.244,48317 Destination:213.54.82.211,1027 - [DOS]
Thu, 2006-02-09 10:15:52 - UDP Packet - Source:61.180.228.244,48317 Destination:213.54.82.211,1026 - [DOS]
Thu, 2006-02-09 10:15:52 - UDP Packet - Source:61.180.228.244,48317 Destination:213.54.82.211,1027 - [DOS]
Thu, 2006-02-09 10:15:52 - UDP Packet - Source:61.180.228.244,48317 Destination:213.54.82.211,1026 - [DOS]
Thu, 2006-02-09 10:15:52 - UDP Packet - Source:61.180.228.244,48317 Destination:213.54.82.211,1027 - [DOS]
Thu, 2006-02-09 10:16:44 - UDP Packet - Source:61.180.228.243,33431 Destination:213.54.82.211,1027 - [DOS]
Thu, 2006-02-09 10:55:21 - LCP down.
Thu, 2006-02-09 10:55:25 - Initialize LCP.
Thu, 2006-02-09 10:57:20 - LCP is allowed to come up.
Thu, 2006-02-09 10:57:22 - PAP authentication success
Thu, 2006-02-09 11:03:29 - LCP down.
Thu, 2006-02-09 11:03:32 - Initialize LCP.
Thu, 2006-02-09 11:04:03 - LCP is allowed to come up.
Thu, 2006-02-09 11:04:05 - PAP authentication success
Thu, 2006-02-09 11:04:50 - UDP Packet - Source:61.180.228.243,48973 Destination:213.54.85.98,1026 - [DOS]
Thu, 2006-02-09 11:04:50 - UDP Packet - Source:61.180.228.243,48973 Destination:213.54.85.98,1027 - [DOS]
Thu, 2006-02-09 11:16:15 - LCP down.
Thu, 2006-02-09 11:16:18 - Initialize LCP.
Thu, 2006-02-09 11:24:05 - LCP is allowed to come up.
Thu, 2006-02-09 11:24:08 - PAP authentication success
Thu, 2006-02-09 11:34:11 - LCP down.
Thu, 2006-02-09 11:34:15 - Initialize LCP.
Thu, 2006-02-09 17:25:01 - LCP is allowed to come up.
Thu, 2006-02-09 17:25:04 - PAP authentication success
Thu, 2006-02-09 17:45:06 - LCP down.
Thu, 2006-02-09 17:45:09 - Initialize LCP.
Thu, 2006-02-09 18:40:49 - LCP is allowed to come up.
Thu, 2006-02-09 18:40:52 - PAP authentication success
Thu, 2006-02-09 18:45:53 - LCP down.
Thu, 2006-02-09 18:45:56 - Initialize LCP.
Thu, 2006-02-09 18:50:44 - LCP is allowed to come up.
Thu, 2006-02-09 18:50:47 - PAP authentication success
Thu, 2006-02-09 18:58:53 - LCP down.
Thu, 2006-02-09 18:58:56 - Initialize LCP.
Thu, 2006-02-09 19:02:44 - LCP is allowed to come up.
Thu, 2006-02-09 19:02:44 - PAP authentication success
Thu, 2006-02-09 19:23:10 - LCP down.
Thu, 2006-02-09 19:23:13 - Initialize LCP.
Thu, 2006-02-09 19:23:24 - LCP is allowed to come up.
Thu, 2006-02-09 19:23:27 - PAP authentication success
Thu, 2006-02-09 19:33:14 - UDP Packet - Source:61.180.228.244,56272 Destination:213.54.73.240,1027 - [DOS]
Thu, 2006-02-09 19:33:14 - UDP Packet - Source:61.180.228.244,56272 Destination:213.54.73.240,1026 - [DOS]
Thu, 2006-02-09 19:33:14 - UDP Packet - Source:61.180.228.244,56272 Destination:213.54.73.240,1027 - [DOS]
Thu, 2006-02-09 19:33:14 - UDP Packet - Source:61.180.228.244,56272 Destination:213.54.73.240,1026 - [DOS]
Thu, 2006-02-09 19:33:14 - UDP Packet - Source:61.180.228.244,56272 Destination:213.54.73.240,1027 - [DOS]
Thu, 2006-02-09 19:48:14 - LCP down.
Thu, 2006-02-09 19:48:18 - Initialize LCP.
Thu, 2006-02-09 20:10:17 - LCP is allowed to come up.
Thu, 2006-02-09 20:10:20 - PAP authentication success
Thu, 2006-02-09 22:13:56 - LCP down.
Thu, 2006-02-09 22:14:00 - Initialize LCP.
Thu, 2006-02-09 22:16:50 - LCP is allowed to come up.
Thu, 2006-02-09 22:16:53 - PAP authentication success
Thu, 2006-02-09 22:22:44 - LCP down.
Thu, 2006-02-09 22:22:48 - Initialize LCP.
Thu, 2006-02-09 22:24:43 - LCP is allowed to come up.
Thu, 2006-02-09 22:24:46 - PAP authentication success
Thu, 2006-02-09 22:39:56 - LCP down.
Thu, 2006-02-09 22:39:59 - Initialize LCP.
Thu, 2006-02-09 22:41:23 - LCP is allowed to come up.
Thu, 2006-02-09 22:41:26 - PAP authentication success
Thu, 2006-02-09 23:08:46 - UDP Packet - Source:221.203.145.31,50344 Destination:213.54.89.74,1029 - [DOS]
Thu, 2006-02-09 23:08:49 - UDP Packet - Source:84.83.9.80,10016 Destination:213.54.89.74,6346 - [DOS]
Thu, 2006-02-09 23:16:22 - UDP Packet - Source:61.180.228.243,32881 Destination:213.54.89.74,1026 - [DOS]
Thu, 2006-02-09 23:21:56 - LCP down.
Thu, 2006-02-09 23:21:59 - Initialize LCP.
Fri, 2006-02-10 12:15:48 - LCP is allowed to come up.
Fri, 2006-02-10 12:15:51 - PAP authentication success
Fri, 2006-02-10 12:23:10 - LCP down.
Fri, 2006-02-10 12:23:14 - Initialize LCP.
Fri, 2006-02-10 17:18:12 - LCP is allowed to come up.
Fri, 2006-02-10 17:18:15 - PAP authentication success
Fri, 2006-02-10 19:15:15 - UDP Packet - Source:204.16.208.67,42753 Destination:213.54.78.123,1026 - [DOS]
Fri, 2006-02-10 19:15:15 - UDP Packet - Source:204.16.208.67,42754 Destination:213.54.78.123,1027 - [DOS]
Fri, 2006-02-10 19:18:34 - TCP Packet - Source:213.54.66.214,2926 Destination:213.54.78.123,445 - [DOS]
Fri, 2006-02-10 20:05:38 - UDP Packet - Source:221.203.145.29,32878 Destination:213.54.78.123,2 - [DOS]
Fri, 2006-02-10 20:16:52 - LCP down.
Fri, 2006-02-10 20:16:55 - Initialize LCP.
Fri, 2006-02-10 20:21:37 - LCP is allowed to come up.
Fri, 2006-02-10 20:21:40 - PAP authentication success
Fri, 2006-02-10 21:17:19 - TCP Packet - Source:213.54.57.103,4127 Destination:213.54.64.129,445 - [DOS]
Fri, 2006-02-10 21:18:52 - UDP Packet - Source:218.27.103.206,34755 Destination:213.54.64.129,1032 - [DOS]
Fri, 2006-02-10 21:18:52 - UDP Packet - Source:218.27.103.206,34755 Destination:213.54.64.129,1033 - [DOS]
Fri, 2006-02-10 21:41:18 - UDP Packet - Source:60.11.125.36,55408 Destination:213.54.64.129,4297 - [DOS]
Fri, 2006-02-10 21:41:18 - UDP Packet - Source:60.11.125.36,55408 Destination:213.54.64.129,1032 - [DOS]
Fri, 2006-02-10 21:41:18 - UDP Packet - Source:60.11.125.36,55408 Destination:213.54.64.129,1033 - [DOS]
Fri, 2006-02-10 22:33:45 - UDP Packet - Source:219.146.161.10,47414 Destination:213.54.64.129,1033 - [DOS]
Fri, 2006-02-10 22:59:32 - UDP Packet - Source:221.203.145.29,54597 Destination:213.54.64.129,1033 - [DOS]
Fri, 2006-02-10 22:59:32 - UDP Packet - Source:221.203.145.29,54597 Destination:213.54.64.129,4073 - [DOS]
Fri, 2006-02-10 22:59:32 - UDP Packet - Source:221.203.145.29,54598 Destination:213.54.64.129,2 - [DOS]
Fri, 2006-02-10 23:42:49 - LCP down.
Fri, 2006-02-10 23:42:53 - Initialize LCP.
Fri, 2006-02-10 23:43:20 - LCP is allowed to come up.
Fri, 2006-02-10 23:43:23 - PAP authentication success
Fri, 2006-02-10 23:43:57 - UDP Packet - Source:218.27.103.206,59049 Destination:213.54.83.47,4297 - [DOS]
Fri, 2006-02-10 23:48:25 - LCP down.
Fri, 2006-02-10 23:48:28 - Initialize LCP.
Fri, 2006-02-10 23:49:49 - LCP is allowed to come up.
Fri, 2006-02-10 23:49:52 - PAP authentication success
Fri, 2006-02-10 23:55:05 - LCP down.
Fri, 2006-02-10 23:55:08 - Initialize LCP.
Sat, 2006-02-11 09:02:03 - LCP is allowed to come up.
Sat, 2006-02-11 09:02:06 - PAP authentication success
Sat, 2006-02-11 09:21:54 - UDP Packet - Source:218.27.103.206,42173 Destination:213.54.78.195,1033 - [DOS]
Sat, 2006-02-11 10:04:22 - UDP Packet - Source:60.11.125.37,43413 Destination:213.54.78.195,1026 - [DOS]
Sat, 2006-02-11 10:04:22 - UDP Packet - Source:60.11.125.37,43413 Destination:213.54.78.195,1027 - [DOS]
Sat, 2006-02-11 10:04:22 - UDP Packet - Source:60.11.125.37,43413 Destination:213.54.78.195,1031 - [DOS]
Sat, 2006-02-11 10:04:22 - UDP Packet - Source:60.11.125.37,43413 Destination:213.54.78.195,1030 - [DOS]
Sat, 2006-02-11 10:04:22 - UDP Packet - Source:60.11.125.37,43413 Destination:213.54.78.195,1033 - [DOS]
Sat, 2006-02-11 10:22:03 - LCP down.
Sat, 2006-02-11 10:22:06 - Initialize LCP.
Sat, 2006-02-11 10:44:28 - LCP is allowed to come up.
Sat, 2006-02-11 10:44:31 - PAP authentication success
Sat, 2006-02-11 11:19:56 - UDP Packet - Source:60.11.125.36,49264 Destination:213.54.64.224,1030 - [DOS]
Sat, 2006-02-11 11:19:56 - UDP Packet - Source:60.11.125.36,49264 Destination:213.54.64.224,1031 - [DOS]
Sat, 2006-02-11 11:19:56 - UDP Packet - Source:60.11.125.36,49264 Destination:213.54.64.224,4297 - [DOS]
Sat, 2006-02-11 11:19:56 - UDP Packet - Source:60.11.125.36,49264 Destination:213.54.64.224,1032 - [DOS]
Sat, 2006-02-11 11:19:56 - UDP Packet - Source:60.11.125.36,49264 Destination:213.54.64.224,1033 - [DOS]
Sat, 2006-02-11 11:45:55 - UDP Packet - Source:218.27.103.206,37469 Destination:213.54.64.224,1027 - [DOS]
Sat, 2006-02-11 12:23:42 - LCP down.
Sat, 2006-02-11 12:23:46 - Initialize LCP.
Sat, 2006-02-11 12:27:11 - LCP is allowed to come up.
Sat, 2006-02-11 12:27:14 - PAP authentication success
Sat, 2006-02-11 12:33:24 - LCP down.
Sat, 2006-02-11 12:33:27 - Initialize LCP.
Sat, 2006-02-11 12:36:39 - LCP is allowed to come up.
Sat, 2006-02-11 12:36:42 - PAP authentication success
Sat, 2006-02-11 12:36:59 - Send out NTP request to time-g.netgear.com
Sat, 2006-02-11 12:38:01 - Send out NTP request to time-h.netgear.com
Sat, 2006-02-11 12:39:36 - Send out NTP request to time-g.netgear.com
Sat, 2006-02-11 12:42:14 - Send out NTP request to time-h.netgear.com
Sat, 2006-02-11 12:43:32 - LCP down.
Sat, 2006-02-11 12:43:36 - Initialize LCP.
Sat, 2006-02-11 12:47:00 - LCP is allowed to come up.
Sat, 2006-02-11 12:47:03 - PAP authentication success
Sat, 2006-02-11 12:47:20 - Send out NTP request to time-g.netgear.com
Sat, 2006-02-11 12:53:29 - LCP down.
Sat, 2006-02-11 12:53:34 - Initialize LCP.
Sat, 2006-02-11 12:56:22 - LCP is allowed to come up.
Sat, 2006-02-11 12:56:25 - PAP authentication success
Sat, 2006-02-11 12:56:42 - Send out NTP request to time-h.netgear.com
Sat, 2006-02-11 13:03:27 - LCP down.
Sat, 2006-02-11 13:03:31 - Initialize LCP.
Sat, 2006-02-11 13:08:25 - LCP is allowed to come up.
Sat, 2006-02-11 13:08:28 - PAP authentication success
Sat, 2006-02-11 13:13:28 - LCP down.
Sat, 2006-02-11 13:13:33 - Initialize LCP.
Sat, 2006-02-11 13:14:17 - LCP is allowed to come up.
Sat, 2006-02-11 13:14:17 - PAP authentication success
Sat, 2006-02-11 13:14:36 - Send out NTP request to time-g.netgear.com
Sat, 2006-02-11 13:23:26 - LCP down.
Sat, 2006-02-11 13:23:29 - Initialize LCP.
Sat, 2006-02-11 13:49:15 - LCP is allowed to come up.
Sat, 2006-02-11 13:49:17 - PAP authentication success
Sat, 2006-02-11 13:49:34 - UDP Packet - Source:149.69.209.5,0 Destination:213.54.89.62,1026 - [DOS]
Sat, 2006-02-11 13:49:35 - Send out NTP request to time-h.netgear.com
Sat, 2006-02-11 13:54:18 - LCP down.
Sat, 2006-02-11 13:54:21 - Initialize LCP.
Sat, 2006-02-11 14:58:21 - LCP is allowed to come up.
Sat, 2006-02-11 14:58:22 - PAP authentication success
Sat, 2006-02-11 14:58:31 - Send out NTP request to time-g.netgear.com
Sat, 2006-02-11 15:03:22 - LCP down.
Sat, 2006-02-11 15:03:26 - Initialize LCP.
Sat, 2006-02-11 17:15:33 - LCP is allowed to come up.
Sat, 2006-02-11 17:15:37 - PAP authentication success
Sat, 2006-02-11 17:15:53 - Send out NTP request to time-h.netgear.com
Sat, 2006-02-11 17:20:37 - LCP down.
Sat, 2006-02-11 17:20:41 - Initialize LCP.
Sat, 2006-02-11 18:15:49 - LCP is allowed to come up.
Sat, 2006-02-11 18:15:52 - PAP authentication success
Sat, 2006-02-11 18:46:47 - TCP Packet - Source:213.54.31.135,3177 Destination:213.54.81.116,135 - [DOS]
Sat, 2006-02-11 19:00:19 - UDP Packet - Source:217.10.79.3,3479 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:00:20 - UDP Packet - Source:217.10.79.2,3479 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:00:27 - UDP Packet - Source:217.10.79.3,3479 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:00:31 - UDP Packet - Source:217.10.79.2,3479 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:01:12 - UDP Packet - Source:218.27.103.206,52161 Destination:213.54.81.116,1032 - [DOS]
Sat, 2006-02-11 19:02:36 - UDP Packet - Source:217.10.79.3,3479 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:02:39 - UDP Packet - Source:217.10.79.2,3479 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:15:49 - UDP Packet - Source:217.10.79.2,3478 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 19:15:51 - UDP Packet - Source:217.10.79.2,3478 Destination:213.54.81.116,6019 - [DOS]
Sat, 2006-02-11 21:26:52 - UDP Packet - Source:218.27.103.206,47948 Destination:213.54.81.116,1029 - [DOS]
Sat, 2006-02-11 21:26:54 - UDP Packet - Source:217.164.209.142,6346 Destination:213.54.81.116,6348 - [DOS]
Sat, 2006-02-11 21:30:25 - UDP Packet - Source:19.143.194.177,50244 Destination:213.54.81.116,1029 - [DOS]
Sat, 2006-02-11 21:49:27 - Send out NTP request to time-g.netgear.com
Sat, 2006-02-11 22:23:27 - UDP Packet - Source:221.203.145.29,49967 Destination:213.54.81.116,2 - [DOS]
Sat, 2006-02-11 22:56:42 - UDP Packet - Source:222.174.34.149,60563 Destination:213.54.81.116,4289 - [DOS]
Sat, 2006-02-11 22:56:42 - UDP Packet - Source:222.174.34.149,60563 Destination:213.54.81.116,4297 - [DOS]
Sat, 2006-02-11 22:56:42 - UDP Packet - Source:222.174.34.149,60563 Destination:213.54.81.116,4289 - [DOS]
Sat, 2006-02-11 23:13:32 - UDP Packet - Source:202.99.172.160,36966 Destination:213.54.81.116,1030 - [DOS]
Sat, 2006-02-11 23:13:32 - UDP Packet - Source:202.99.172.160,36966 Destination:213.54.81.116,1031 - [DOS]
Sat, 2006-02-11 23:13:32 - UDP Packet - Source:202.99.172.160,36966 Destination:213.54.81.116,4369 - [DOS]
Sat, 2006-02-11 23:13:32 - UDP Packet - Source:202.99.172.160,36966 Destination:213.54.81.116,1032 - [DOS]
Sat, 2006-02-11 23:13:32 - UDP Packet - Source:202.99.172.160,36966 Destination:213.54.81.116,1033 - [DOS]
Sat, 2006-02-11 23:22:29 - LCP down.
Sat, 2006-02-11 23:22:33 - Initialize LCP.
Sun, 2006-02-12 06:05:37 - LCP is allowed to come up.
Sun, 2006-02-12 06:05:37 - PAP authentication success
Sun, 2006-02-12 06:21:46 - LCP down.
Sun, 2006-02-12 06:21:49 - Initialize LCP.
Sun, 2006-02-12 06:56:06 - LCP is allowed to come up.
Sun, 2006-02-12 06:56:09 - PAP authentication success
Sun, 2006-02-12 06:56:26 - Send out NTP request to time-h.netgear.com
Sun, 2006-02-12 07:01:09 - LCP down.
Sun, 2006-02-12 07:01:12 - Initialize LCP.
Sun, 2006-02-12 09:56:07 - LCP is allowed to come up.
Sun, 2006-02-12 09:56:08 - PAP authentication success
Sun, 2006-02-12 09:56:45 - UDP Packet - Source:217.10.79.3,3479 Destination:213.54.69.15,6019 - [DOS]
Sun, 2006-02-12 09:56:47 - UDP Packet - Source:217.10.79.2,3479 Destination:213.54.69.15,6019 - [DOS]
Sun, 2006-02-12 10:09:58 - UDP Packet - Source:217.10.79.2,3478 Destination:213.54.69.15,6019 - [DOS]
Sun, 2006-02-12 10:15:32 - UDP Packet - Source:57.62.62.66,13364 Destination:213.54.69.15,1028 - [DOS]
Sun, 2006-02-12 10:15:32 - UDP Packet - Source:57.62.62.66,13364 Destination:213.54.69.15,1030 - [DOS]
Sun, 2006-02-12 10:15:32 - UDP Packet - Source:57.62.62.66,13364 Destination:213.54.69.15,1032 - [DOS]
Sun, 2006-02-12 10:16:17 - UDP Packet - Source:221.203.145.29,48936 Destination:213.54.69.15,1031 - [DOS]
Sun, 2006-02-12 10:16:17 - UDP Packet - Source:221.203.145.29,48937 Destination:213.54.69.15,4081 - [DOS]
Sun, 2006-02-12 10:16:17 - UDP Packet - Source:221.203.145.29,48939 Destination:213.54.69.15,4073 - [DOS]
Sun, 2006-02-12 10:16:17 - UDP Packet - Source:221.203.145.29,48940 Destination:213.54.69.15,2 - [DOS]
Sun, 2006-02-12 10:28:01 - UDP Packet - Source:61.180.228.243,36326 Destination:213.54.69.15,1026 - [DOS]
Sun, 2006-02-12 11:15:04 - UDP Packet - Source:61.180.228.243,51900 Destination:213.54.69.15,1026 - [DOS]
Sun, 2006-02-12 11:15:04 - UDP Packet - Source:61.180.228.243,51900 Destination:213.54.69.15,1027 - [DOS]
Sun, 2006-02-12 11:16:48 - UDP Packet - Source:61.180.228.244,58304 Destination:213.54.69.15,1026 - [DOS]
Sun, 2006-02-12 11:16:48 - UDP Packet - Source:61.180.228.244,58304 Destination:213.54.69.15,1027 - [DOS]
Sun, 2006-02-12 11:16:48 - UDP Packet - Source:61.180.228.244,58304 Destination:213.54.69.15,1026 - [DOS]
Sun, 2006-02-12 11:16:48 - UDP Packet - Source:61.180.228.244,58304 Destination:213.54.69.15,1027 - [DOS]
Sun, 2006-02-12 11:16:48 - UDP Packet - Source:61.180.228.244,58304 Destination:213.54.69.15,1026 - [DOS]
Sun, 2006-02-12 11:17:16 - Administrator login successful - IP:192.168.0.2

Nun hab ich das Prob, daß ich deren Inhalt nicht so richtig deuten kann, da ich da nicht soooo bewandert bin.

Kann mir da mal jemand einen klitzekleinen Exkurs geben, was ich da jetzt ganz konkret rauslesen kann aus dem Protokoll?

Thx im Voraus.

Gruß
scani

 

[Black Impact]

...man sieht,welche packete "wann/von wo/wohin" gehen.

 

[Zipfelklatscher]

> UDP Packet - Source:61.180.228.244,58304 Destination:213.54.69.15,1026

Das bedeutet, das Datenpaket (Format UDP) kommt von der Quell-IP 61.180.228.244 (dort von UDP-Port 58304), Ziel-IP ist die 213.54.69.15 (deine aktuelle IP), dort wird es auf den UDP-Port 1026 geleitet.


> PAP authentication success

Der Router hat sich erfolgreich beim Internetprovider per PAP (Password Authentication Protocol) angemeldet

Die Sachen mit LCP deuten auf einen Verbindungsaufbau per PPPoE-Protokoll hin. LCP bedeutet Link Control Protocol.

 

[scanni39]

Thx, damit komme ich schon mal ein Stückchen weiter.

Eins aber noch: Was bedeutet jetzt noch der [DOS]-Eintrag am Ende der UDP-Packet-Zeilen?
Hat denn das was mit den DOS-Attacken zu tun?

Gruß
scanni

 

[PCB]

Hallo, dein Router hat [DOS] angehängt, weil er dachte, das dies ein sog. Deny-of-Service Angriff wäre.
Das ist ein Angriff von sehr vielen Rechnern (->Bot-Netze), die alle sinnlose Anfragen an 1 Server stellen. Irgendwann ist das Limit erreicht, dann werden Anfragen an seinen eigentlichen Dienst (z.B. Webseite) verweigert, deshalb Deny of Service.
Bei nur ner Handvoll Anfragen kann man da nicht wirklich von sprechen, dein Router lag also falsch!
Aber den 1.Block vom 9.2 (mit der 61.180.xx) hab Ich mir mal näher angesehen und ein bisschen im Netz gestöbert:

Die Anfragen kamen aus China, und zwar genauer aus einem Internet-Cafe in Harbin (siehe Screenshot). Sie gingen alle auf Port 1026 & 1027, es war also wahrsch. ein Netzwerkscan nach offenen PCs, die direkt im Netz stehen. Diese beiden Ports werden von Windows zur Kommunikation und zur Suche nach DCOM-Diensten in Netzwerken verwendet und sind deswegen auch vom Internet erreichbar, wenn der PC direkt daran hängt! MS könnte das Problem, welches schon jahrelang besteht, einfach lösen, aber man sieht wohl keinen Anlaß dazu.

Es war also sehr wohl ein Angriff, aber auf Windows-Schwachstellen! Kein DoS-Angriff, den könnte dein Router auch nicht verhindern, wenn er von außen zugemüllt wird. Deswegen ist diese Option in den Einstellungen dagegen auch sinnlos!

Die IP in China ist fest für die Cafes vergeben, wahrsch. hat dort ein "Begabter" mal seine 1. Gehversuche im Netz gemacht, obwohl es dort auch sehr gute "Experten" gibt, wer weiß...

Dein Router hätte diese Anfragen aber auch so geblockt, da von deiner Seite keine offene Verbindung bestanden und weil es keine entsprechenden Weiterleitungsregeln in dein lokales Netz gab.
Du kannst also die DOS-Option im Router deaktivieren, es ist dank NAT genauso sicher, aber du wirst nicht mehr von diesen Einträgen genervt!

PCB

Ach ja, der Screenie:

 

[scanni39]

Special Thx für Deine ausführlichen Erklärungen.

Damit kann ich jetzt schon etwas mehr anfangen.

Schönen Sonntag!

Gruß
scanni