ComputerBase Menü
Aktuelles

TCP FIN Scan ausgehend von Router Linksys WRT54GL

N

Netzwerklaie

Newbie
Registriert
Jan. 2014
Beiträge
4
Hallo,

ich habe eine Router WRT54GL, der seit 5 Tagen sporadisch TCP FIN Scans ins Netz ausführt (Aus den LOGs der Easy-Box).
Auf Viren habe ich mein angeschlossenes Notebook geprüft. Keine Viren drauf.

Was kann das bedeuten und wie kriege ich das wieder weg?

01/08/2014 14:18:35 **TCP FIN Scan** 192.168.2.100, 64324->> 176.9.141.15, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 63545->> 2.16.217.81, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 63712->> 89.246.87.131, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 63632->> 2.20.82.116, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 63793->> 188.111.53.56, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 63903->> 54.230.13.62, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 64013->> 2.16.48.251, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 64053->> 54.247.68.245, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:34 **TCP FIN Scan** 192.168.2.100, 63799->> 2.20.76.168, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64238->> 46.20.32.41, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64013->> 2.16.48.251, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63717->> 193.46.63.197, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64053->> 54.247.68.245, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63247->> 54.246.118.61, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63632->> 2.20.82.116, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63457->> 2.20.66.110, 443 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63269->> 54.230.12.191, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63487->> 212.6.168.250, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63821->> 89.246.87.137, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64314->> 199.93.45.126, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63838->> 176.9.103.51, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63903->> 54.230.13.62, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63869->> 78.46.74.45, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63250->> 2.16.218.219, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63712->> 89.246.87.131, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63665->> 62.216.176.8, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63547->> 2.16.217.81, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64312->> 81.26.166.11, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63192->> 81.26.166.184, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63804->> 2.16.216.66, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63453->> 2.16.217.74, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63698->> 46.20.32.78, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64284->> 217.118.169.208, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63499->> 213.252.26.160, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63107->> 213.252.26.162, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64257->> 107.21.251.173, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63799->> 2.20.76.168, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63794->> 188.111.53.56, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64144->> 217.118.170.201, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64202->> 91.215.103.65, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63913->> 217.118.169.137, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 64302->> 192.221.101.254, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63421->> 2.20.79.139, 80 (from PPPoE1 Outbound)
01/08/2014 14:18:32 **TCP FIN Scan** 192.168.2.100, 63702->> 176.9.44.175, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61028->> 2.16.48.251, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61514->> 2.20.82.116, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 60986->> 188.111.53.51, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61341->> 2.20.84.136, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61068->> 2.16.217.146, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61150->> 2.20.66.110, 443 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61578->> 2.20.81.224, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61401->> 93.184.220.20, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61295->> 95.174.81.209, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61221->> 80.190.166.112, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61126->> 68.232.35.139, 443 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61006->> 2.16.217.128, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61255->> 188.111.53.42, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61451->> 5.159.57.194, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61304->> 173.194.70.155, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:37 **TCP FIN Scan** 192.168.2.100, 61444->> 80.85.194.242, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61255->> 188.111.53.42, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61418->> 82.165.37.101, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61221->> 80.190.166.112, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61444->> 80.85.194.242, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61456->> 194.245.149.18, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61642->> 192.221.103.254, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61048->> 195.50.179.130, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61150->> 2.20.66.110, 443 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 60986->> 188.111.53.51, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61001->> 91.215.100.37, 443 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61028->> 2.16.48.251, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61192->> 107.21.205.88, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61273->> 212.77.179.94, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61068->> 2.16.217.146, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61327->> 207.123.56.253, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61345->> 81.26.166.184, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61363->> 93.184.220.20, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61368->> 2.16.216.66, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61040->> 91.215.101.36, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61249->> 93.190.69.85, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61341->> 2.20.84.136, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61578->> 2.20.81.224, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61304->> 173.194.70.155, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61486->> 5.159.57.195, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61126->> 68.232.35.139, 443 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61451->> 5.159.57.194, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61006->> 2.16.217.128, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61514->> 2.20.82.116, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61295->> 95.174.81.209, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61352->> 81.26.166.11, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61167->> 199.16.156.198, 443 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61255->> 188.111.53.42, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61445->> 62.96.140.143, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61544->> 2.16.217.139, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61208->> 79.125.122.225, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61143->> 2.16.217.57, 80 (from PPPoE1 Outbound)
01/08/2014 14:10:35 **TCP FIN Scan** 192.168.2.100, 61123->> 2.20.79.139, 80 (from PPPoE1 Outbound)
 
hast du irgendein news-rrs aboniert?
malwarebytes durch?
 
Nein, ich habe nichts der gleichen installiert.

habe Windows ganz nackt aufgesetzt gerade. Dann Kaspersky drauf; Am Router neues WLAN Passwort vergeben. Für Router neues Admin Passwort vergeben. Rechner runtergefahren und gewartet. Keine Andere Geräte sind an (Kein Handy; kein sonstiger Rechner nichts)

Dann logge ich mich ein und sehe in der Easybox das (192.168.2.100 ist die IP die der LinksysRouter im Verbund mit der Easybox hat):

01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50685->> 194.245.149.18, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50717->> 91.215.103.65, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50471->> 91.215.100.37, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50856->> 8.27.135.254, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50689->> 80.85.194.40, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50674->> 80.85.194.208, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50661->> 82.165.37.101, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50797->> 144.76.67.119, 80 (from PPPoE1 Outbound)
01/08/2014 19:34:47 **TCP FIN Scan** 192.168.2.100, 50901->> 91.223.129.139, 80 (from PPPoE1 Outbound)
 
Ja, ich habe es noch nie aktualisiert. Hatte bisher auch noch nie dies TCP FIN Scans

Firmware-Version: v4.30.7, Jun. 20, 2006
 
Jetzt habe ich nochmals Malwarebytes drüber laufen lassen.

Maleware_Befall_08_01_2014_Scan.png

Und ein PUP.Optinal.Somoto
Ergänzung ()

Vielen Dank für Eure Antworten!
 
Du musst dich einloggen oder registrieren, um hier zu antworten.

Ähnliche Themen

L
Wie sind diese Router-Logs zu interpretieren? Smurf, TCP FIN Scan, UDP Loop
2
Antworten
20
Aufrufe
4.759
LastGen
L
P
Was ist "TCP FIN Scan"
Antworten
3
Aufrufe
28.390
Labtec
L
Zurück
Oben

Willkommen auf ComputerBase!

Mit Werbung weiterlesen

Besuche ComputerBase wie gewohnt mit Werbung und Tracking. Die Zustimmung ist jederzeit widerrufbar.

Details im Privacy Center und in der Liste unserer Partner. Ein Widerruf ist möglich in der Datenschutzerklärung.

… oder ComputerBase Pro bestellen

Nutze ComputerBase ohne Werbebanner, Video-Ads und Werbetracking schon für 4 €/Monat oder 36 €/Jahr.

Mehr zu ComputerBase Pro

Bereits Pro-Nutzer? Hier anmelden.

Tracking: Wir und unsere 158 Partner verarbeiten personenbezogene Daten, indem wir mit auf Ihrem Gerät gespeicherten Informationen (z. B. eindeutige Kennungen in Cookies) ein Nutzungsprofil erstellen, um z. B. Anzeigen zu personalisieren. Verarbeitungszwecke: Genaue Standortdaten und Abfrage von Geräteeigenschaften zur Identifikation, Informationen auf einem Gerät speichern und/oder abrufen, Personalisierte Anzeigen und Inhalte, Anzeigen- und Inhaltsmessungen, Erkenntnisse über Zielgruppen und Produktentwicklungen.

Impressum Kontakt Datenschutz