OVH Community, votre nouvel espace communautaire.

IDS scan parser ?


c0by
05/01/2012, 15h55
Ok je vais voir pour le désactiver car de fait mes problèmes de connexion sont noyés dans ses messages.

LAN31
05/01/2012, 11h46
IDS : Intrusion Detection System

Ce sont des notifications de sécurité de scan de ports, ca doit se désactiver (si ca te gène) en décochant une ligne du genre "Attaques DOS et Balayage de ports" dans les options des logs.
Mais si tu as un probleme de connexion ca ne vient pas de là.

c0by
04/01/2012, 23h07
Aujourd'hui ma conection à tenu depuis 15h mais avec un débit bien plus faible à priori. Mais dans la log j'ai un certain nombre de ligne IDS scan parser. Quelqu'un peu m'éclairer ?

Error Jan 4 22:58:36 FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 50.23.212.96 Dst ip: 109.190.21.59 Type: Destination Unreachable Code: Port Unreacheable

Warning Jan 4 20:02:09 IDS scan parser : tcp port scan: 68.233.5.121 scanned at least 10 ports at 109.190.21.59. (1 of 1) : 68.233.5.121 109.190.21.59 0060 TCP 80->64293 [S.A...] seq 936344691 ack 1086755261 win 5792

Warning Jan 4 18:46:49 IDS scan parser : tcp port scan: 213.251.158.178 scanned at least 10 ports at 109.190.21.59. (1 of 1) : 213.251.158.178 109.190.21.59 0064 TCP 80->61487 [S.A...] seq 2085556221 ack 820612134 win 65535

Warning Jan 4 16:55:19 IDS scan parser : tcp port scan: 94.127.75.190 scanned at least 10 ports at 109.190.21.59. (1 of 1) : 94.127.75.190 109.190.21.59 0040 TCP 80->59953 [...R..] seq 2407490060 win 0

Warning Jan 4 16:45:02 IDS scan parser : tcp port scan: 173.194.34.49 scanned at least 10 ports at 109.190.21.59. (1 of 12) : 173.194.34.49 109.190.21.59 0060 TCP 80->62933 [S.A...] seq 1614877607 ack 3366267743 win 5672

Error Jan 4 16:40:44 FIREWALL replay check (1 of 1): Protocol: ICMP Src ip: 192.168.1.70 Dst ip: 198.107.156.155 Type: Destination Unreachable Code: Port Unreacheable

Info Jan 4 16:18:07 FIREWALL event (1 of 8): deleted rules

Info Jan 4 16:17:42 FIREWALL event (1 of 8): created rules

Error Jan 4 15:51:52 IDS rate parser : tcp rate limiting (1 of 1) : 209.85.229.191 109.190.21.59 0060 TCP 80->49654 [S.A...] seq 6387566 ack 429675499 win 5672

Warning Jan 4 15:51:49 IDS scan parser : tcp port scan: 173.194.34.33 scanned at least 10 ports at 109.190.21.59. (1 of 1) : 173.194.34.33 109.190.21.59 0060 TCP 80->58681 [S.A...] seq 2380157623 ack 3876256287 win 5672

Info Jan 4 15:00:41 FIREWALL event (1 of 4): modified rules

Info Jan 4 15:00:41 FIREWALL event (1 of 8): created rules

Info Jan 4 15:00:41 FIREWALL event (1 of 8): deleted rules

Warning Jan 4 15:00:40 PPP link up (Internet) [109.190.21.59]

Info Jan 4 15:00:40 PPP CHAP Chap receive success : authentication ok

Info Jan 4 15:00:39 PPP CHAP Receive challenge (rhost = lns-1-par-se1200)

Info Jan 4 15:00:36 PPP CHAP Receive challenge (rhost = SE800-VAL-1)

Warning Jan 4 15:00:25 PPP link down (Internet) [109.190.21.59]

Info Jan 4 15:00:13 xDSL linestate up (ITU-T G.992.1; downstream: 623 kbit/s, upstream: 761 kbit/s; output Power Down: 13.4 dBm, Up: 12.3 dBm; line Attenuation Down: 61.0 dB, Up: 31.5 dB; snr Margin Down: 10.6 dB, Up: 11.0 dB)

Info Jan 4 14:59:58 xDSL linestate down

Info Jan 4 14:59:44 xDSL linestate down

Info Jan 4 14:31:53 xDSL linestate up (ITU-T G.992.1; downstream: 1661 kbit/s, upstream: 726 kbit/s; output Power Down: 15.4 dBm, Up: 12.3 dBm; line Attenuation Down: 54.0 dB, Up: 31.5 dB; snr Margin Down: 10.5 dB, Up: 12.0 dB)