xDSL.at

von **PGottfried** » Do 07 Sep, 2006 08:03

Hallo!

Ich habe bis vor kurzem einen AON_ISDN-Complete Anschluß gehabt mit 3Com Router und eine Trafficvolumen von ca. 600 MB pro Monat erreicht. Nun bin ich wegen höherer Geschwindigkeit zu Inode DSL Business silber 384/128 1GB gewechselt und hab mir einen Netgear ProSafe VPN FW FVS 338 zugelegt.
Seit dem Wechsel habe ich einen "enormen" Traffic obwohl ich an meinem sonstigen Netz nichts geändert habe; etwa 100 bis 150 MB sind es nun pro Tag! Mein neuer Router zählt den Traffic auch mit und diese Werte stimmen mit denen von der Inode-Seite ziemlich überein.
Gestern Nacht habe ich alle PCs bis auf den Server (192.168.0.25) heruntergefahren, ein 10MB Trafficlimit im Router eingestellt und alle Logs aktiviert. Die 10MB waren bald verbraucht und im Log kann ich nichts ungewöhnliches feststellen, außer dass die FW viele Anfragen von Außen blockt - macht das den Traffic aus?

Bin für jeden Hinweis dankbar!
Gottfried

time="2006-09-06 21:52:25" proto=6- tcp packet - Source:=192.168.0.3 - Destination:=192.168.0.100 - [Service access request successful Src 1066 Dst 80 from LAN ]
time="2006-09-06 21:52:55" proto=17- udp packet - Source:=193.47.186.39 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 30302 Dst 1026 from WAN ]
time="2006-09-06 21:52:55" proto=17- udp packet - Source:=193.47.186.39 - Destination:=213.229.9.255 - [Destination address broadcast Src 30308 Dst 1026 from WAN ]
time="2006-09-06 21:52:55" proto=17- udp packet - Source:=218.10.137.139 - Destination:=213.229.9.255 - [Destination address broadcast Src 57537 Dst 1027 from WAN ]
time="2006-09-06 21:59:59" proto=17- udp packet - Source:=221.208.208.212 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 41472 Dst 1027 from WAN ]
time="2006-09-06 21:59:59" proto=17- udp packet - Source:=202.97.238.132 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 59775 Dst 1026 from WAN ]
time="2006-09-06 22:07:14" proto=6- tcp packet - Source:=24.160.99.237 - Destination:=213.229.9.252 - [Invalid TCP packet received before 3-way Handshake is complete Src 24485 Dst 25 from WAN ]
time="2006-09-06 22:08:08" proto=17- udp packet - Source:=213.122.115.82 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 3019 Dst 137 from WAN ]
time="2006-09-06 22:08:08" proto=17- udp packet - Source:=202.97.238.194 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 42669 Dst 1027 from WAN ]
time="2006-09-06 22:11:56" proto=17- udp packet - Source:=202.97.238.194 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 34223 Dst 1026 from WAN ]
time="2006-09-06 22:11:56" proto=17- udp packet - Source:=104.119.224.159 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 45604 Dst 1026 from WAN ]
time="2006-09-06 22:13:44" proto=17- udp packet - Source:=204.16.208.211 - Destination:=213.229.9.255 - [Destination address broadcast Src 42001 Dst 1027 from WAN ]
time="2006-09-06 22:13:44" proto=17- udp packet - Source:=204.16.208.49 - Destination:=213.229.9.255 - [Destination address broadcast Src 41718 Dst 1026 from WAN ]
time="2006-09-06 22:16:06" proto=6- tcp packet - Source:=213.229.55.46 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 4591 Dst 445 from WAN ]
time="2006-09-06 22:17:45" proto=17- udp packet - Source:=221.6.163.50 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 57573 Dst 1027 from WAN ]
time="2006-09-06 22:26:23" proto=17- udp packet - Source:=218.10.137.139 - Destination:=213.229.9.255 - [Destination address broadcast Src 47649 Dst 1027 from WAN ]
time="2006-09-06 22:31:40" proto=17- udp packet - Source:=193.47.186.205 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 30302 Dst 1026 from WAN ]
time="2006-09-06 22:45:45" proto=6- tcp packet - Source:=213.229.55.222 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 6594 Dst 445 from WAN ]
time="2006-09-06 23:13:35" proto=17- udp packet - Source:=221.6.163.50 - Destination:=213.229.9.255 - [Destination address broadcast Src 46655 Dst 1026 from WAN ]
time="2006-09-06 23:13:35" proto=17- udp packet - Source:=204.16.208.174 - Destination:=213.229.9.255 - [Destination address broadcast Src 46699 Dst 1027 from WAN ]
time="2006-09-06 23:15:03" proto=17- udp packet - Source:=180.5.78.123 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 30302 Dst 1026 from WAN ]
time="2006-09-06 23:15:03" proto=17- udp packet - Source:=221.208.208.96 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 37587 Dst 1026 from WAN ]
time="2006-09-06 23:15:03" proto=17- udp packet - Source:=180.5.78.123 - Destination:=213.229.9.255 - [Destination address broadcast Src 30308 Dst 1026 from WAN ]
time="2006-09-06 23:15:03" proto=17- udp packet - Source:=192.168.0.1 - Destination:=192.168.0.255 - [Destination address broadcast Src 137 Dst 137 from LAN ]
time="2006-09-06 23:15:16" proto=17- udp packet - Source:=213.229.9.249 - Destination:=12.7.210.176 - [Service access request successful Src 64307 Dst 123 from SELF ]
time="2006-09-06 23:20:08" proto=17- udp packet - Source:=221.208.208.96 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 49916 Dst 1026 from WAN ]
time="2006-09-06 23:20:34" proto=17- udp packet - Source:=202.97.238.132 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 59088 Dst 1027 from WAN ]
time="2006-09-06 23:20:34" proto=17- udp packet - Source:=193.47.186.58 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 30308 Dst 1026 from WAN ]
time="2006-09-06 23:33:27" proto=17- udp packet - Source:=193.47.186.58 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 30308 Dst 1026 from WAN ]
time="2006-09-06 23:42:02" proto=6- tcp packet - Source:=213.85.212.242 - Destination:=213.229.9.253 - [TCP connection timed out. 3-Way handShake incomplete,In SYN_RCVD1 state Src 2379 Dst 445 from WAN ]
time="2006-09-06 23:42:02" proto=6- tcp packet - Source:=213.229.63.220 - Destination:=213.229.9.251 - [TCP connection timed out. 3-Way handShake incomplete,In SYN_RCVD1 state Src 3380 Dst 135 from WAN ]
time="2006-09-06 23:43:31" proto=6- tcp packet - Source:=213.203.151.61 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 1398 Dst 135 from WAN ]
time="2006-09-06 23:43:31" proto=6- tcp packet - Source:=213.115.143.170 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 3410 Dst 445 from WAN ]
time="2006-09-06 23:52:55" proto=17- udp packet - Source:=193.47.186.39 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 30308 Dst 1026 from WAN ]
time="2006-09-07 00:01:26" proto=6- tcp packet - Source:=213.196.240.14 - Destination:=213.229.9.248 - [TCP connection timed out. 3-Way handShake incomplete,In SYN_RCVD1 state Src 4755 Dst 445 from WAN ]
time="2006-09-07 00:06:40" proto=17- udp packet - Source:=204.16.208.233 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 52812 Dst 1027 from WAN ]
time="2006-09-07 00:06:40" proto=17- udp packet - Source:=221.6.163.50 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 57498 Dst 1026 from WAN ]
time="2006-09-07 00:06:40" proto=17- udp packet - Source:=204.16.208.233 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 52812 Dst 1026 from WAN ]
time="2006-09-07 00:06:40" proto=17- udp packet - Source:=204.16.208.233 - Destination:=213.229.9.255 - [Destination address broadcast Src 52812 Dst 1027 from WAN ]
time="2006-09-07 00:06:40" proto=17- udp packet - Source:=193.47.186.58 - Destination:=213.229.9.255 - [Destination address broadcast Src 30308 Dst 1026 from WAN ]
time="2006-09-07 00:16:16" proto=17- udp packet - Source:=204.16.208.49 - Destination:=213.229.9.255 - [Destination address broadcast Src 56890 Dst 1026 from WAN ]
time="2006-09-07 00:16:16" proto=17- udp packet - Source:=192.168.0.3 - Destination:=192.168.0.255 - [Destination address broadcast Src 138 Dst 138 from LAN ]
time="2006-09-07 00:18:19" proto=6- tcp packet - Source:=213.229.7.34 - Destination:=213.229.9.254 - [TCP connection timed out. 3-Way handShake incomplete,In SYN_RCVD1 state Src 3160 Dst 139 from WAN ]
time="2006-09-07 00:20:38" proto=6- tcp packet - Source:=213.229.7.34 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 3280 Dst 139 from WAN ]
time="2006-09-07 00:23:06" proto=17- udp packet - Source:=79.38.123.50 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 30302 Dst 1026 from WAN ]
time="2006-09-07 00:23:06" proto=17- udp packet - Source:=196.162.248.179 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 30302 Dst 1026 from WAN ]
time="2006-09-07 00:23:06" proto=17- udp packet - Source:=196.162.248.179 - Destination:=213.229.9.255 - [Destination address broadcast Src 30308 Dst 1026 from WAN ]
time="2006-09-07 00:23:06" proto=17- udp packet - Source:=202.97.238.200 - Destination:=213.229.9.255 - [Destination address broadcast Src 33297 Dst 1027 from WAN ]
time="2006-09-07 00:40:31" proto=17- udp packet - Source:=88.191.19.75 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 33147 Dst 1027 from WAN ]
time="2006-09-07 00:40:31" proto=17- udp packet - Source:=204.16.208.211 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 41791 Dst 1026 from WAN ]
time="2006-09-07 00:40:31" proto=17- udp packet - Source:=88.191.19.75 - Destination:=213.229.9.255 - [Destination address broadcast Src 33147 Dst 1026 from WAN ]
time="2006-09-07 00:49:05" proto=6- tcp packet - Source:=213.228.99.236 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 4500 Dst 139 from WAN ]
time="2006-09-07 00:49:05" proto=6- tcp packet - Source:=213.229.55.85 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 3318 Dst 135 from WAN ]
time="2006-09-07 01:02:54" proto=6- tcp packet - Source:=213.137.115.166 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 24667 Dst 139 from WAN ]
time="2006-09-07 01:02:54" proto=17- udp packet - Source:=202.97.238.204 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 44438 Dst 1026 from WAN ]
time="2006-09-07 01:03:51" proto=6- tcp packet - Source:=212.94.117.5 - Destination:=213.229.9.255 - [Destination address broadcast Src 28249 Dst 22 from WAN ]
time="2006-09-07 01:03:51" proto=17- udp packet - Source:=221.208.208.212 - Destination:=213.229.9.255 - [Destination address broadcast Src 37550 Dst 1027 from WAN ]
time="2006-09-07 01:03:51" proto=6- tcp packet - Source:=212.94.117.5 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 28249 Dst 22 from WAN ]
time="2006-09-07 01:03:51" proto=17- udp packet - Source:=202.97.238.200 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 46007 Dst 1026 from WAN ]
time="2006-09-07 01:14:42" proto=17- udp packet - Source:=204.16.208.174 - Destination:=213.229.9.255 - [Destination address broadcast Src 57666 Dst 1026 from WAN ]
time="2006-09-07 01:14:42" proto=17- udp packet - Source:=60.11.125.53 - Destination:=213.229.9.255 - [Destination address broadcast Src 33723 Dst 1026 from WAN ]
time="2006-09-07 01:14:59" proto=6- tcp packet - Source:=213.228.122.183 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 2623 Dst 135 from WAN ]
time="2006-09-07 01:24:21" proto=17- udp packet - Source:=202.97.238.200 - Destination:=213.229.9.255 - [Destination address broadcast Src 35090 Dst 1026 from WAN ]
time="2006-09-07 01:44:19" proto=17- udp packet - Source:=218.5.75.60 - Destination:=213.229.9.255 - [Destination address broadcast Src 4506 Dst 1434 from WAN ]
time="2006-09-07 01:44:19" proto=17- udp packet - Source:=151.202.130.66 - Destination:=213.229.9.255 - [Destination address broadcast Src 12141 Dst 38293 from WAN ]
time="2006-09-07 01:45:06" proto=17- udp packet - Source:=193.47.186.82 - Destination:=213.229.9.255 - [Access Policy not found, dropping packet Src 30308 Dst 1026 from WAN ]
time="2006-09-07 01:45:06" proto=17- udp packet - Source:=221.208.208.96 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 60076 Dst 1026 from WAN ]
time="2006-09-07 01:50:02" proto=6- tcp packet - Source:=213.77.18.194 - Destination:=213.229.9.249 - [Access Policy not found, dropping packet Src 2659 Dst 445 from WAN ]
time="2006-09-07 02:33:42" proto=17- udp packet - Source:=192.168.0.25 - Destination:=195.58.161.122 - [Service access request successful Src 1055 Dst 53 from LAN ]
time="2006-09-07 02:33:42" proto=6- tcp packet - Source:=192.168.0.3 - Destination:=80.121.152.4 - [Service access request successful Src 4997 Dst 80 from LAN ]
time="2006-09-07 02:35:53" proto=17- udp packet - Source:=192.168.0.25 - Destination:=202.12.27.33 - [Connection timed out.Bytes transferred : 202 Src 1055 Dst 53 from LAN ]
time="2006-09-07 02:39:03" proto=17- udp packet - Source:=192.168.0.25 - Destination:=202.12.27.33 - [Service access request successful Src 1055 Dst 53 from LAN ]
time="2006-09-07 02:41:03" proto=17- udp packet - Source:=192.168.0.25 - Destination:=195.58.161.122 - [Connection timed out.Bytes transferred : 185 Src 1055 Dst 53 from LAN ]
time="2006-09-07 02:50:56" proto=17- udp packet - Source:=192.168.0.25 - Destination:=192.168.0.100 - [Service access request successful Src 4658 Dst 53 from LAN ]
time="2006-09-07 02:50:56" proto=6- tcp packet - Source:=192.168.0.25 - Destination:=213.229.60.100 - [Service access request successful Src 3826 Dst 110 from LAN ]
time="2006-09-07 02:51:10" proto=17- udp packet - Source:=213.229.9.249 - Destination:=195.58.161.122 - [Service access request successful Src 65098 Dst 53 from SELF ]
time="2006-09-07 02:53:17" proto=17- udp packet - Source:=213.229.9.249 - Destination:=195.58.160.194 - [Connection timed out.Bytes transferred : 405 Src 65098 Dst 53 from SELF ]
time="2006-09-07 02:53:17" proto=17- udp packet - Source:=192.168.0.100 - Destination:=192.168.0.25 - [Connection timed out.Bytes transferred : 2040 Src 1100 Dst 514 from SELF ]
time="2006-09-07 02:53:39" proto=17- udp packet - Source:=192.168.0.25 - Destination:=192.168.0.100 - [Connection timed out.Bytes transferred : 720 Src 4658 Dst 53 from LAN ]
time="2006-09-07 02:53:39" proto=17- udp packet - Source:=192.168.0.3 - Destination:=192.168.0.100 - [Connection timed out.Bytes transferred : 743 Src 1540 Dst 53 from LAN ]
time="2006-09-07 04:12:41" proto=17- udp packet - Source:=192.168.0.25 - Destination:=192.168.0.255 - [Destination address broadcast Src 138 Dst 138 from LAN ]
time="2006-09-07 04:27:26" proto=17- udp packet - Source:=192.168.0.25 - Destination:=192.168.0.255 - [Destination address broadcast Src 138 Dst 138 from LAN ]
time="2006-09-07 04:29:24" proto=17- udp packet - Source:=192.168.0.100 - Destination:=192.168.0.25 - [Connection timed out.Bytes transferred : 169 Src 1100 Dst 514 from SELF ]
time="2006-09-07 04:29:24" proto=17- udp packet - Source:=192.168.0.25 - Destination:=195.58.160.194 - [Connection timed out.Bytes transferred : 1585 Src 1055 Dst 53 from LAN ]
time="2006-09-07 05:06:50" proto=17- udp packet - Source:=192.168.0.25 - Destination:=195.58.160.194 - [Connection timed out.Bytes transferred : 202 Src 1055 Dst 53 from LAN ]

von **jutta** » Do 07 Sep, 2006 08:34

koennte das hier beschriebene phaenomen sein: http://xDSL.at/new/viewtopic.php?p=2191 ... fic#219159

von **superracer** » Do 07 Sep, 2006 09:22

jutta hat geschrieben:koennte das hier beschriebene phaenomen sein: http://xDSL.at/new/viewtopic.php?p=2191 ... fic#219159

das würde man aber im fw log des routers sehen...

von **PGottfried** » So 10 Sep, 2006 20:15

Hallo nochmals!

Habe nun zu Testzwecken über's Wochenende mal den Router vom restlichen Netz getrennt - also nur ADSL-Modem und Router. Da kamen dann lt. Inode Trafficübersicht zwischen 3-7 MB pro Stunde zusammen.
Bei einem 1GB Paket ist das etwas viel!
Hat jemand noch eine Idee?

Ein tracert auf meine IP-Abdressen ergab kein "Ping-Pong" zwischen den Routern - wie in einem verwiesenen Posting vermutet.

IP:213.229.9.249 (Gateway)
weitere IPS: 213.229.9.250 bis 213.229.9.254

Grüße,
Gottfried

von **R4yd3N** » Mo 11 Sep, 2006 00:51

schon mal versucht private IP-Adressen zu verwenden ála 192.168.x.x ?

Möglicherweise hackts da.

von **PGottfried** » Mo 11 Sep, 2006 05:54

Hallo!

Da hab ich mich wohl unklar ausgedrückt - die oben angeführten Adressen habe ich von Inode reserviert bekommen. Der Router arbeitet als NAT-Router; intern verwende ich private Adressen (192.168.0.x). An öffentlicher Seite hat der Router 213.229.9.249 und intern 192.168.0.100.

Aber wenn ich nur den Router am Modem hängen habe, dann dürfte das auch keinen Unterscheid machen.

Grüße,
Gottfried

von **jutta** » Mo 11 Sep, 2006 07:27

ich habe mir dein logfile noch einmal angeschaut - das sind groesstenteils die packets, die man von wurm-verseuchten rechnern so kriegt - 135, 139, 445. 1026, 1027 sehe ich in meinen logfiles nicht ganz so oft, aber sie kommen auch vor. diesen traffic hattest du mit sicherheit vor dem routerwechsel auch schon. ich habe das im vorjahr ein monat lang getestet, da kamen ca 30 mb zusammen (ebenfalls an einem inode business anschluss mit /29 netz). der grund fuer deinen hohen traffic muss also woanders liegen.

verraet der router etwas darueber, welche keep-alive-messages er mit dem server austauscht und wie oft er anfragen an time-server, dns-server usw richtet? hast du die moeglichkeit, dir zum vergleich einen anderen router auszuborgen? (schreib mir ev ein pn mit kontakt-infos, falls du sonst niemanden findest, wo du einen ausborgen kannst)

xDSL.at

Wieso der hohe Traffic?

Wieso der hohe Traffic?

Wer ist online?