Tekil Mesaj gösterimi - Windows Server Atak Çıkışı

Konu Windows Server Atak Çıkışı

01-02-2020, 04:13:06

Burti

Reveloper

Merhaba,

Bir Windows 2019 Server Exchange sunucumuz dışarı atak çıkıyor ancak ne servislerde nede loglar üzerinde gözükmüyor nereden olduğu. Başına daha önce gelen oldumu?

+ Active Directory ve Exchange 2019 kurulu.

2020-02-01 02:54:28.402207    IP SERVER_IP.389 > 162.159.211.49.37404: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.402217    IP SERVER_IP > 162.159.211.49: ip-proto-17
2020-02-01 02:54:28.402220    IP SERVER_IP > 162.159.211.49: ip-proto-17
2020-02-01 02:54:28.402235    IP SERVER_IP.389 > 187.254.111.167.80: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.402238    IP SERVER_IP > 187.254.111.167: ip-proto-17
2020-02-01 02:54:28.402241    IP SERVER_IP > 187.254.111.167: ip-proto-17
2020-02-01 02:54:28.402258    IP SERVER_IP.389 > 172.58.21.232.52781: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.403196    IP SERVER_IP.389 > 191.243.27.199.29696: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.403202    IP SERVER_IP > 191.243.27.199: ip-proto-17
2020-02-01 02:54:28.403204    IP SERVER_IP > 191.243.27.199: ip-proto-17
2020-02-01 02:54:28.403292    IP SERVER_IP.389 > 72.208.115.245.61796: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.403310    IP SERVER_IP > 72.208.115.245: ip-proto-17
2020-02-01 02:54:28.403313    IP SERVER_IP > 72.208.115.245: ip-proto-17
2020-02-01 02:54:28.403319    IP SERVER_IP.389 > 180.97.196.12.38572: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.403333    IP SERVER_IP > 180.97.196.12: ip-proto-17
2020-02-01 02:54:28.403334    IP SERVER_IP > 180.97.196.12: ip-proto-17
2020-02-01 02:54:28.403426    IP SERVER_IP.389 > 79.152.62.164.41205: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.403431    IP SERVER_IP > 79.152.62.164: ip-proto-17
2020-02-01 02:54:28.403433    IP SERVER_IP > 79.152.62.164: ip-proto-17
2020-02-01 02:54:28.403817    IP SERVER_IP.389 > 67.186.108.76.22116: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.403833    IP SERVER_IP > 67.186.108.76: ip-proto-17
2020-02-01 02:54:28.404172    IP SERVER_IP > 67.186.108.76: ip-proto-17
2020-02-01 02:54:28.404176    IP SERVER_IP.389 > 78.140.166.10.37303: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.404219    IP SERVER_IP > 78.140.166.10: ip-proto-17
2020-02-01 02:54:28.404221    IP SERVER_IP > 78.140.166.10: ip-proto-17
2020-02-01 02:54:28.404338    IP SERVER_IP.389 > 185.176.246.73.46262: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.404344    IP SERVER_IP > 185.176.246.73: ip-proto-17
2020-02-01 02:54:28.404385    IP SERVER_IP > 185.176.246.73: ip-proto-17
2020-02-01 02:54:28.404486    IP SERVER_IP.389 > 191.243.18.81.36135: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.404493    IP SERVER_IP > 191.243.18.81: ip-proto-17
2020-02-01 02:54:28.405027    IP SERVER_IP.389 > 191.243.18.81.2747: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.405030    IP SERVER_IP > 191.243.18.81: ip-proto-17
2020-02-01 02:54:28.405071    IP SERVER_IP > 191.243.18.81: ip-proto-17
2020-02-01 02:54:28.405075    IP SERVER_IP > 191.243.18.81: ip-proto-17
2020-02-01 02:54:28.405082    IP SERVER_IP.389 > 191.243.23.201.62094: UDP, bad length 3060 > 1472
2020-02-01 02:54:28.405097    IP SERVER_IP > 191.243.23.201: ip-proto-17
2020-02-01 02:54:28.405099    IP SERVER_IP > 191.243.23.201: ip-proto-17
2020-02-01 02:54:28.405165    IP SERVER_IP.389 > 180.97.196.12.49877: UDP, bad length 3060 > 1472