Ддос атака, помогите расшифровать, что здесь?

Пакет UDP от локального адреса 192.168.0.2 к внешнему адресу 87.240.169.3 на порт 443 был отброшен на интерфейсе br0.

Я не шарю, что это значит, объясни

Это ддос? Или что это? Просто кому я сдался то

Сложно сказать. Дай больше вводных данных.

DROPIN=br0 OUT=ppp2 SRC=192.168.0.2 DST=178.248.233.6 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=55014 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0xe003 DROP IN=br0 OUT=ppp2 SRC=192.168.0.2 DST=17.253.145.10 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=56810 DPT=443 LEN=1358 MARK=0xe003 DROP IN=br0 OUT=ppp2 SRC=192.168.0.2 DST=172.224.194.5 LEN=1378 TOS=0x02 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=61352 DPT=443 LEN=1358 MARK=0xe003

Ну что скажешь?

Я имел ввиду больше контекста, а не больше логов.

Тебе описать проблему или что ты имеешь ввиду?

Да, проблему. Просто сам факт передачи/отклонения пакета мало о чём говорит.

У тебя их миллионы таких строк? Или просто иногда бывают? Если миллионы, то может и ддос (последствия-то ощущаются или нет? где инфа?). Если жалкие сотни, то просто найди занятие поинтереснее, чем пялится в логи и искать, кто там палочкой твой сервер потыкал — такое будет постоянно.

Он не пускает кого-то из локалки (br0) в интернет (ppp2).

А… А причём тут ддос тогда?..

Из вашей локалки девайс с ip адресом 192.168.0.2 лезет на хост сети принадлежащий вконтакту на порт 443/udp. Что ещё услышать хотели?

Из вашей локалки девайс с ip адресом 192.168.0.2 лезет на хост сети принадлежащий яблу на порт 9000/tcp. Что ещё услышать хотели2 ? Вам блин каждый пакет шоли расшифровывать?

Просто кому я сдался то

Судя по логам это вы досите vk 😂

У меня так уже 2 день, там очень много строк

Еще вот что выдает WAN HSI is up, mode is PPPoE, IP is 100.106.253.63. Successfully assign IP [192.168.0.3] to client mac [a2:31:d4:71:ab:e4], lease time [14400] LAN 2012-01-01 15:10:13 Received REQUEST from client ip [0.0.0.0] mac [a2:31:d4:71:ab:e4] LAN 2012-01-01 15:10:13 The client (a2:31:d4:71:ab:e4) has successfully connected to RT-5WiFi-78AE (7c:13:1d:57:78:b4), 2 channel (2.4 GHz). LAN 2012-01-01 15:09:35 LCP echo-request has been send from WAN HSI WAN 2012-01-01 15:09:32 Receive a general query from WAN. Система 2012-01-01 15:08:42 Stopping HTTP redirect OK. Система 2012-01-01 15:08:42 Starting UPnP IGD OK. Данные 2012-01-01 15:08:42 HTTP listening on port 49152 Данные 2012-01-01 15:08:42 Starting UPnP OK. Система 2012-01-01 15:08:39 Stopping UPnP OK. Система 2012-01-01 15:08:39 Success to broadcast good-bye notifications Данные 2012-01-01 15:08:37 DMZ Rules has been flushed on WAN HSI. Сетевой экран 2012-01-01 15:08:36 Internet DNS Servers 87.225.16.243, 212.122.1.2. Система 2012-01-01 15:08:36 Internet DNS ready. Система 2012-01-01 15:08:36 Internet DNS deactived. Система 2012-01-01 15:08:36 Internet DNS Servers 87.225.16.243, 212.122.1.2. Система 2012-01-01 15:08:36 Internet DNS ready. Система 2012-01-01 15:08:36 Internet DNS deactived. Система 2012-01-01 15:08:36 Data WAN2 Activated! WAN 2012-01-01 15:08:35 Internet DNS deactived. Система 2012-01-01 15:08:35 WAN HSI is up, mode is PPPoE, IP is 100.106.253.63. WAN 2012-01-01 15:08:35 WAN HSI is down. WAN 2012-01-01 15:08:35 PPP PAP authentication is successful on WAN HSI WAN 2012-01-01 15:08:33 PPPOE PADS has been received from WAN HSI WAN 2012-01-01 15:08:33 PPPOE PADR has been sent from WAN HSI WAN 2012-01-01 15:08:33 PPPOE PADO has been received from WAN HSI, BRAS name is KHBR-BRAS3. WAN 2012-01-01 15:08:32 PPPOE PADI has been sent from WAN HSI WAN 2012-01-01 15:08:32 Receive a general query from WAN. Система 2012-01-01 15:08:28 Starting NTP Client OK. Система 2012-01-01 15:08:28 Stopping NTP Client OK. Система 2012-01-01 15:08:27 PPPOE PADT has been sent from WAN HSI WAN 2012-01-01 15:08:26 DMZ Rules has been flushed on WAN IPoE_DHCP. Сетевой экран 2012-01-01 15:08:25 Starting NTP Client OK. Система 2012-01-01 15:08:25 Stopping NTP Client OK. Система 2012-01-01 15:08:25 IPTV WAN1 Activated! WAN 2012-01-01 15:08:24 PPPOE PADT has been received from WAN HSI WAN 2012-01-01 15:08:24 LCP echo-reply has been received from WAN HSI WAN 2012-01-01 15:07:37 The client (a2:31:d4:71:ab:e4) disconnected or could not connect.

Интернет вообще перестал работать, раз через раз

Выстави правильную дату и время.

Это не прям обязательно)

System] 2012-01-01 15:36:08 Stopping UPnP OK. [System] 2012-01-01 15:36:05 Stopping UPnP OK. [DNS] 2012-01-01 15:36:05 Success to broadcast good-bye notifications [Firewall] 2012-01-01 15:36:04 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.169.98 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=16436 PROTO=UDP SPT=16403 DPT=3482 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:36:04 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.171.200 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=24924 PROTO=UDP SPT=16403 DPT=3481 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:36:04 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.171.200 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=28829 PROTO=UDP SPT=16403 DPT=3480 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:36:00 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.169.98 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=46314 PROTO=UDP SPT=16403 DPT=3482 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:36:00 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.171.200 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=6213 PROTO=UDP SPT=16403 DPT=3481 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:36:00 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.171.200 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=16613 PROTO=UDP SPT=16403 DPT=3480 LEN=24 MARK=0xe003 [WAN] 2012-01-01 15:35:59 LCP echo-request has been send from WAN HSI [Firewall] 2012-01-01 15:35:58 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.169.98 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=7838 PROTO=UDP SPT=16403 DPT=3482 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:35:58 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.171.200 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=29802 PROTO=UDP SPT=16403 DPT=3481 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:35:58 DROP IN=br0 OUT=ppp2 SRC=192.168.0.3 DST=17.188.171.200 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=49626 PROTO=UDP SPT=16403 DPT=3480 LEN=24 MARK=0xe003 [Firewall] 2012-01-01 15:35:57 Local Fragment Flood detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Local Smurf Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Local Winnuke Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Local TCP FIN Flood Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Local TCP SYN Flood Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Local ICMP Flood Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Forward UDP Flood Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:57 Local UDP Flood Detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Local Fragment Flood detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local Smurf Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local Winnuke Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local TCP FIN Flood Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local TCP SYN Flood Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local ICMP Flood Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Forward UDP Flood Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local UDP Flood Detect has been enabled on WAN HSI. [Firewall] 2012-01-01 15:35:56 Local Fragment Flood detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local Smurf Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local Winnuke Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local TCP FIN Flood Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local TCP SYN Flood Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local ICMP Flood Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Forward UDP Flood Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local UDP Flood Detect has been enabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:56 Local Fragment Flood Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Local Smurf Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Local Winnuke Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Forward TCP Scan Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Local TCP Scan Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Forward UDP Flood Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Local ICMP Flood Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:56 Local UDP Flood Detect has been disabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:55 Local Fragment Flood Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Local Smurf Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Local Winnuke Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Forward TCP Scan Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Local TCP Scan Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Forward UDP Flood Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Local ICMP Flood Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Local UDP Flood Detect has been disabled on WAN HSI. [Firewall] 2012-01-01 15:35:55 Local Fragment Flood Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Local Smurf Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Local Winnuke Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Forward TCP Scan Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Local TCP Scan Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Forward UDP Flood Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Local ICMP Flood Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:55 Local UDP Flood Detect has been disabled on WAN IPoE_DHCP. [Firewall] 2012-01-01 15:35:52 Local Frament Flood Detect has been enabled on LAN. [Firewall] 2012-01-01 15:35:52 Local Smurf Detect has been enabled on LAN. [Firewall] 2012-01-01 15:35:52 Local LAN Source Detect has been enabled. [Firewall] 2012-01-01 15:35:52 Local Winnuke Detect has been enabled on LAN. [Firewall] 2012-01-01 15:35:52 Local ICMP Flood Detect has been enabled on LAN. [Firewall] 2012-01-01 15:35:52 Local UDP Flood Detect has been enabled on LAN. [Firewall] 2012-01-01 15:35:52 Local Ping Response Block has been enabled. [Firewall] 2012-01-01 15:35:52 Local Fragment Flood Detect has been disabled on LAN. [Firewall] 2012-01-01 15:35:52 Local Smurf Detect has been disabled on LAN. [Firewall] 2012-01-01 15:35:52 Local LAN Source Detect has been disabled. [Firewall] 2012-01-01 15:35:52 Local Winnuke Detect has been disabled on LAN. [Firewall] 2012-01-01 15:35:52 Local ICMP Flood Detect has been disabled on LAN. [Firewall] 2012-01-01 15:35:52 Local UDP Flood Detect has been disabled on LAN. [Firewall] 2012-01-01 15:35:52 UDP Bomb Detect has been enabled. [Firewall] 2012-01-01 15:35:52 TCP Syn With Data Detect has been enabled. [Firewall] 2012-01-01 15:35:52 IP Broadcast Source Detect has been enabled. [Firewall] 2012-01-01 15:35:52 IP Land Detect has been enabled. [Firewall] 2012-01-01 15:35:52 Port Scan Per IP Flood Detect has been enabled. [Firewall] 2012-01-01 15:35:52 TCP FIN Per IP Flood Detect has been enabled. [Firewall] 2012-01-01 15:35:52 TCP SYN Per IP Flood Detect has been enabled. [Firewall] 2012-01-01 15:35:52 ICMP Per IP Flood Detect has been enabled. [Firewall] 2012-01-01 15:35:52 UDP Per IP Flood Detect has been enabled. [Firewall] 2012-01-01 15:35:51 IP Spoof Detect has been enabled. [Firewall] 2012-01-01 15:35:51 Firewall Block Detect has been enabled. [Firewall] 2012-01-01 15:35:49 Local Fragment Flood detect has been enabled on WAN IPoE_Static. [Firewall] 2012-01-01 15:35:49 Local Smurf Detect has been enabled on WAN IPoE_Static.

Парсить вот такое месиво как-то не тянет.

При отправке таких простыней используй разметку
www.linux.org.ru/help/lorcode.md
или
www.linux.org.ru/help/markdown.md

Перед отправкой сообщения нажимай кнопочку «Предпросмотр» что бы убедится что все выглядит так как ты задумал.
Отредактируй свое сообщение, что бы оно стало читабельным.

Обратитесь в техподдержку или к вашему системному администратору.