# 个人PC发现可疑攻击 | ID | Creation Date | Assignee | Status | |----|----------------|----------|--------| | GIT-168 | 2021-05-21T16:31:16.000+0800 | 栗文 | 完成 | --- 5月21日个人PC发现可疑攻击,五一之前也曾经发现过一次。 !image-2021-05-21-16-29-29-916.png! PC信息如图: !image-2021-05-21-16-33-16-234.png!**zhangwei** commented on *2021-05-24T15:23:07.960+0800*: !image-2021-05-24-15-22-50-270.png! 2021-5-24 15:22再次被攻击 --- **liwen** commented on *2021-05-24T16:29:43.257+0800*: !image-2021-05-24-16-29-38-086.png! 通过飞塔查询问题设备连接至3楼西南边ap设备 无法具体定位使用人,已采取通过mac地址强制下线 并添加拒绝访问规则 持续观察3天看设备是否有再次上线情况 --- **zhangwei** commented on *2021-05-28T11:35:25.706+0800*: 2021-05-28 新增攻击源IP:192.168.32.4 !image-2021-05-28-11-35-23-298.png! --- **liwen** commented on *2021-05-28T21:04:10.468+0800*: !image-2021-05-28-12-01-21-766.png! 通过飞塔防火墙确认新设备mac地址为  cc:81:da:9b:e4:d8 经确认此次问题电脑与上次为同一台笔记本,第一次通过本机网卡直接连接办公网络获取36段ip,第二次连接工位外接wifi获取32段ip故两次mac地址和ip段不一致,已将问题笔记本网卡禁用,通过火绒安全软件全盘扫描,下班时扫描未结束周一补充扫描结果截图 --- **liwen** commented on *2021-06-01T10:53:43.238+0800*: !image-2021-06-01-10-51-14-302.png!!image-2021-06-01-10-51-25-641.png! 通过扫描问题设备结果如截图所示,已通过杀毒软件处理 --- # Attachments Attachment: image-2021-05-21-16-29-29-916.png ![image-2021-05-21-16-29-29-916.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18448/image-2021-05-21-16-29-29-916.png) Attachment: image-2021-05-21-16-33-16-234.png ![image-2021-05-21-16-33-16-234.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18449/image-2021-05-21-16-33-16-234.png) Attachment: image-2021-05-21-22-08-18-364.png ![image-2021-05-21-22-08-18-364.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18463/image-2021-05-21-22-08-18-364.png) Attachment: image-2021-05-24-15-22-50-270.png ![image-2021-05-24-15-22-50-270.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18486/image-2021-05-24-15-22-50-270.png) Attachment: image-2021-05-24-16-29-38-086.png ![image-2021-05-24-16-29-38-086.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18490/image-2021-05-24-16-29-38-086.png) Attachment: image-2021-05-28-11-35-23-298.png ![image-2021-05-28-11-35-23-298.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18611/image-2021-05-28-11-35-23-298.png) Attachment: image-2021-05-28-12-01-21-766.png ![image-2021-05-28-12-01-21-766.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18616/image-2021-05-28-12-01-21-766.png) Attachment: image-2021-05-28-12-01-55-446.png ![image-2021-05-28-12-01-55-446.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18617/image-2021-05-28-12-01-55-446.png) Attachment: image-2021-06-01-10-51-14-302.png ![image-2021-06-01-10-51-14-302.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18684/image-2021-06-01-10-51-14-302.png) Attachment: image-2021-06-01-10-51-25-641.png ![image-2021-06-01-10-51-25-641.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/18685/image-2021-06-01-10-51-25-641.png)