Linux
如何解釋防火牆日誌?
今天我在 ssh 伺服器上發現了一些失敗的身份驗證嘗試,我決定檢查所有日誌中的可疑活動。這是我的路由器防火牆日誌(其中的一小部分):
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=118.179.50.73 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=107 ID=16939 DF PROTO=TCP SPT=28279 DPT=54281 SEQ=1104099122 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.173.108.248 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=4775 DF PROTO=TCP SPT=53946 DPT=54281 SEQ=1573294371 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=118.179.50.73 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=16940 PROTO=UDP SPT=28273 DPT=54281 LEN=28 Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.173.108.248 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=4776 PROTO=UDP SPT=1033 DPT=54281 LEN=28 Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=195.34.75.108 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30112 PROTO=UDP SPT=50909 DPT=54281 LEN=28 Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.161.151.68 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25107 DF PROTO=TCP SPT=53776 DPT=54281 SEQ=347621257 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=84.111.225.41 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=116 ID=26401 PROTO=UDP SPT=12821 DPT=54281 LEN=38 Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.161.151.68 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25161 PROTO=UDP SPT=41441 DPT=54281 LEN=28 Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=62.105.150.126 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=7340 PROTO=UDP SPT=12168 DPT=54281 LEN=28 Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=3059 DF PROTO=TCP SPT=50770 DPT=54281 SEQ=2242830855 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=212.20.52.84 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=10982 PROTO=TCP SPT=50675 DPT=54281 SEQ=3429675197 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204058401010402) Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=3060 PROTO=UDP SPT=60706 DPT=54281 LEN=28 Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=11488 DF PROTO=TCP SPT=63348 DPT=54281 SEQ=843677449 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405780103030801010402) Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=11489 PROTO=UDP SPT=31619 DPT=54281 LEN=28 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=10611 DF PROTO=TCP SPT=53604 DPT=54281 SEQ=53119836 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=77.123.52.193 DST=<MyExternalIP> LEN=52 TOS=0x10 PREC=0x80 TTL=119 ID=29732 DF PROTO=TCP SPT=64670 DPT=54281 SEQ=1393693542 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=212.20.52.84 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=10983 PROTO=UDP SPT=22401 DPT=54281 LEN=28 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=77.123.52.193 DST=<MyExternalIP> LEN=48 TOS=0x10 PREC=0x80 TTL=119 ID=29733 PROTO=UDP SPT=36118 DPT=54281 LEN=28 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.130.145.208 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=18200 DF PROTO=TCP SPT=49314 DPT=54281 SEQ=3961523561 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=10703 PROTO=UDP SPT=16543 DPT=54281 LEN=28 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=37.57.203.228 DST=<MyExternalIP> LEN=132 TOS=0x00 PREC=0x20 TTL=56 ID=19350 PROTO=UDP SPT=8999 DPT=54281 LEN=112 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.149.95.146 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=23986 DF PROTO=TCP SPT=57083 DPT=54281 SEQ=2426085934 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405A00103030801010402) Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.149.95.146 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=23987 PROTO=UDP SPT=63090 DPT=54281 LEN=28 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.130.145.208 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=18201 PROTO=UDP SPT=21431 DPT=54281 LEN=28 Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.200.239.123 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=50 ID=8283 DF PROTO=UDP SPT=2305 DPT=54281 LEN=38 Dec 12 21:24:15 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=4707 PROTO=UDP SPT=11408 DPT=54281 LEN=28 Dec 12 21:24:15 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=4708 DF PROTO=TCP SPT=59712 DPT=54281 SEQ=1602137000 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:15 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.202.212.89 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=23841 PROTO=UDP SPT=53432 DPT=54281 LEN=28 Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=31100 PROTO=UDP SPT=39200 DPT=54281 LEN=28 Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31101 DF PROTO=TCP SPT=50522 DPT=54281 SEQ=1220006373 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020404B40103030801010402) Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22035 DF PROTO=TCP SPT=61903 DPT=54281 SEQ=1593701078 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204055001010402) Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22034 PROTO=UDP SPT=26284 DPT=54281 LEN=28 Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=213.59.151.172 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=12178 DF PROTO=TCP SPT=63771 DPT=54281 SEQ=930542000 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=8550 PROTO=UDP SPT=21317 DPT=54281 LEN=28 Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=113 ID=8551 DF PROTO=TCP SPT=51072 DPT=54281 SEQ=2244867843 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=213.59.151.172 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=12179 PROTO=UDP SPT=40315 DPT=54281 LEN=28 Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.216.6.157 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15453 DF PROTO=TCP SPT=55479 DPT=54281 SEQ=2506165195 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.216.6.157 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=15452 PROTO=UDP SPT=54615 DPT=54281 LEN=28 Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=178.44.31.190 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=114 ID=10292 DF PROTO=TCP SPT=52489 DPT=54281 SEQ=3570098040 ACK=0 WINDOW=17520 RES=0x00 SYN URGP=0 OPT (020405AC0103030801010402) Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=178.44.31.190 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=114 ID=10293 PROTO=UDP SPT=18160 DPT=54281 LEN=28 Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.200.239.123 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=50 ID=8699 DF PROTO=UDP SPT=2305 DPT=54281 LEN=38 Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=195.34.75.108 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=30113 DF PROTO=TCP SPT=50598 DPT=54281 SEQ=3590616573 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=4709 DF PROTO=TCP SPT=59712 DPT=54281 SEQ=1602137000 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=195.34.75.108 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30114 PROTO=UDP SPT=50909 DPT=54281 LEN=28 Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=79.137.155.249 DST=<MyExternalIP> LEN=131 TOS=0x00 PREC=0x00 TTL=116 ID=11662 PROTO=UDP SPT=47493 DPT=54281 LEN=111 Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=4710 PROTO=UDP SPT=11408 DPT=54281 LEN=28 Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=84.111.225.41 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=116 ID=26771 PROTO=UDP SPT=12821 DPT=54281 LEN=38 Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.180.28.179 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=114 ID=25301 PROTO=UDP SPT=35280 DPT=54281 LEN=28 Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.180.28.179 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=114 ID=25302 DF PROTO=TCP SPT=64903 DPT=54281 SEQ=1266165314 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC0103030201010402) Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31102 DF PROTO=TCP SPT=50522 DPT=54281 SEQ=1220006373 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020404B40103030801010402) Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22616 DF PROTO=TCP SPT=61903 DPT=54281 SEQ=1593701078 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204055001010402) Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=3061 DF PROTO=TCP SPT=50770 DPT=54281 SEQ=2242830855 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22652 PROTO=UDP SPT=26284 DPT=54281 LEN=28 Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=113 ID=11838 DF PROTO=TCP SPT=51072 DPT=54281 SEQ=2244867843 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=11845 PROTO=UDP SPT=21317 DPT=54281 LEN=28 Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=31103 PROTO=UDP SPT=39200 DPT=54281 LEN=28 Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=62.105.150.126 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=13254 DF PROTO=TCP SPT=55827 DPT=54281 SEQ=992095076 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=3062 PROTO=UDP SPT=60706 DPT=54281 LEN=28 Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=11490 DF PROTO=TCP SPT=63349 DPT=54281 SEQ=843677449 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405780103030801010402) Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13024 DF PROTO=TCP SPT=53604 DPT=54281 SEQ=53119836 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=11491 PROTO=UDP SPT=31619 DPT=54281 LEN=28 Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.202.53.239 DST=<MyExternalIP> LEN=131 TOS=0x00 PREC=0x00 TTL=120 ID=20618 PROTO=UDP SPT=27874 DPT=54281 LEN=111 Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=77.123.52.193 DST=<MyExternalIP> LEN=48 TOS=0x10 PREC=0x80 TTL=119 ID=29735 PROTO=UDP SPT=36118 DPT=54281 LEN=28 Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.130.145.208 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=18202 DF PROTO=TCP SPT=49314 DPT=54281 SEQ=3961523561 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.216.6.157 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15454 DF PROTO=TCP SPT=55479 DPT=54281 SEQ=2506165195 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13164 PROTO=UDP SPT=16543 DPT=54281 LEN=28
我對傳入請求的數量感到驚訝,我立即關閉了所有設備和服務,以檢查諸如種子之類的東西是否正在生成此請求。
但不幸的是,它並沒有停止。
我決定分析它,我抓取了最新的 ~5 分鐘日誌並做了:
cat firewall.txt | grep DROP |awk '{print $9}'| sort | uniq | wc -l
找到唯一的 IP-s。結果是1466
。對我來說,這看起來像是 DDOS 攻擊,但我不確定。有人可以解釋一下
LEN
路由器日誌後列的含義嗎?我想了解發生了什麼…
其中大部分是用於 IPv4、TCP 和 UDP 標頭的欄位/標誌的名稱的非常明顯的縮寫。
- https://en.wikipedia.org/wiki/IPv4#Header
- https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
- https://en.wikipedia.org/wiki/User_Datagram_Protocol#Packet_structure
欄位。
IN incoming interface OUT outgoing interface MAC hardware address SRC IP address in the source field in the IP header DST IP address in the destination field of the IP header LEN Length of the IP packet TOS originally called Type of service, these days it is the Differentiated Services Code Point TTL Time to live PROTO name of protocol tcp/udp are most common SPT Source port from tcp/udp header DPT Destination port from tcp/udp header DF TCP don't fragment flag SYN TCP Syn Flag ACK TCP Ack flag WINDOW TCP Window SEQ Sequency number
無論如何,大多數這些數據包中的共同點是
DPT=54281
. 您在日誌中發布的大部分內容都是 UDP,但其中也有一些 TCP。Google建議,如果你有其中一個,這可能是 Apple XSAN 使用的埠。但它也可能是任何其他也使用該埠的服務。