Linux

iptables、ufw 和 psad - 來自家庭網路上的路由器和設備的掃描 UDP 埠警報

  • November 27, 2016

我全新安裝了 Ubuntu 16.04。我使用https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basicshttps中的說明配置了 iptables、ufw(帶有 gufw)和 psad ://www.thefanclub.co.za/how-to/how-install-psad-intrusion-detection-ubuntu-1204-lts-server

一切似乎都正常,但現在我收到一大堆電子郵件,抱怨從我的機器(到它自己)、我的路由器和我網路上的其他設備進行 UDP 掃描。

我該如何解決?比如忽略他們什麼的?

從伺服器到自身:

=-=-=-=-=-=-=-=-=-=-=-= Tue May  3 18:40:47 2016 =-=-=-=-=-=-=-=-=-=-=-=


        Danger level: [2] (out of 5)

   Scanned UDP ports: [32412-32414: 6 packets, Nmap: -sU]
      iptables chain: INPUT (prefix "[UFW AUDIT]"), 2 packets
      iptables chain: OUTPUT (prefix "[UFW ALLOW]"), 2 packets
      iptables chain: OUTPUT (prefix "[UFW AUDIT]"), 2 packets

              Source: 192.168.1.50
                 DNS: server.nigam.com

         Destination: 192.168.1.255
                 DNS: [No reverse dns info available]

  Overall scan start: Tue May  3 18:40:20 2016
  Total email alerts: 37
  Complete UDP range: [32412-32414]
     Syslog hostname: nook

        Global stats:
                      chain:   interface:  protocol:  packets:
                      INPUT    br1         udp        6
                      OUTPUT   br1         udp        12

從路由器:

=-=-=-=-=-=-=-=-=-=-=-= Tue May  3 18:40:49 2016 =-=-=-=-=-=-=-=-=-=-=-=


        Danger level: [2] (out of 5)

   Scanned UDP ports: [42608-58785: 6 packets, Nmap: -sU]
      iptables chain: INPUT (prefix "[UFW AUDIT]"), 6 packets

              Source: 192.168.1.1
                 DNS: NigamNet

         Destination: 192.168.1.69
                 DNS: nook.nigam.com

  Overall scan start: Tue May  3 18:35:58 2016
  Total email alerts: 39
  Complete UDP range: [32911-60857]
     Syslog hostname: nook

        Global stats:
                      chain:   interface:  protocol:  packets:
                      INPUT    br1         udp        119

從本地主機:

=-=-=-=-=-=-=-=-=-=-=-= Tue May  3 18:40:47 2016 =-=-=-=-=-=-=-=-=-=-=-=


        Danger level: [1] (out of 5) Multi-Protocol

   Scanned UDP ports: [33335: 2 packets, Nmap: -sU]
      iptables chain: INPUT (prefix "[UFW AUDIT]"), 1 packets
      iptables chain: OUTPUT (prefix "[UFW AUDIT]"), 1 packets

              Source: 127.0.0.1
                 DNS: localhost

         Destination: 127.0.0.1
                 DNS: localhost

  Overall scan start: Tue May  3 18:40:20 2016
  Total email alerts: 5
  Complete TCP range: [6789]
  Complete UDP range: [33335]
     Syslog hostname: nook

        Global stats:
                      chain:   interface:  protocol:  packets:
                      OUTPUT   lo          tcp        3
                      OUTPUT   lo          udp        3
                      INPUT    lo          tcp        3
                      INPUT    lo          udp        3

來自我的 Roku:

=-=-=-=-=-=-=-=-=-=-=-= Tue May  3 07:03:33 2016 =-=-=-=-=-=-=-=-=-=-=-=


        Danger level: [3] (out of 5)

   Scanned UDP ports: [41598: 1 packets, Nmap: -sU]
      iptables chain: INPUT (prefix "[UFW BLOCK]"), 1 packets

              Source: 192.168.1.108
                 DNS: NP-4124DU054440.nigam.com

         Destination: 192.168.1.69
                 DNS: nook.nigam.com

  Overall scan start: Tue May  3 00:12:39 2016
  Total email alerts: 191
  Complete UDP range: [39474-41598]
     Syslog hostname: nook

        Global stats:
                      chain:   interface:  protocol:  packets:
                      INPUT    br1         udp        195

如果你想減少這種噪音,你必須調整你的防火牆。

在您的情況下,一種可能的方法可能是向您的防火牆添加一條規則,該規則允許來自本地網路的 UDP 埠上的所有傳入連接。

引用自:https://serverfault.com/questions/774781