Linux
iptables、ufw 和 psad - 來自家庭網路上的路由器和設備的掃描 UDP 埠警報
我全新安裝了 Ubuntu 16.04。我使用https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics和https中的說明配置了 iptables、ufw(帶有 gufw)和 psad ://www.thefanclub.co.za/how-to/how-install-psad-intrusion-detection-ubuntu-1204-lts-server。
一切似乎都正常,但現在我收到一大堆電子郵件,抱怨從我的機器(到它自己)、我的路由器和我網路上的其他設備進行 UDP 掃描。
我該如何解決?比如忽略他們什麼的?
從伺服器到自身:
=-=-=-=-=-=-=-=-=-=-=-= Tue May 3 18:40:47 2016 =-=-=-=-=-=-=-=-=-=-=-= Danger level: [2] (out of 5) Scanned UDP ports: [32412-32414: 6 packets, Nmap: -sU] iptables chain: INPUT (prefix "[UFW AUDIT]"), 2 packets iptables chain: OUTPUT (prefix "[UFW ALLOW]"), 2 packets iptables chain: OUTPUT (prefix "[UFW AUDIT]"), 2 packets Source: 192.168.1.50 DNS: server.nigam.com Destination: 192.168.1.255 DNS: [No reverse dns info available] Overall scan start: Tue May 3 18:40:20 2016 Total email alerts: 37 Complete UDP range: [32412-32414] Syslog hostname: nook Global stats: chain: interface: protocol: packets: INPUT br1 udp 6 OUTPUT br1 udp 12
從路由器:
=-=-=-=-=-=-=-=-=-=-=-= Tue May 3 18:40:49 2016 =-=-=-=-=-=-=-=-=-=-=-= Danger level: [2] (out of 5) Scanned UDP ports: [42608-58785: 6 packets, Nmap: -sU] iptables chain: INPUT (prefix "[UFW AUDIT]"), 6 packets Source: 192.168.1.1 DNS: NigamNet Destination: 192.168.1.69 DNS: nook.nigam.com Overall scan start: Tue May 3 18:35:58 2016 Total email alerts: 39 Complete UDP range: [32911-60857] Syslog hostname: nook Global stats: chain: interface: protocol: packets: INPUT br1 udp 119
從本地主機:
=-=-=-=-=-=-=-=-=-=-=-= Tue May 3 18:40:47 2016 =-=-=-=-=-=-=-=-=-=-=-= Danger level: [1] (out of 5) Multi-Protocol Scanned UDP ports: [33335: 2 packets, Nmap: -sU] iptables chain: INPUT (prefix "[UFW AUDIT]"), 1 packets iptables chain: OUTPUT (prefix "[UFW AUDIT]"), 1 packets Source: 127.0.0.1 DNS: localhost Destination: 127.0.0.1 DNS: localhost Overall scan start: Tue May 3 18:40:20 2016 Total email alerts: 5 Complete TCP range: [6789] Complete UDP range: [33335] Syslog hostname: nook Global stats: chain: interface: protocol: packets: OUTPUT lo tcp 3 OUTPUT lo udp 3 INPUT lo tcp 3 INPUT lo udp 3
來自我的 Roku:
=-=-=-=-=-=-=-=-=-=-=-= Tue May 3 07:03:33 2016 =-=-=-=-=-=-=-=-=-=-=-= Danger level: [3] (out of 5) Scanned UDP ports: [41598: 1 packets, Nmap: -sU] iptables chain: INPUT (prefix "[UFW BLOCK]"), 1 packets Source: 192.168.1.108 DNS: NP-4124DU054440.nigam.com Destination: 192.168.1.69 DNS: nook.nigam.com Overall scan start: Tue May 3 00:12:39 2016 Total email alerts: 191 Complete UDP range: [39474-41598] Syslog hostname: nook Global stats: chain: interface: protocol: packets: INPUT br1 udp 195
如果你想減少這種噪音,你必須調整你的防火牆。
在您的情況下,一種可能的方法可能是向您的防火牆添加一條規則,該規則允許來自本地網路的 UDP 埠上的所有傳入連接。