Security
Auth.log,每秒有數百個條目
由於來自許多不同 IP 的不斷條目,我的 Auth.log 變得超級重(每個文件 80G)。
Jun 20 14:00:36 localhost pluto[1796]: packet from 180.30.141.75:20532: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 217.7.68.178:33733: not enough room in input packet for ISAKMP Message (remain=26, sd->size=28) Jun 20 14:00:36 localhost pluto[1796]: packet from 217.7.68.178:33733: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 217.7.68.178:33733: next payload type of ISAKMP Message has an unknown value: 76 (0x4c) Jun 20 14:00:36 localhost pluto[1796]: packet from 217.7.68.178:33733: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 61.8.76.134:27325: not enough room in input packet for ISAKMP Message (remain=26, sd->size=28) Jun 20 14:00:36 localhost pluto[1796]: packet from 61.8.76.134:27325: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 103.21.206.53:27430: not enough room in input packet for ISAKMP Message (remain=26, sd->size=28) Jun 20 14:00:36 localhost pluto[1796]: packet from 103.21.206.53:27430: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 183.108.222.31:40693: not enough room in input packet for ISAKMP Message (remain=26, sd->size=28) Jun 20 14:00:36 localhost pluto[1796]: packet from 183.108.222.31:40693: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 219.85.139.163:43305: not enough room in input packet for ISAKMP Message (remain=26, sd->size=28) Jun 20 14:00:36 localhost pluto[1796]: packet from 219.85.139.163:43305: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 61.8.76.134:45894: next payload type of ISAKMP Message has an unknown value: 30 (0x1e) Jun 20 14:00:36 localhost pluto[1796]: packet from 61.8.76.134:45894: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 219.85.139.163:43305: next payload type of ISAKMP Message has an unknown value: 126 (0x7e) Jun 20 14:00:36 localhost pluto[1796]: packet from 219.85.139.163:43305: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 124.80.133.178:49554: not enough room in input packet for ISAKMP Message (remain=26, sd->size=28) Jun 20 14:00:36 localhost pluto[1796]: packet from 124.80.133.178:49554: Received packet with mangled IKE header - dropped Jun 20 14:00:36 localhost pluto[1796]: packet from 124.80.133.178:49554: exchange type of ISAKMP Message has an unknown value: 45 (0x2d) Jun 20 14:00:36 localhost pluto[1796]: packet from 124.80.133.178:49554: Received packet with mangled IKE header - dropped我不知道我是否是 DDOS,如果我是,我可以通過什麼方式保護自己。
這就是所有與 IPSec 相關的流量。你在使用 IPSec 嗎?如果沒有,只需對入站流量實施適當的限制性防火牆,日誌就會停止。如果您使用的是 IPSec,則可能創建一個防火牆白名單,將連接限製到您知道需要接受來自其的流量的 IP 地址。