Linux 主机到主机迁移

Question

dev devv

Asked: 2018-12-13 11:48:08 +0800 CST2018-12-13 11:48:08 +0800 CST 2018-12-13 11:48:08 +0800 CST

如何解释防火墙日志？

772

今天我在 ssh 服务器上发现了一些失败的身份验证尝试，我决定检查所有日志中的可疑活动。这是我的路由器防火墙日志（其中的一小部分）：

Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=118.179.50.73 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=107 ID=16939 DF PROTO=TCP SPT=28279 DPT=54281 SEQ=1104099122 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.173.108.248 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=4775 DF PROTO=TCP SPT=53946 DPT=54281 SEQ=1573294371 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=118.179.50.73 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=16940 PROTO=UDP SPT=28273 DPT=54281 LEN=28 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.173.108.248 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=4776 PROTO=UDP SPT=1033 DPT=54281 LEN=28 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=195.34.75.108 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30112 PROTO=UDP SPT=50909 DPT=54281 LEN=28 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.161.151.68 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25107 DF PROTO=TCP SPT=53776 DPT=54281 SEQ=347621257 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=84.111.225.41 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=116 ID=26401 PROTO=UDP SPT=12821 DPT=54281 LEN=38 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.161.151.68 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25161 PROTO=UDP SPT=41441 DPT=54281 LEN=28 
Dec 12 21:24:12 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=62.105.150.126 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=7340 PROTO=UDP SPT=12168 DPT=54281 LEN=28 
Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=3059 DF PROTO=TCP SPT=50770 DPT=54281 SEQ=2242830855 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=212.20.52.84 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=10982 PROTO=TCP SPT=50675 DPT=54281 SEQ=3429675197 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204058401010402) 
Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=3060 PROTO=UDP SPT=60706 DPT=54281 LEN=28 
Dec 12 21:24:13 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=11488 DF PROTO=TCP SPT=63348 DPT=54281 SEQ=843677449 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405780103030801010402) 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=11489 PROTO=UDP SPT=31619 DPT=54281 LEN=28 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=10611 DF PROTO=TCP SPT=53604 DPT=54281 SEQ=53119836 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=77.123.52.193 DST=<MyExternalIP> LEN=52 TOS=0x10 PREC=0x80 TTL=119 ID=29732 DF PROTO=TCP SPT=64670 DPT=54281 SEQ=1393693542 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=212.20.52.84 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=10983 PROTO=UDP SPT=22401 DPT=54281 LEN=28 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=77.123.52.193 DST=<MyExternalIP> LEN=48 TOS=0x10 PREC=0x80 TTL=119 ID=29733 PROTO=UDP SPT=36118 DPT=54281 LEN=28 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.130.145.208 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=18200 DF PROTO=TCP SPT=49314 DPT=54281 SEQ=3961523561 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=10703 PROTO=UDP SPT=16543 DPT=54281 LEN=28 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=37.57.203.228 DST=<MyExternalIP> LEN=132 TOS=0x00 PREC=0x20 TTL=56 ID=19350 PROTO=UDP SPT=8999 DPT=54281 LEN=112 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.149.95.146 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=23986 DF PROTO=TCP SPT=57083 DPT=54281 SEQ=2426085934 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405A00103030801010402) 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=46.149.95.146 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=23987 PROTO=UDP SPT=63090 DPT=54281 LEN=28 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.130.145.208 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=18201 PROTO=UDP SPT=21431 DPT=54281 LEN=28 
Dec 12 21:24:14 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.200.239.123 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=50 ID=8283 DF PROTO=UDP SPT=2305 DPT=54281 LEN=38 
Dec 12 21:24:15 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=4707 PROTO=UDP SPT=11408 DPT=54281 LEN=28 
Dec 12 21:24:15 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=4708 DF PROTO=TCP SPT=59712 DPT=54281 SEQ=1602137000 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:15 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.202.212.89 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=23841 PROTO=UDP SPT=53432 DPT=54281 LEN=28 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=31100 PROTO=UDP SPT=39200 DPT=54281 LEN=28 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31101 DF PROTO=TCP SPT=50522 DPT=54281 SEQ=1220006373 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020404B40103030801010402) 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22035 DF PROTO=TCP SPT=61903 DPT=54281 SEQ=1593701078 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204055001010402) 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22034 PROTO=UDP SPT=26284 DPT=54281 LEN=28 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=213.59.151.172 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=12178 DF PROTO=TCP SPT=63771 DPT=54281 SEQ=930542000 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=8550 PROTO=UDP SPT=21317 DPT=54281 LEN=28 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=113 ID=8551 DF PROTO=TCP SPT=51072 DPT=54281 SEQ=2244867843 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) 
Dec 12 21:24:16 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=213.59.151.172 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=12179 PROTO=UDP SPT=40315 DPT=54281 LEN=28 
Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.216.6.157 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15453 DF PROTO=TCP SPT=55479 DPT=54281 SEQ=2506165195 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.216.6.157 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=15452 PROTO=UDP SPT=54615 DPT=54281 LEN=28 
Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=178.44.31.190 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=114 ID=10292 DF PROTO=TCP SPT=52489 DPT=54281 SEQ=3570098040 ACK=0 WINDOW=17520 RES=0x00 SYN URGP=0 OPT (020405AC0103030801010402) 
Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=178.44.31.190 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=114 ID=10293 PROTO=UDP SPT=18160 DPT=54281 LEN=28 
Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.200.239.123 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=50 ID=8699 DF PROTO=UDP SPT=2305 DPT=54281 LEN=38 
Dec 12 21:24:17 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=195.34.75.108 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=30113 DF PROTO=TCP SPT=50598 DPT=54281 SEQ=3590616573 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=4709 DF PROTO=TCP SPT=59712 DPT=54281 SEQ=1602137000 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=195.34.75.108 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=30114 PROTO=UDP SPT=50909 DPT=54281 LEN=28 
Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=79.137.155.249 DST=<MyExternalIP> LEN=131 TOS=0x00 PREC=0x00 TTL=116 ID=11662 PROTO=UDP SPT=47493 DPT=54281 LEN=111 
Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=82.193.102.250 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=4710 PROTO=UDP SPT=11408 DPT=54281 LEN=28 
Dec 12 21:24:18 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=84.111.225.41 DST=<MyExternalIP> LEN=58 TOS=0x00 PREC=0x00 TTL=116 ID=26771 PROTO=UDP SPT=12821 DPT=54281 LEN=38 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.180.28.179 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=114 ID=25301 PROTO=UDP SPT=35280 DPT=54281 LEN=28 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.180.28.179 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=114 ID=25302 DF PROTO=TCP SPT=64903 DPT=54281 SEQ=1266165314 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405AC0103030201010402) 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31102 DF PROTO=TCP SPT=50522 DPT=54281 SEQ=1220006373 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020404B40103030801010402) 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22616 DF PROTO=TCP SPT=61903 DPT=54281 SEQ=1593701078 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204055001010402) 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=3061 DF PROTO=TCP SPT=50770 DPT=54281 SEQ=2242830855 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=95.26.134.24 DST=<MyExternalIP> LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=22652 PROTO=UDP SPT=26284 DPT=54281 LEN=28 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x20 TTL=113 ID=11838 DF PROTO=TCP SPT=51072 DPT=54281 SEQ=2244867843 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=91.76.129.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x20 TTL=113 ID=11845 PROTO=UDP SPT=21317 DPT=54281 LEN=28 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=185.189.113.249 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=31103 PROTO=UDP SPT=39200 DPT=54281 LEN=28 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=62.105.150.126 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=13254 DF PROTO=TCP SPT=55827 DPT=54281 SEQ=992095076 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.196.224.8 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=3062 PROTO=UDP SPT=60706 DPT=54281 LEN=28 
Dec 12 21:24:19 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=11490 DF PROTO=TCP SPT=63349 DPT=54281 SEQ=843677449 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405780103030801010402) 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13024 DF PROTO=TCP SPT=53604 DPT=54281 SEQ=53119836 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=129.45.17.183 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=11491 PROTO=UDP SPT=31619 DPT=54281 LEN=28 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.202.53.239 DST=<MyExternalIP> LEN=131 TOS=0x00 PREC=0x00 TTL=120 ID=20618 PROTO=UDP SPT=27874 DPT=54281 LEN=111 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=77.123.52.193 DST=<MyExternalIP> LEN=48 TOS=0x10 PREC=0x80 TTL=119 ID=29735 PROTO=UDP SPT=36118 DPT=54281 LEN=28 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=31.130.145.208 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=18202 DF PROTO=TCP SPT=49314 DPT=54281 SEQ=3961523561 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=88.216.6.157 DST=<MyExternalIP> LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15454 DF PROTO=TCP SPT=55479 DPT=54281 SEQ=2506165195 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402) 
Dec 12 21:24:20 kernel: DROP IN=eth0 OUT= MAC=10:7b:44:58:cc:b0:00:1d:70:81:e9:00:08:00 SRC=109.124.25.61 DST=<MyExternalIP> LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13164 PROTO=UDP SPT=16543 DPT=54281 LEN=28

我对传入请求的数量感到惊讶，我立即关闭了所有设备和服务，以检查诸如种子之类的东西是否正在生成此请求。

但不幸的是，它并没有停止。

我决定分析它，我抓取了最新的 ~5 分钟日志并做了：

cat firewall.txt | grep DROP |awk '{print $9}'| sort | uniq | wc -l找到唯一的 IP-s。结果是1466。对我来说，这看起来像是 DDOS 攻击，但我不确定。

有人可以解释一下LEN路由器日志后列的含义吗？

我想了解发生了什么...

1 个回答

Voted

Zoredache · Answer 1 · 2018-12-13T14:17:43+08:00

其中大部分是用于 IPv4、TCP 和 UDP 标头的字段/标志的名称的非常明显的缩写。

字段。

IN     incoming interface
OUT    outgoing interface
MAC    hardware address
SRC    IP address in the source field in the IP header
DST    IP address in the destination field of the IP header
LEN    Length of the IP packet
TOS    originally called Type of service, these days it is the Differentiated Services Code Point
TTL    Time to live
PROTO  name of protocol tcp/udp are most common
SPT    Source port from tcp/udp header
DPT    Destination port from tcp/udp header
DF     TCP don't fragment flag
SYN    TCP Syn Flag
ACK    TCP Ack flag
WINDOW TCP Window
SEQ    Sequency number

无论如何，大多数这些数据包中的共同点是DPT=54281. 您在日志中发布的大部分内容都是 UDP，但其中也有一些 TCP。谷歌建议，如果你有其中一个，这可能是 Apple XSAN 使用的端口。但它也可能是任何其他也使用该端口的服务。

如何解释防火墙日志？

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

如何解释防火墙日志？

1 个回答

相关问题