V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
ivanchou
V2EX  ›  程序员

安全大神能帮忙分析这份简单的路由器日志么?

  •  
  •   ivanchou · 2015-07-05 09:27:01 +08:00 · 4781 次点击
    这是一个创建于 3433 天前的主题,其中的信息可能已经有所发展或是发生改变。
    上次发了一个贴 https://v2ex.com/t/202618 说的是闰秒问题,然后远程开启了路由器定期发送日志的功能。其中发现一行

    [Time synchronized with NTP server] Friday, July 03, 2015 08:03:53

    确实有可能是 NTP 时间同步是导致路由出了错


    然后再顺便查看了其他的日志,发现路由日志显示有 Dos 攻击,还有远程登录,192.168.2.2 当时分配的应该是一台 小米盒子。虽然我感觉也没什么大碍,就这么几条日志,但好奇为什么总来自那么一两个 IP 地址。家里人不会用 torrent,应该也不是下载的日志。

    ps 所有的 DHCP 日志都已过滤掉



    [Time synchronized with NTP server] Friday, July 03, 2015 08:03:53
    [UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 19:59:15
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:18:52
    [LAN access from remote] from 36.63.106.32:13797 to 192.168.2.2:1443, Thursday, July 02, 2015 18:18:24
    [LAN access from remote] from 36.63.106.32:13753 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:45
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:30
    [LAN access from remote] from 36.63.106.32:13733 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:29
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:26
    [LAN access from remote] from 36.63.106.32:13708 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:14
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:56
    [LAN access from remote] from 36.63.106.32:13645 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:40
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:26
    [LAN access from remote] from 36.63.106.32:13621 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:24
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:10
    [LAN access from remote] from 36.63.106.32:13603 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:09
    [DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:05:04
    [UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 16:38:24
    [LAN access from remote] from 36.63.106.182:18629 to 192.168.2.2:1443, Thursday, July 02, 2015 16:04:18
    [LAN access from remote] from 36.63.106.182:18562 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:44
    [LAN access from remote] from 36.63.106.182:18527 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:27
    [LAN access from remote] from 36.63.106.182:18486 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:12
    [LAN access from remote] from 36.63.63.96:13617 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:46
    [LAN access from remote] from 36.63.63.96:13557 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:18
    [LAN access from remote] from 36.63.63.96:13520 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:06
    [LAN access from remote] from 36.63.63.96:13491 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:57
    [LAN access from remote] from 36.63.63.96:17395 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:35
    [UPnP set event: del_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 09:44:23
    3 条回复    2015-07-06 10:29:05 +08:00
    goodmine
        1
    goodmine  
       2015-07-05 09:54:17 +08:00
    时间不应该浪费在这里,装个付费版的防火墙
    lk09364
        2
    lk09364  
       2015-07-05 10:20:04 +08:00
    抓包吧。
    JerningChan
        3
    JerningChan  
       2015-07-06 10:29:05 +08:00
    你还敢用小米的东西呀?
    我看到现在国内的所谓智能的电子产品就一个性质"流氓"
    他们太懂得如何去介入不太懂it的家庭了
    之前还有个好像小米路由器,搞什么网络挟持的...
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3119 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 13:32 · PVG 21:32 · LAX 05:32 · JFK 08:32
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.