安全大神能帮忙分析这份简单的路由器日志么?

2015-07-05 09:27:01 +08:00
 ivanchou
上次发了一个贴 https://v2ex.com/t/202618 说的是闰秒问题,然后远程开启了路由器定期发送日志的功能。其中发现一行

[Time synchronized with NTP server] Friday, July 03, 2015 08:03:53

确实有可能是 NTP 时间同步是导致路由出了错


然后再顺便查看了其他的日志,发现路由日志显示有 Dos 攻击,还有远程登录,192.168.2.2 当时分配的应该是一台 小米盒子。虽然我感觉也没什么大碍,就这么几条日志,但好奇为什么总来自那么一两个 IP 地址。家里人不会用 torrent,应该也不是下载的日志。

ps 所有的 DHCP 日志都已过滤掉



[Time synchronized with NTP server] Friday, July 03, 2015 08:03:53
[UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 19:59:15
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:18:52
[LAN access from remote] from 36.63.106.32:13797 to 192.168.2.2:1443, Thursday, July 02, 2015 18:18:24
[LAN access from remote] from 36.63.106.32:13753 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:45
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:30
[LAN access from remote] from 36.63.106.32:13733 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:29
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:26
[LAN access from remote] from 36.63.106.32:13708 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:14
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:56
[LAN access from remote] from 36.63.106.32:13645 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:40
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:26
[LAN access from remote] from 36.63.106.32:13621 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:24
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:10
[LAN access from remote] from 36.63.106.32:13603 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:09
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:05:04
[UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 16:38:24
[LAN access from remote] from 36.63.106.182:18629 to 192.168.2.2:1443, Thursday, July 02, 2015 16:04:18
[LAN access from remote] from 36.63.106.182:18562 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:44
[LAN access from remote] from 36.63.106.182:18527 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:27
[LAN access from remote] from 36.63.106.182:18486 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:12
[LAN access from remote] from 36.63.63.96:13617 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:46
[LAN access from remote] from 36.63.63.96:13557 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:18
[LAN access from remote] from 36.63.63.96:13520 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:06
[LAN access from remote] from 36.63.63.96:13491 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:57
[LAN access from remote] from 36.63.63.96:17395 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:35
[UPnP set event: del_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 09:44:23
4623 次点击
所在节点    程序员
3 条回复
goodmine
2015-07-05 09:54:17 +08:00
时间不应该浪费在这里,装个付费版的防火墙
lk09364
2015-07-05 10:20:04 +08:00
抓包吧。
JerningChan
2015-07-06 10:29:05 +08:00
你还敢用小米的东西呀?
我看到现在国内的所谓智能的电子产品就一个性质"流氓"
他们太懂得如何去介入不太懂it的家庭了
之前还有个好像小米路由器,搞什么网络挟持的...

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/203401

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX