端口被陌生 IP 恶意访问导致被 ban

Centos 6 x86 bbr LA 机房

之前一直正常使用，最近发现端口在国内无法访问

一开始没在意，就换了端口继续用，过了一天不到又 closed，于是去看了日志

发现最后几次连接是由不同 IP 发来的恶意连接请求，这些请求之后端口就被 closed 了

这属于服务器被攻击吗？

log：

2019-09-21 21:08:40 WARNING  unsupported addrtype 78, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 221.198.83.14:59208
2019-09-21 21:08:40 WARNING  unsupported addrtype 181, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 219.143.174.157:25665
2019-09-21 21:08:40 WARNING  unsupported addrtype 93, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 223.166.74.157:59194
2019-09-21 21:08:40 WARNING  unsupported addrtype 209, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 171.36.133.60:59190
2019-09-21 21:08:40 WARNING  unsupported addrtype 230, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 175.42.2.81:59206
2019-09-21 21:08:40 WARNING  unsupported addrtype 169, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 59.173.153.107:59192
2019-09-21 21:08:40 WARNING  unsupported addrtype 234, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 58.19.92.207:4857
2019-09-21 21:08:40 WARNING  unsupported addrtype 50, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 36.32.3.90:59210
2019-09-21 21:08:40 WARNING  unsupported addrtype 189, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 220.200.164.85:59200
2019-09-21 21:08:40 INFO     connecting <8e>ÊÎO^TgH<84>&Ì8^K<81>)D:4186 from 175.152.109.65:59202
2019-09-21 21:08:40 ERROR    invalid hostname: <8e>ÊÎO^TgH<84>&Ì8^K<81>)D when handling connection from 175.152.109.65:59202
2019-09-21 21:08:40 WARNING  unsupported addrtype 206, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 125.84.177.43:1559
2019-09-21 21:08:40 WARNING  unsupported addrtype 126, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 124.88.112.129:1759
2019-09-21 21:08:40 WARNING  unsupported addrtype 142, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 124.225.43.91:59188

一些想法

• 通过限制连接次数，判断出恶意连接后，拒绝陌生 ip 的访问(比如只能连 3 次，错误超过 3 次后列入黑名单)
• 建立白名单，只允许白名单内的 IP 访问该端口

希望各位能够推荐一些方法或应用 (抱拳