這是我的路由器的日誌。
首先我受到了藍精靈的攻擊-看看路由器日誌中的“DoS 攻擊:Smurf” - 我應該擔心嗎?
現在這個。
我在無線路由器日誌中看到一些條目,這些條目可能表示可能發生某種漏洞或攻擊。然而,我不知道;也許我所看到的很平常,我不該擔心。
因此,我請求幫助解釋它以了解正在發生的事情。如果有什麼事情應該讓我擔心,這意味著什麼,怎麼能阻止它?
[LAN access from remote] from 89.93.100.201:38730 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:08
[LAN access from remote] from 89.93.100.201:53842 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:08
[LAN access from remote] from 46.150.97.81:42668 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:05
[LAN access from remote] from 77.40.122.127:1025 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:04
[LAN access from remote] from 77.121.34.235:62155 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:04
[LAN access from remote] from 222.161.212.71:20406 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:03
[LAN access from remote] from 5.20.145.169:6881 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:02
[LAN access from remote] from 124.90.57.0:44539 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:59
[LAN access from remote] from 95.188.204.86:6899 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:59
[LAN access from remote] from 112.118.239.58:22695 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:58
[LAN access from remote] from 175.156.244.90:35416 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:58
[LAN access from remote] from 59.97.130.10:52048 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:58
[UPnP set event: Public_UPNP_C3] from source 192.168.1.2, Tuesday, Oct 28,2014 07:42:56
[Admin login] from source 192.168.1.2, Tuesday, Oct 28,2014 07:37:36
第 2 部分以下是我開始寫這篇文章以來發生的事情
我不確定這是否意味著 MAC 位址 70:DE:E2:1B:4F:3F 在多次嘗試失敗後於 2014 年 10 月 28 日 18:21:20 獲得了對我的無線路由器的存取權限。我查看了路由器,發現它已連接,但設備名稱為空。這就是它的意思嗎?
這是日誌
[DHCP IP: (192.168.1.7)] to MAC address 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:48:04
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 18:41:16
[DHCP IP: (192.168.1.7)] to MAC address 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:36:16
[DHCP IP: (192.168.1.7)] to MAC address 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:21:20
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:21:04
[DHCP IP: (192.168.1.8)] to MAC address BC:77:37:C8:55:A0, Tuesday, Oct 28,2014 18:18:46
[DoS attack: Smurf] attack packets in last 20 sec from ip [117.221.124.255], Tuesday, Oct 28,2014 18:18:05
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:17:29
[DHCP IP: (192.168.1.9)] to MAC address 00:16:01:BC:6E:88, Tuesday, Oct 28,2014 18:14:56
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 18:11:31
[Time synchronized with NTP server] Tuesday, Oct 28,2014 18:05:42
[Internet connected] IP address: 69.125.226.173, Tuesday, Oct 28,2014 18:05:42
[DHCP IP: (192.168.1.8)] to MAC address BC:77:37:C8:55:A0, Tuesday, Oct 28,2014 17:59:42
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:52:10
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:51:05
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 17:46:01
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:22:10
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:21:05
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 17:16:16
[DoS attack: Smurf] attack packets in last 20 sec from ip [79.117.15.255], Tuesday, Oct 28,2014 17:13:39
答案1
我查找了這些 IP 位址的一些地理位置:
124.90.57.0 = Hangzhou,Zhejiang Sheng,China,Asia
89.93.100.201 = Marseille,Bouches-du-Rhône,Provence-Alpes-Côte d'Azur,France,Europe
46.150.97.81 = Donetsk,Donets'ka Oblast',Ukraine,Europe
看起來你得到的流量相當隨機。如果您有任何東西可以重定向外部流量(例如網域),那麼我建議對此進行調查。如果您沒有託管任何東西,也許您可以要求您的 ISP 更改您的 IP 位址,無論是動態還是靜態。
如果有人對您進行 DDOS,那麼他們可能會使用代理,讓他們的 IP 看起來像是來自亞洲和歐洲。
答案2
是192.168.1.2您的桌面之一嗎?它是否配置為“DMZ”?如果是這樣,你將會收到很多垃圾。這個是正常的。當您將主機設定為 DMZ 時,路由器基本上會將所有新傳入連線轉送到該主機。如果您在路由器中使用 DMZ 設置,您的主機最好擁有正確配置的基於主機的防火牆。
您還應該考慮停用 UPNP,它允許網路上的裝置打開防火牆。