• 860

[研究所] MikroTik RouterOS 學習 (持續更新)

gfx wrote:
謝謝,我已經懂得怎使(恕刪)


您好~想請問這個line notify的設定部份,有沒有能參考的教學呢?
eric2231 wrote:
您好~想請問這個line...(恕刪)
有教學,但是是泰文建議搭翻譯進行導覽。
連結
gfx wrote:
有教學,但是是泰文建(恕刪)


喔喔,還能這樣啊,來研究一下,感謝分享。
最近看到rb750gr3的log有奇怪的內容,
可能1、2個月會看到一次,
都來自不同的ip,
請問這是什麼問題呢?
部份內容如下

111.7.96.149 #026#003#000#000i#001#000#000e#003#003U#034 - - - #026#003#000#000i#001#000#000e#003#003U#034Ȥrandom1random2random3random4#000#000#014#000
111.7.96.149 #026#003#000#000S#001#000#000O#003#000?G - - - #026#003#000#000S#001#000#000O#003#000?Gطڬ者`~󣰰0񂻹Ֆɷܦś<=ܯ20n#000#000(#000#026#000#02
GET - - - / HTTP/1.0#015
111.7.96.149 #01 - - - #01
111.7.96.149 #01 - - - #01
111.7.96.149 #01 - - - #01
111.7.96.149 HELP#01 - - - HELP#01
OPTIONS - - - / HTTP/1.0#015
111.7.96.149 #01 - - - #01
OPTIONS - - - / RTSP/1.0#015
111.7.96.149 #01 - - - #01
111.7.96.149 #000#000#000qj - - - #000#000#000qj®0«c003#002#001#005£003#002#00
OPTIONS sip - - - sip:nm SIP/2.0#015
111.7.96.149 Via - - - Via: SIP/2.0/TCP nm;branch=foo#015
111.7.96.149 From - - - From: <sip:nm@nm>;tag=root#015
111.7.96.149 To - - - To: <sip:nm2@nm2>#015
111.7.96.149 Call-ID - - - Call-ID: 50000#015
111.7.96.149 CSeq - - - CSeq: 42 OPTIONS#015
111.7.96.149 Max-Forwards - - - Max-Forwards: 70#015
111.7.96.149 Content-Length - - - Content-Length: 0#015
111.7.96.149 Contact - - - Contact: <sip:nm@nm>#015
111.7.96.149 Accept - - - Accept: application/sdp#015
111.7.96.149 #01 - - - #01
GET - - - /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0#015
111.7.96.149 #01 - - - #01
111.7.96.149 #001defaul - - - #001defaul
111.7.96.149 - - -
111.7.96.149 #000#000-#002#001#007c - - - #000#000-#002#001#007cģ000#000#000$#00
111.7.96.149 #00 - - - #00
111.7.96.149 #00 - - - #00
111.7.96.149 #003#000#000*% - - - #003#000#000*%ࣰ00#000#000#000#000Cookie: mstshash=nmap#015
<13>1 2021-03-07T04:09:12.650918+08:00 111.7.96.149 EHLO#01 - - - EHLO#01
<13>1 2021-03-07T04:09:19.731419+08:00 #001#003#001#000u#000#000#000 #000#000f#000#000e#000#000d#000#000c#000#000b#000#000 - - - #000#000f#000#000e#000#000d#000#000c#000#000b#000#000:#000#0009#000#0008#000#0005#000#0004#000#0003#000#0002#000#000/#000#000#033#000#000#032#000#000#031#000#000#030#000#000#027#000#000#026#000#000#025#000#000#024#000#000#023#000#000#022#000#000#021#000
111.7.96.149 Subscrib - - - Subscrib
111.7.96.149 Quer - - - Quer
111.7.96.149 #005#004#000#001#002 - - - #005#004#000#001#002#005#001#000#00
google.com#000PGET - - - / HTTP/1.0#015
111.7.96.149 #01 - - - #01
111.7.96.149 HEL - - - HEL
111.7.96.149 stats#01 - - - stats#01
0 #000#000#000#001#000#000#000#023#000#000#000#002#000#000#000$#000#000#000#013service_mgr#000#000#000#000#002#000#000#000#023#001#010scanner #004#005nmap - - - #004#005nmap #006#000#000#000#000#000#010#000#000#000#001#000#000#000#002#000#000#000#003#000#000#000#002#000#000
0 111.7.96.149 #004 - - - #004>S#003UR#000#000<#000#000#000#005#000#000#000#000#000#000#000#000#000#032#000<#000#000#000#00
111.7.96.149 #0224#000#00 - - - #0224#000#00
111.7.96.149 serverstatus#01 - - - serverstatus#01
111.7.96.149 #S - - - #S
TSH #000#000#000 - - - #000#000#000죰01#0011#000#000#000#000#000#000#000#000#000#000#000#001#021#004أ000#000ID
111.7.96.149 #000#000#000#000#000#000#000#177 - - - #000#000#000#000#000#000#000#177򣰰6@#000#000#000#000#000#000SYSTEM.ADMIN.SVRCONNQ#000#004ٮmap-probe #000#000#000#001#000j#000#000#000󣰰0󿿿󿿿󿿿󿿣000#000#000#000#000#000#000#000
GET - - - /server-info HTTP/1.1#015
111.7.96.149 Client-DPAP-Version - - - Client-DPAP-Version: 1.1#015
111.7.96.149 User-Agent - - - User-Agent: iPhoto/9.1.1 (Macintosh; N; PPC)#015
111.7.96.149 #01 - - - #01
111.7.96.149 *1#01 - - - *1#01
111.7.96.149 $4#01 - - - $4#01
111.7.96.149 info#01 - - - info#01
show info#01 - - - info#01
GET - - - /version HTTP/1.1#015
111.7.96.149 #01 - - - #01
WWWOFFLE STATUS#01 - - - STATUS#01
GET - - - /?CAVIT HTTP/1.1#015
111.7.96.149 #01 - - - #01
#033%-12345X@PJL INFO - - - INFO ID#015
111.7.96.149 #033%-12345X#01 - - - #033%-12345X#01
GET - - - /api HTTP/1.0#015
111.7.96.149 #01 - - - #01
GET - - - /hazelcast/rest/cluster HTTP/1.0#015
111.7.96.149 #01 - - - #01
111.7.96.149 #01 - - - #01
awenh wrote:
111.7.96.149
既然log出現大量的111.7.96.149連結訊息,怎麼沒思考先將這ip封鎖再說。
gfx wrote:
既然log出現大量的111...(恕刪)

類似的內容從2016年來出現了大概25次,
每次都是不同的ip,
該ip出現在log中大概5分後就會消失,
想請教這樣是否有被侵入?
其中一次完整的訊息如下。


warning denied - - - denied winbox/dude connect from 52.229.56.124
GET - - - / HTTP/1.0#015
52.229.56.124 #01 - - - #01
52.229.56.124 #01 - - - #01
52.229.56.124 #01 - - - #01
OPTIONS - - - / HTTP/1.0#015
52.229.56.124 #01 - - - #01
OPTIONS - - - / RTSP/1.0#015
52.229.56.124 #01 - - - #01
52.229.56.124 HELP#01 - - - HELP#01
52.229.56.124 #026#003#000#000S#001#000#000O#003#000?G - - - #026#003#000#000S#001#000#000O#003#000?Gطڬ者`~󣰰0Ֆɷܦś<=ܯ20n#000#000(#000#026#000#02
52.229.56.124 #026#003#000#000i#001#000#000e#003#003U#034 - - - #026#003#000#000i#001#000#000e#003#003U#034Ȥrandom1random2random3random4#000#000#014#000
52.229.56.124 #000#000#000qj - - - #000#000#000qj®0«c003#002#001#005£003#002#00
GET - - - /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0#015
52.229.56.124 #01 - - - #01
52.229.56.124 #001defaul - - - #001defaul
huang rsyslogd - - - rsyslogd:Framing Error in received TCP message: delimiter is not SP but has ASCII value 12.
huang rsyslogd - - - rsyslogd:Framing Error in received TCP message: invalid octet count 0.
52.229.56.124 #00 - - - #00
OPTIONS sip - - - sip:nm SIP/2.0#015
52.229.56.124 Via - - - Via: SIP/2.0/TCP nm;branch=foo#015
52.229.56.124 From - - - From: <sip:nm@nm>;tag=root#015
52.229.56.124 To - - - To: <sip:nm2@nm2>#015
52.229.56.124 Call-ID - - - Call-ID: 50000#015
52.229.56.124 CSeq - - - CSeq: 42 OPTIONS#015
52.229.56.124 Max-Forwards - - - Max-Forwards: 70#015
52.229.56.124 Content-Length - - - Content-Length: 0#015
52.229.56.124 Contact - - - Contact: <sip:nm@nm>#015
52.229.56.124 Accept - - - Accept: application/sdp#015
52.229.56.124 #01 - - - #01
warning denied - - - denied winbox/dude connect from 52.229.56.124
warning denied - - - denied winbox/dude connect from 52.229.56.124
warning denied - - - denied winbox/dude connect from 52.229.56.124
#026#003#001#002#000#001#000#0013#003c036Hؠ| - - - |יӶjż򟱣031ᶴ9ɼ#025#017ɧl#000#000У000#005#000#004#000#002#000#001#000#026#0003#0009#000:#000#030#0005
52.229.56.124 #000#033#000 - - - #000#033#000/#0004#020#006#025#013#001#000;0,($#024
52.229.56.124 #000 - - - #000ã000ߣ000k#000j#0008#000ȣ000Ȁ#031#000ǣ000m#000ʀ2.*#005#000ݣ000=#000ŀ/+'##023#011#000£000ޣ000g#000@#0002#000ڣ000٣000E#000D#030#000ƣ000l#000ۣ000F1-)%#016#004#000ܣ000<#00
52.229.56.124 #000#034#000#032#000#027#000#031#000#034#000#033#000#030#000#032#000#026#000#016#000#015#000#013#000#014#000#01 - - - #000#034#000#032#000#027#000#031#000#034#000#033#000#030#000#032#000

怪怪的,前幾天我的Router好安靜,要連進來的沒幾個IP(也有可能我己將常進來的網段封了,封到x.x.0.0/16),但昨天到今天卻進來了了4-500個,好多重覆在/16,一次多封了10多個,目前/16封了41個.
也發現到51.x.x.x也有3-40個IP,原想直接封掉51.0.0.0/8,但後來發現這個網段在是歐洲網路資訊中心發出來的IP,會不會封了以後我去歐洲會連不進來啊~
目前固定封掉的網段前幾名好可怕的連絡記錄.
請問最近買了一台RB750GR3 設定完
NAS 我上傳影片1G左右比之前慢一些 70MB左右
之前用ASUS AC66B1 上傳有90MB以上
不知道是有設定到什麼 謝謝

剛去看設定怎變100M 但NAS有偵測是1G
現在跑只有10M
canerhsu wrote:
怪怪的,前幾天我的Router好安靜,要連進來的沒幾個IP(也有可能我己將常進來的網段封了,封到x.x.0.0/16),但昨天到今天卻進來了了4-500個,好多重覆在/16,一次多封了10多個,目前/16封了41個.
也發現到51.x.x.x也有3-40個IP,原想直接封掉51.0.0.0/8,但後來發現這個網段在是歐洲網路資訊中心發出來的IP,會不會封了以後我去歐洲會連不進來啊~


有定期做韌體更新?
10203040 wrote:
請問最近買了一台RB750GR3...(恕刪)
/ip firewall filter新增:




新增後將位置拉到視窗最上方置頂。
  • 860
內文搜尋
X
評分
評分
複製連結
請輸入您要前往的頁數(1 ~ 860)
Mobile01提醒您
您目前瀏覽的是行動版網頁
是否切換到電腦版網頁呢?