最近看到rb750gr3的log有奇怪的內容,可能1、2個月會看到一次,都來自不同的ip,請問這是什麼問題呢?部份內容如下111.7.96.149 #026#003#000#000i#001#000#000e#003#003U#034 - - - #026#003#000#000i#001#000#000e#003#003U#034Ȥrandom1random2random3random4#000#000#014#000111.7.96.149 #026#003#000#000S#001#000#000O#003#000?G - - - #026#003#000#000S#001#000#000O#003#000?Gطڬ者`~0Ֆɷܦś<=ܯ20n#000#000(#000#026#000#02GET - - - / HTTP/1.0#015111.7.96.149 #01 - - - #01111.7.96.149 #01 - - - #01111.7.96.149 #01 - - - #01111.7.96.149 HELP#01 - - - HELP#01OPTIONS - - - / HTTP/1.0#015111.7.96.149 #01 - - - #01OPTIONS - - - / RTSP/1.0#015111.7.96.149 #01 - - - #01111.7.96.149 #000#000#000qj - - - #000#000#000qj®0«c003#002#001#005£003#002#00OPTIONS sip - - - sip:nm SIP/2.0#015111.7.96.149 Via - - - Via: SIP/2.0/TCP nm;branch=foo#015111.7.96.149 From - - - From: <sip:nm@nm>;tag=root#015111.7.96.149 To - - - To: <sip:nm2@nm2>#015111.7.96.149 Call-ID - - - Call-ID: 50000#015111.7.96.149 CSeq - - - CSeq: 42 OPTIONS#015111.7.96.149 Max-Forwards - - - Max-Forwards: 70#015111.7.96.149 Content-Length - - - Content-Length: 0#015111.7.96.149 Contact - - - Contact: <sip:nm@nm>#015111.7.96.149 Accept - - - Accept: application/sdp#015111.7.96.149 #01 - - - #01GET - - - /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0#015111.7.96.149 #01 - - - #01111.7.96.149 #001defaul - - - #001defaul111.7.96.149 - - -111.7.96.149 #000#000-#002#001#007c - - - #000#000-#002#001#007cģ000#000#000$#00111.7.96.149 #00 - - - #00111.7.96.149 #00 - - - #00111.7.96.149 #003#000#000*% - - - #003#000#000*%ࣰ00#000#000#000#000Cookie: mstshash=nmap#015<13>1 2021-03-07T04:09:12.650918+08:00 111.7.96.149 EHLO#01 - - - EHLO#01<13>1 2021-03-07T04:09:19.731419+08:00 #001#003#001#000u#000#000#000 #000#000f#000#000e#000#000d#000#000c#000#000b#000#000 - - - #000#000f#000#000e#000#000d#000#000c#000#000b#000#000:#000#0009#000#0008#000#0005#000#0004#000#0003#000#0002#000#000/#000#000#033#000#000#032#000#000#031#000#000#030#000#000#027#000#000#026#000#000#025#000#000#024#000#000#023#000#000#022#000#000#021#000111.7.96.149 Subscrib - - - Subscrib111.7.96.149 Quer - - - Quer111.7.96.149 #005#004#000#001#002 - - - #005#004#000#001#002#005#001#000#00google.com#000PGET - - - / HTTP/1.0#015111.7.96.149 #01 - - - #01111.7.96.149 HEL - - - HEL111.7.96.149 stats#01 - - - stats#010 #000#000#000#001#000#000#000#023#000#000#000#002#000#000#000$#000#000#000#013service_mgr#000#000#000#000#002#000#000#000#023#001#010scanner #004#005nmap - - - #004#005nmap #006#000#000#000#000#000#010#000#000#000#001#000#000#000#002#000#000#000#003#000#000#000#002#000#0000 111.7.96.149 #004 - - - #004>S#003UR#000#000<#000#000#000#005#000#000#000#000#000#000#000#000#000#032#000<#000#000#000#00111.7.96.149 #0224#000#00 - - - #0224#000#00111.7.96.149 serverstatus#01 - - - serverstatus#01111.7.96.149 #S - - - #STSH #000#000#000 - - - #000#000#000죰01#0011#000#000#000#000#000#000#000#000#000#000#000#001#021#004أ000#000ID111.7.96.149 #000#000#000#000#000#000#000#177 - - - #000#000#000#000#000#000#000#1776@#000#000#000#000#000#000SYSTEM.ADMIN.SVRCONNQ#000#004ٮmap-probe #000#000#000#001#000j#000#000#0000000#000#000#000#000#000#000#000GET - - - /server-info HTTP/1.1#015111.7.96.149 Client-DPAP-Version - - - Client-DPAP-Version: 1.1#015111.7.96.149 User-Agent - - - User-Agent: iPhoto/9.1.1 (Macintosh; N; PPC)#015111.7.96.149 #01 - - - #01111.7.96.149 *1#01 - - - *1#01111.7.96.149 $4#01 - - - $4#01111.7.96.149 info#01 - - - info#01show info#01 - - - info#01GET - - - /version HTTP/1.1#015111.7.96.149 #01 - - - #01WWWOFFLE STATUS#01 - - - STATUS#01GET - - - /?CAVIT HTTP/1.1#015111.7.96.149 #01 - - - #01#033%-12345X@PJL INFO - - - INFO ID#015111.7.96.149 #033%-12345X#01 - - - #033%-12345X#01GET - - - /api HTTP/1.0#015111.7.96.149 #01 - - - #01GET - - - /hazelcast/rest/cluster HTTP/1.0#015111.7.96.149 #01 - - - #01111.7.96.149 #01 - - - #01
gfx wrote:既然log出現大量的111...(恕刪) 類似的內容從2016年來出現了大概25次,每次都是不同的ip,該ip出現在log中大概5分後就會消失,想請教這樣是否有被侵入?其中一次完整的訊息如下。warning denied - - - denied winbox/dude connect from 52.229.56.124GET - - - / HTTP/1.0#01552.229.56.124 #01 - - - #0152.229.56.124 #01 - - - #0152.229.56.124 #01 - - - #01OPTIONS - - - / HTTP/1.0#01552.229.56.124 #01 - - - #01OPTIONS - - - / RTSP/1.0#01552.229.56.124 #01 - - - #0152.229.56.124 HELP#01 - - - HELP#0152.229.56.124 #026#003#000#000S#001#000#000O#003#000?G - - - #026#003#000#000S#001#000#000O#003#000?Gطڬ者`~0Ֆɷܦś<=ܯ20n#000#000(#000#026#000#0252.229.56.124 #026#003#000#000i#001#000#000e#003#003U#034 - - - #026#003#000#000i#001#000#000e#003#003U#034Ȥrandom1random2random3random4#000#000#014#00052.229.56.124 #000#000#000qj - - - #000#000#000qj®0«c003#002#001#005£003#002#00GET - - - /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0#01552.229.56.124 #01 - - - #0152.229.56.124 #001defaul - - - #001defaulhuang rsyslogd - - - rsyslogd:Framing Error in received TCP message: delimiter is not SP but has ASCII value 12.huang rsyslogd - - - rsyslogd:Framing Error in received TCP message: invalid octet count 0.52.229.56.124 #00 - - - #00OPTIONS sip - - - sip:nm SIP/2.0#01552.229.56.124 Via - - - Via: SIP/2.0/TCP nm;branch=foo#01552.229.56.124 From - - - From: <sip:nm@nm>;tag=root#01552.229.56.124 To - - - To: <sip:nm2@nm2>#01552.229.56.124 Call-ID - - - Call-ID: 50000#01552.229.56.124 CSeq - - - CSeq: 42 OPTIONS#01552.229.56.124 Max-Forwards - - - Max-Forwards: 70#01552.229.56.124 Content-Length - - - Content-Length: 0#01552.229.56.124 Contact - - - Contact: <sip:nm@nm>#01552.229.56.124 Accept - - - Accept: application/sdp#01552.229.56.124 #01 - - - #01warning denied - - - denied winbox/dude connect from 52.229.56.124warning denied - - - denied winbox/dude connect from 52.229.56.124warning denied - - - denied winbox/dude connect from 52.229.56.124#026#003#001#002#000#001#000#0013#003c036Hؠ| - - - |יӶjż031ᶴ9ɼ#025#017ɧl#000#000У000#005#000#004#000#002#000#001#000#026#0003#0009#000:#000#030#000552.229.56.124 #000#033#000 - - - #000#033#000/#0004#020#006#025#013#001#000;0,($#02452.229.56.124 #000 - - - #000ã000ߣ000k#000j#0008#000ȣ000Ȁ#031#000ǣ000m#000ʀ2.*#005#000ݣ000=#000ŀ/+'##023#011#000£000ޣ000g#000@#0002#000ڣ000٣000E#000D#030#000ƣ000l#000ۣ000F1-)%#016#004#000ܣ000<#0052.229.56.124 #000#034#000#032#000#027#000#031#000#034#000#033#000#030#000#032#000#026#000#016#000#015#000#013#000#014#000#01 - - - #000#034#000#032#000#027#000#031#000#034#000#033#000#030#000#032#000
怪怪的,前幾天我的Router好安靜,要連進來的沒幾個IP(也有可能我己將常進來的網段封了,封到x.x.0.0/16),但昨天到今天卻進來了了4-500個,好多重覆在/16,一次多封了10多個,目前/16封了41個.也發現到51.x.x.x也有3-40個IP,原想直接封掉51.0.0.0/8,但後來發現這個網段在是歐洲網路資訊中心發出來的IP,會不會封了以後我去歐洲會連不進來啊~目前固定封掉的網段前幾名好可怕的連絡記錄.
請問最近買了一台RB750GR3 設定完NAS 我上傳影片1G左右比之前慢一些 70MB左右之前用ASUS AC66B1 上傳有90MB以上不知道是有設定到什麼 謝謝剛去看設定怎變100M 但NAS有偵測是1G現在跑只有10M
canerhsu wrote:怪怪的,前幾天我的Router好安靜,要連進來的沒幾個IP(也有可能我己將常進來的網段封了,封到x.x.0.0/16),但昨天到今天卻進來了了4-500個,好多重覆在/16,一次多封了10多個,目前/16封了41個.也發現到51.x.x.x也有3-40個IP,原想直接封掉51.0.0.0/8,但後來發現這個網段在是歐洲網路資訊中心發出來的IP,會不會封了以後我去歐洲會連不進來啊~ 有定期做韌體更新?