最近在家中上網時,Router一直丟出警告信,告知我有不明企圖的使用者要和我的實體IP的某個UDP Port連線。掃過毒,沒出現木馬後門之類的。
--- Log Begin ---
Sat Sep 19 16:17:50 2009 Unrecognized attempt blocked from 113.229.105.236:22732 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:17:53 2009 Unrecognized attempt blocked from 113.229.105.236:22732 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:17:54 2009 Unrecognized attempt blocked from 112.93.43.208:8183 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:17:57 2009 Unrecognized attempt blocked from 113.229.105.236:22732 to xxx.xxx.xxx.xxx UDP:32689
.
.
.
Sat Sep 19 16:33:10 2009 Unrecognized attempt blocked from 113.205.18.63:4119 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:33:10 2009 Unrecognized attempt blocked from 124.114.167.109:31547 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:33:14 2009 Unrecognized attempt blocked from 113.205.18.63:4119 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:33:18 2009 Unrecognized attempt blocked from 114.38.17.203:32032 to xxx.xxx.xxx.xxx UDP:32689
Sat Sep 19 16:33:19 2009 Unrecognized attempt blocked from 113.205.18.63:4119 to xxx.xxx.xxx.xxx UDP:32689
--- Log End ---
xxx.xxx.xxx.xxx 是我當時從HiNet拿到的動態實體IP。
我是使用中華電信的網路,使用NAT連出去,其他的使用者應該也是類似我這種狀況吧。照理說,如果我沒有和那些人的網路有過資料交換,他們應該不會知道我的實體IP,也無從攻擊起。即便是無差別攻擊,用暴力法試每個IP,應該也不會那麼快試到我,但就是密密麻麻一堆人,很奇怪。
讓Router重新再取一個新IP,只是換了一群人,但攻擊還是不斷,再多換個幾次就沒遇到了。有人有遭遇到和我類似的情況嗎?
========== 2009/09/20 20:05:00 補充 ==========
忘了說明,即便是電腦關機,僅剩網路設備還開著,Router還是會持續寄告警信到我指定的信箱,下次開機就會一口氣收進來了。
========== 2009/09/20 22:31:00 補充 ==========
仔細翻一下Log,其實TCP也是有的,只是沒注意看沒看到。
Issued at: Sun Sep 20 22:09:46 2009
--- Log Begin ---
Sun Sep 20 21:34:10 2009 Unrecognized attempt blocked from 114.45.98.252:52392 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 21:34:21 2009 Unrecognized attempt blocked from 116.49.156.210:3620 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 21:34:42 2009 Unrecognized attempt blocked from 220.141.36.104:3493 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 21:34:45 2009 Unrecognized attempt blocked from 220.141.36.104:3493 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 21:34:54 2009 Unrecognized attempt blocked from 114.36.25.66:2615 to xxx.xxx.xxx.xxx TCP:445
Sun Sep 20 21:34:55 2009 Unrecognized attempt blocked from 114.198.160.170:4448 to xxx.xxx.xxx.xxx TCP:20085
Sun Sep 20 21:34:58 2009 Unrecognized attempt blocked from 114.198.160.170:4448 to xxx.xxx.xxx.xxx TCP:20085
Sun Sep 20 21:35:03 2009 Unrecognized attempt blocked from 122.254.56.127:63085 to xxx.xxx.xxx.xxx TCP:20085
Sun Sep 20 21:35:06 2009 Unrecognized attempt blocked from 122.254.56.127:63085 to xxx.xxx.xxx.xxx TCP:20085
Sun Sep 20 21:35:08 2009 Unrecognized attempt blocked from 123.192.36.249:1915 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 21:35:09 2009 Unrecognized attempt blocked from 59.104.213.175:2020 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 21:35:11 2009 Unrecognized attempt blocked from 123.192.36.249:1915 to xxx.xxx.xxx.xxx TCP:4181
.
.
.
Sun Sep 20 22:06:23 2009 Unrecognized attempt blocked from 122.146.236.5:4279 to xxx.xxx.xxx.xxx TCP:20085
Sun Sep 20 22:06:27 2009 Unrecognized attempt blocked from 114.36.186.195:4780 to xxx.xxx.xxx.xxx TCP:139
Sun Sep 20 22:06:30 2009 Unrecognized attempt blocked from 122.146.236.5:4279 to xxx.xxx.xxx.xxx TCP:20085
Sun Sep 20 22:08:17 2009 Unrecognized attempt blocked from 118.169.60.46:3533 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 22:08:20 2009 Unrecognized attempt blocked from 118.169.60.46:3533 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 22:08:35 2009 Unrecognized attempt blocked from 124.8.15.12:2675 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 22:08:38 2009 Unrecognized attempt blocked from 124.8.15.12:2675 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 22:09:15 2009 Unrecognized attempt blocked from 114.36.186.195:21825 to xxx.xxx.xxx.xxx TCP:139
Sun Sep 20 22:09:42 2009 Unrecognized attempt blocked from 61.152.167.62:38899 to xxx.xxx.xxx.xxx TCP:8080
Sun Sep 20 22:09:44 2009 Unrecognized attempt blocked from 220.141.11.172:4040 to xxx.xxx.xxx.xxx TCP:4181
Sun Sep 20 22:09:45 2009 Unrecognized attempt blocked from 168.95.4.101:46774 to xxx.xxx.xxx.xxx TCP:113
Sun Sep 20 22:09:46 2009 Unrecognized attempt blocked from 168.95.4.101:46774 to xxx.xxx.xxx.xxx TCP:113
--- Log End ---
有些是Well-known port,其他的則不是,但可以看出幾乎都是那幾個。這些Port到底是有啥學問,值得這樣探尋?
我有想到一個可能性,就是先前這個實體IP是配發給某個使用者,而他使用P2P的軟體,所以對端的Peer在探尋他的存在。但他已經離線,所以我拿到這個IP以後,就被這些「探尋」給騷擾了。
qtairo wrote:
有用p2p 軟體像Foxy, bt, emule, kazzar 或是skype , PPstream 嗎?
那就正常啦。...(恕刪)
通通沒有,我沒用那些東西的。
忘了說明,即便是電腦關機,僅剩網路設備還開著,Router還是會持續寄告警信到我指定的信箱,下次開機就會一口氣收進來了。
sean666 wrote:
建議您先了解一下什麼是 UDP...(恕刪)
嗯~~~我是寫網路傳輸設備的韌體,除了xDSL、TDM技術以外,ethernet從802.3,往上到IP到UDP/TCP,一直到像是Telnet、FTP/TFTP、SNMP、HTTP‧‧‧我都「略有涉獵」。光貼一個MS的連結,好像佛祖捻花一笑似地,卻搞不清楚他在笑什麼。能不能再說清楚「你想表達什麼呢」?若有我不清楚的,也可以讓我有學習的機會啊!
不知道要簽什麼的說‧‧‧
內文搜尋
從 APP 打開
X