这是我的路由器的日志。
首先我受到了 Smurf 攻击——看看路由器日志中出现“DoS 攻击:Smurf”——我应该担心吗?
现在又这样。
我在无线路由器日志中看到一些条目,这些条目可能表明存在某种漏洞或攻击。不过,我不知道;也许我看到的情况很常见,我不应该担心。
因此,我请求帮助解释一下,以了解发生了什么。如果有什么事情应该让我担心,那意味着什么,如何才能阻止它?
[LAN access from remote] from 89.93.100.201:38730 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:08
[LAN access from remote] from 89.93.100.201:53842 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:08
[LAN access from remote] from 46.150.97.81:42668 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:05
[LAN access from remote] from 77.40.122.127:1025 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:04
[LAN access from remote] from 77.121.34.235:62155 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:04
[LAN access from remote] from 222.161.212.71:20406 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:03
[LAN access from remote] from 5.20.145.169:6881 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:43:02
[LAN access from remote] from 124.90.57.0:44539 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:59
[LAN access from remote] from 95.188.204.86:6899 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:59
[LAN access from remote] from 112.118.239.58:22695 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:58
[LAN access from remote] from 175.156.244.90:35416 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:58
[LAN access from remote] from 59.97.130.10:52048 to 192.168.1.2:11625, Tuesday, Oct 28,2014 07:42:58
[UPnP set event: Public_UPNP_C3] from source 192.168.1.2, Tuesday, Oct 28,2014 07:42:56
[Admin login] from source 192.168.1.2, Tuesday, Oct 28,2014 07:37:36
第二部分以下是我开始写这篇文章以来发生的事情
我不确定这是否意味着 MAC 地址 70:DE:E2:1B:4F:3F 在 2014 年 10 月 28 日 18:21:20 多次尝试失败后获得了对我的无线路由器的访问权限。我查看了我的路由器,发现它已连接,但设备名称为空白。这是不是意味着这个?我该怎么办?
以下是日志
[DHCP IP: (192.168.1.7)] to MAC address 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:48:04
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 18:41:16
[DHCP IP: (192.168.1.7)] to MAC address 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:36:16
[DHCP IP: (192.168.1.7)] to MAC address 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:21:20
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:21:04
[DHCP IP: (192.168.1.8)] to MAC address BC:77:37:C8:55:A0, Tuesday, Oct 28,2014 18:18:46
[DoS attack: Smurf] attack packets in last 20 sec from ip [117.221.124.255], Tuesday, Oct 28,2014 18:18:05
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 18:17:29
[DHCP IP: (192.168.1.9)] to MAC address 00:16:01:BC:6E:88, Tuesday, Oct 28,2014 18:14:56
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 18:11:31
[Time synchronized with NTP server] Tuesday, Oct 28,2014 18:05:42
[Internet connected] IP address: 69.125.226.173, Tuesday, Oct 28,2014 18:05:42
[DHCP IP: (192.168.1.8)] to MAC address BC:77:37:C8:55:A0, Tuesday, Oct 28,2014 17:59:42
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:52:10
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:51:05
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 17:46:01
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:22:10
[WLAN access rejected: incorrect security] from MAC 70:DE:E2:1B:4F:3F, Tuesday, Oct 28,2014 17:21:05
[WLAN access rejected: incorrect security] from MAC 74:E1:B6:68:BB:C3, Tuesday, Oct 28,2014 17:16:16
[DoS attack: Smurf] attack packets in last 20 sec from ip [79.117.15.255], Tuesday, Oct 28,2014 17:13:39
答案1
我查看了这些 IP 地址的部分地理位置:
124.90.57.0 = Hangzhou,Zhejiang Sheng,China,Asia
89.93.100.201 = Marseille,Bouches-du-Rhône,Provence-Alpes-Côte d'Azur,France,Europe
46.150.97.81 = Donetsk,Donets'ka Oblast',Ukraine,Europe
似乎您获得的流量非常随机。如果您有任何东西重定向您的外部流量(例如域名),那么我建议调查一下。如果您没有托管任何东西,也许您可以请求您的 ISP 更改您的 IP 地址,无论是动态还是静态。
如果有人对您发起 DDOS 攻击,那么他们可能会使用代理使其 IP 看起来像是来自亚洲和欧洲。
答案2
是192.168.1.2您的台式机之一吗?它是否配置为“DMZ”?如果是这样,您将收到大量垃圾信息。这是正常的。当您将主机设置为 DMZ 时,路由器基本上会将所有新传入连接转发到该主机。如果您在路由器中使用 DMZ 设置,您的主机最好有一个正确配置的基于主机的防火墙。
您还应该考虑禁用 UPNP,它允许网络上的设备打开防火墙。