连续三天,我的 csf 防火墙拒绝了四五个不同服务器的查询,从我的日志中摘录的以下信息中,这些服务器被重命名为“www.example1.com”、“www.example2.com”、“ns1.example3.com”、“ns2.example3.com”。我的问题是,我是否必须将这些视为攻击?如果是这样,尽管防火墙阻止了查询,我是否需要担心增加安全措施?
请注意,类似的 IP 和端口以相同的字母命名。
Jul 22 12:24:00 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=ZZZ.ZZZ.Z.ZZZ DST=25$
Jul 22 12:24:00 server named[xxxx]: client aaa.aa.aaa.a#aaaaa: query (cache) 'www.example1.com/A/IN' denied
Jul 22 12:24:00 server named[xxxx]: client aaa.aa.aaa.a#bbbbb: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:00 server named[xxxx]: client ccc.ccc.ccc.ccc#ddddd: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#eeeee: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#fffff: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#ggggg: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client ddd.dd.ddd.d#hhhhh: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client iii.i.i.ii#jjjjj: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:03 server named[xxxx]: client iii.i.i.ii#jjjjj: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:04 server named[xxxx]: client kkk.kkk.kkk.kk#lllll: query (cache) 'www.example1.com/A/IN' denied
Jul 22 12:24:05 server named[xxxx]: client kkk.kkk.kkk.kk#mmmmm: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client nnn.nn.nnn.n#ooooo: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client ppp.pp.ppp.p#qqqqq: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client ppp.pp.ppp.p#rrrr: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:06 server named[xxxx]: client nnn.nn.nnn.n#sssss: query (cache) 'www.example2.com/A/IN' denied
Jul 22 12:24:07 server named[xxxx]: client ppp.pp.ppp.p#ttttt: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:07 server named[xxxx]: client ppp.pp.ppp.p#uuuuu: query (cache) 'ns2.example3.com/A/IN' denied
Jul 22 12:24:08 server named[xxxx]: client vv.vvv.vv.vvv#wwwww: query (cache) ‘www.example4.com/A/IN' denied
Jul 22 12:24:08 server named[xxxx]: client xx.xxx.xx.xx#yyyyy: query (cache) 'ns1.example3.com/A/IN' denied
Jul 22 12:24:10 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=xxx.xxx.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=xxxx PROTO=UDP SPT=17500 DPT=17500 LEN=111
Jul 22 12:24:10 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=xxx.xxx.xxx.xx DST=ZZZ.ZZZ.ZZZ.ZZZ LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=yyyy PROTO=UDP SPT=17500 DPT=17500 LEN=111
Jul 22 12:24:10 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=blahblahblah SRC=yyy.yyy.yyy.yyy DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=z DF PROTO=UDP SPT=5678 DPT=5678 LEN=95
任何想法都值得赞赏。谢谢