来自 127.0.0.1 的 ssh 垃圾邮件(“未收到标识字符串”和“协议版本标识错误”)

tag-icon tag-icon ubuntu ssh security intrusion-detection
来自 127.0.0.1 的 ssh 垃圾邮件(“未收到标识字符串”和“协议版本标识错误”)

前传:我见过这个问题,但情况不太一样。我特别好奇“heroku”出现在日志中。

我刚刚构建并启动了一个新的 Ubuntu 18.04 盒子,用作个人 GPU 工作站,在安装/启动 OpenSSH 后,我看到了一些奇怪的条目/var/log/auth.log(日期、主机名和一些记录已删除):

XXX XX XX:XX:XX XXXXXXXXX sshd[10204]: Bad protocol version identification '343 <158>1 2018-10-03T06:57:36.572868+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 39456
XXX XX XX:XX:XX XXXXXXXXX sshd[10205]: Bad protocol version identification '326 <158>1 2018-10-03T06:50:11.645399+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 39458
XXX XX XX:XX:XX XXXXXXXXX sshd[10209]: Bad protocol version identification '598 <134>1 2018-10-01T01:19:53+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39464
XXX XX XX:XX:XX XXXXXXXXX sshd[10210]: Bad protocol version identification '152 <190>1 2018-10-01T01:09:41.698646+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39466
XXX XX XX:XX:XX XXXXXXXXX sshd[10211]: Bad protocol version identification '598 <134>1 2018-10-01T01:59:04+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39468
XXX XX XX:XX:XX XXXXXXXXX sshd[10213]: Bad protocol version identification '598 <134>1 2018-10-01T00:24:42+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39472
XXX XX XX:XX:XX XXXXXXXXX sshd[10214]: Bad protocol version identification '152 <190>1 2018-10-01T00:54:38.059651+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39474
XXX XX XX:XX:XX XXXXXXXXX sshd[10215]: Bad protocol version identification '606 <134>1 2018-10-01T00:57:55+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39476
XXX XX XX:XX:XX XXXXXXXXX sshd[10218]: Bad protocol version identification '598 <134>1 2018-10-01T02:04:56+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39480
XXX XX XX:XX:XX XXXXXXXXX sshd[10221]: Bad protocol version identification '599 <134>1 2018-09-30T21:09:59+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39486
XXX XX XX:XX:XX XXXXXXXXX sshd[10222]: Bad protocol version identification '152 <190>1 2018-09-30T21:30:12.551580+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39488
XXX XX XX:XX:XX XXXXXXXXX sshd[10224]: Bad protocol version identification '598 <134>1 2018-10-01T00:19:19+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39492
XXX XX XX:XX:XX XXXXXXXXX sshd[10226]: Bad protocol version identification '598 <134>1 2018-10-01T01:29:43+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39496
XXX XX XX:XX:XX XXXXXXXXX sshd[10227]: Bad protocol version identification '606 <134>1 2018-10-01T00:40:54+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39498
XXX XX XX:XX:XX XXXXXXXXX sshd[10228]: Bad protocol version identification '598 <134>1 2018-10-01T01:37:43+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39500
XXX XX XX:XX:XX XXXXXXXXX sshd[10229]: Bad protocol version identification '598 <134>1 2018-09-30T19:45:17+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39502
XXX XX XX:XX:XX XXXXXXXXX sshd[10230]: Bad protocol version identification '606 <134>1 2018-10-01T01:10:07+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39504
XXX XX XX:XX:XX XXXXXXXXX sshd[10231]: Bad protocol version identification '152 <190>1 2018-09-30T22:27:19.069201+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39506
XXX XX XX:XX:XX XXXXXXXXX sshd[10236]: Bad protocol version identification '255 <190>1 2018-10-01T02:15:39.973702+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app analysis_tool' from 127.0.0.1 port 39518
XXX XX XX:XX:XX XXXXXXXXX sshd[10249]: Bad protocol version identification '600 <134>1 2018-10-04T00:59:28+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39546
XXX XX XX:XX:XX XXXXXXXXX sshd[10251]: Bad protocol version identification '316 <158>1 2018-09-27T16:29:25.164230+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 39550
XXX XX XX:XX:XX XXXXXXXXX sshd[11461]: Bad protocol version identification '338 <158>1 2018-10-03T06:51:38.291898+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40426
XXX XX XX:XX:XX XXXXXXXXX sshd[11462]: Bad protocol version identification '335 <158>1 2018-10-03T07:02:04.154859+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40428
XXX XX XX:XX:XX XXXXXXXXX sshd[11463]: Bad protocol version identification '746 <158>1 2018-10-03T07:14:06.397812+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40434
XXX XX XX:XX:XX XXXXXXXXX sshd[11464]: Bad protocol version identification '336 <158>1 2018-10-03T06:50:36.022987+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40436
XXX XX XX:XX:XX XXXXXXXXX sshd[11465]: Bad protocol version identification '363 <158>1 2018-10-03T06:49:09.274958+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40438
XXX XX XX:XX:XX XXXXXXXXX sshd[11410]: Bad protocol version identification '607 <134>1 2018-10-04T04:50:57+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 40264
XXX XX XX:XX:XX XXXXXXXXX sshd[11431]: Bad protocol version identification '316 <158>1 2018-10-04T04:51:46.728498+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40332
XXX XX XX:XX:XX XXXXXXXXX sshd[11445]: Bad protocol version identification '316 <158>1 2018-10-04T04:52:17.793175+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40366
XXX XX XX:XX:XX XXXXXXXXX sshd[11438]: Bad protocol version identification '362 <158>1 2018-10-04T04:52:23.225117+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40350
XXX XX XX:XX:XX XXXXXXXXX sshd[11466]: Bad protocol version identification '327 <158>1 2018-10-04T04:52:25.482357+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40440
XXX XX XX:XX:XX XXXXXXXXX sshd[11414]: Bad protocol version identification '320 <158>1 2018-10-04T04:52:25.655112+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40298
XXX XX XX:XX:XX XXXXXXXXX sshd[11456]: Bad protocol version identification '364 <158>1 2018-10-04T04:52:25.923019+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40402
XXX XX XX:XX:XX XXXXXXXXX sshd[11496]: Bad protocol version identification '375 <158>1 2018-10-04T04:52:26.182816+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40522
XXX XX XX:XX:XX XXXXXXXXX sshd[11469]: Bad protocol version identification '360 <134>1 2018-10-04T04:52:27+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.10 - - [BRO' from 127.0.0.1 port 40448
XXX XX XX:XX:XX XXXXXXXXX sshd[11476]: Bad protocol version identification '353 <158>1 2018-10-04T04:52:28.932774+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40474
XXX XX XX:XX:XX XXXXXXXXX sshd[11503]: Bad protocol version identification '368 <158>1 2018-10-04T04:52:29.188773+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40546
XXX XX XX:XX:XX XXXXXXXXX sshd[11499]: Bad protocol version identification '395 <158>1 2018-10-04T04:52:29.315924+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40528
XXX XX XX:XX:XX XXXXXXXXX sshd[11498]: Bad protocol version identification '351 <158>1 2018-10-04T04:52:29.920658+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40526
XXX XX XX:XX:XX XXXXXXXXX sshd[11552]: Bad protocol version identification '165 <134>1 2018-10-04T04:52:18+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.10 - - [BRO' from 127.0.0.1 port 40724
XXX XX XX:XX:XX XXXXXXXXX sshd[11553]: Bad protocol version identification '316 <158>1 2018-10-04T04:53:22.213786+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40728
XXX XX XX:XX:XX XXXXXXXXX sshd[11569]: Bad protocol version identification '606 <134>1 2018-10-04T04:53:33+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 40792
XXX XX XX:XX:XX XXXXXXXXX sshd[11533]: Bad protocol version identification '152 <190>1 2018-10-04T04:54:09.565661+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 40702
XXX XX XX:XX:XX XXXXXXXXX sshd[11559]: Bad protocol version identification '608 <134>1 2018-10-04T04:54:25+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 40762
XXX XX XX:XX:XX XXXXXXXXX sshd[11703]: Bad protocol version identification '419 <190>1 2018-10-04T04:57:37.670492+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41180
XXX XX XX:XX:XX XXXXXXXXX sshd[11676]: Bad protocol version identification '378 <190>1 2018-10-04T04:57:46.924733+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app web.1 - - /ap' from 127.0.0.1 port 41086
XXX XX XX:XX:XX XXXXXXXXX sshd[11698]: Bad protocol version identification '337 <158>1 2018-10-04T04:57:46.954101+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41158
XXX XX XX:XX:XX XXXXXXXXX sshd[11706]: Bad protocol version identification '338 <158>1 2018-10-04T04:57:52.782191+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41200
XXX XX XX:XX:XX XXXXXXXXX sshd[11685]: Bad protocol version identification '238 <190>1 2018-10-04T04:57:52.784693+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41112
XXX XX XX:XX:XX XXXXXXXXX sshd[11705]: Bad protocol version identification '207 <190>1 2018-10-04T04:57:54.358088+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41190
XXX XX XX:XX:XX XXXXXXXXX sshd[11715]: Bad protocol version identification '326 <158>1 2018-10-04T04:57:37.367385+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41236
XXX XX XX:XX:XX XXXXXXXXX sshd[11718]: Bad protocol version identification '355 <158>1 2018-10-04T04:58:07.172793+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41242
XXX XX XX:XX:XX XXXXXXXXX sshd[11733]: Bad protocol version identification '235 <134>1 2018-10-04T04:58:05+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.5714 - - [B' from 127.0.0.1 port 41278
XXX XX XX:XX:XX XXXXXXXXX sshd[11709]: Bad protocol version identification '355 <158>1 2018-10-04T04:58:20.149785+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41214
XXX XX XX:XX:XX XXXXXXXXX sshd[11736]: Bad protocol version identification '200 <190>1 2018-10-04T04:57:48.783213+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41288
XXX XX XX:XX:XX XXXXXXXXX sshd[11747]: Bad protocol version identification '364 <158>1 2018-10-04T04:58:01.751477+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41312
XXX XX XX:XX:XX XXXXXXXXX sshd[11719]: Bad protocol version identification '316 <158>1 2018-10-04T04:58:35.774146+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41244
XXX XX XX:XX:XX XXXXXXXXX sshd[11746]: Bad protocol version identification '610 <134>1 2018-10-04T04:57:52+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41308
XXX XX XX:XX:XX XXXXXXXXX sshd[11713]: Bad protocol version identification '353 <158>1 2018-10-04T04:58:38.418692+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41226
XXX XX XX:XX:XX XXXXXXXXX sshd[11717]: Bad protocol version identification '344 <158>1 2018-10-04T04:58:50.214088+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41240
XXX XX XX:XX:XX XXXXXXXXX sshd[11848]: Bad protocol version identification '355 <158>1 2018-10-04T04:59:02.212376+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41366
XXX XX XX:XX:XX XXXXXXXXX sshd[11711]: Bad protocol version identification '352 <158>1 2018-10-04T04:59:05.690401+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41222
XXX XX XX:XX:XX XXXXXXXXX sshd[11741]: Bad protocol version identification '364 <158>1 2018-10-04T04:59:08.317313+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41294
XXX XX XX:XX:XX XXXXXXXXX sshd[11845]: Bad protocol version identification '355 <158>1 2018-10-04T04:59:11.193150+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41350
XXX XX XX:XX:XX XXXXXXXXX sshd[11844]: Bad protocol version identification '344 <158>1 2018-10-04T04:59:14.289428+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41348
XXX XX XX:XX:XX XXXXXXXXX sshd[11743]: Bad protocol version identification '364 <158>1 2018-10-04T04:59:20.336305+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41302
XXX XX XX:XX:XX XXXXXXXXX sshd[11742]: Bad protocol version identification '389 <158>1 2018-10-04T04:59:23.467236+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41296
XXX XX XX:XX:XX XXXXXXXXX sshd[11858]: Bad protocol version identification '345 <158>1 2018-10-04T04:59:25.083968+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41396
XXX XX XX:XX:XX XXXXXXXXX sshd[11863]: Bad protocol version identification '389 <158>1 2018-10-04T04:58:44.385872+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41422
XXX XX XX:XX:XX XXXXXXXXX sshd[11728]: Bad protocol version identification '332 <158>1 2018-10-04T04:59:29.423119+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41262
XXX XX XX:XX:XX XXXXXXXXX sshd[11870]: Bad protocol version identification '362 <158>1 2018-10-04T04:58:03.869301+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41462
XXX XX XX:XX:XX XXXXXXXXX sshd[11873]: Bad protocol version identification '389 <158>1 2018-10-04T04:59:09.228463+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41472
XXX XX XX:XX:XX XXXXXXXXX sshd[11874]: Bad protocol version identification '327 <158>1 2018-10-04T04:58:06.108143+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41476
XXX XX XX:XX:XX XXXXXXXXX sshd[11881]: Bad protocol version identification '312 <158>1 2018-10-04T05:00:23.808762+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41490
XXX XX XX:XX:XX XXXXXXXXX sshd[11883]: Bad protocol version identification '321 <158>1 2018-10-04T05:00:27.281711+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41506
XXX XX XX:XX:XX XXXXXXXXX sshd[11851]: Bad protocol version identification '336 <158>1 2018-10-04T05:00:30.821358+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41380
XXX XX XX:XX:XX XXXXXXXXX sshd[11884]: Bad protocol version identification '389 <158>1 2018-10-04T04:58:17.301527+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41514
XXX XX XX:XX:XX XXXXXXXXX sshd[11888]: Bad protocol version identification '152 <190>1 2018-10-04T04:57:10.178311+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41530
XXX XX XX:XX:XX XXXXXXXXX sshd[11891]: Bad protocol version identification '346 <158>1 2018-10-04T04:58:35.291919+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41542
XXX XX XX:XX:XX XXXXXXXXX sshd[11887]: Bad protocol version identification '375 <158>1 2018-10-04T05:00:40.138229+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41526
XXX XX XX:XX:XX XXXXXXXXX sshd[11876]: Bad protocol version identification '344 <158>1 2018-10-04T05:00:41.090197+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41480
XXX XX XX:XX:XX XXXXXXXXX sshd[11895]: Bad protocol version identification '389 <158>1 2018-10-04T05:00:39.241898+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41562
XXX XX XX:XX:XX XXXXXXXXX sshd[11897]: Bad protocol version identification '344 <158>1 2018-10-04T04:59:02.492357+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41570
XXX XX XX:XX:XX XXXXXXXXX sshd[11892]: Bad protocol version identification '247 <190>1 2018-10-04T05:00:45.046175+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app web.1 - - Set' from 127.0.0.1 port 41544
XXX XX XX:XX:XX XXXXXXXXX sshd[11866]: Bad protocol version identification '247 <190>1 2018-10-04T05:00:47.674468+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app web.1 - - Set' from 127.0.0.1 port 41436
XXX XX XX:XX:XX XXXXXXXXX sshd[11920]: Bad protocol version identification '316 <158>1 2018-10-04T05:01:39.184107+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41662
XXX XX XX:XX:XX XXXXXXXXX sshd[11942]: Bad protocol version identification '355 <158>1 2018-10-04T04:58:32.183596+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41690
XXX XX XX:XX:XX XXXXXXXXX sshd[11943]: Bad protocol version identification '346 <158>1 2018-10-04T04:58:08.353201+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41692
XXX XX XX:XX:XX XXXXXXXXX sshd[11944]: Bad protocol version identification '352 <158>1 2018-10-04T04:58:13.445688+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41698
XXX XX XX:XX:XX XXXXXXXXX sshd[11899]: Bad protocol version identification '365 <134>1 2018-10-04T05:02:35+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.10 - - [BRO' from 127.0.0.1 port 41576
XXX XX XX:XX:XX XXXXXXXXX sshd[11960]: Bad protocol version identification '600 <134>1 2018-10-04T05:01:49+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41784
XXX XX XX:XX:XX XXXXXXXXX sshd[11966]: Bad protocol version identification '327 <158>1 2018-10-04T05:00:39.319393+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41808
XXX XX XX:XX:XX XXXXXXXXX sshd[11972]: Bad protocol version identification '342 <158>1 2018-10-04T05:00:47.684420+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41838
XXX XX XX:XX:XX XXXXXXXXX sshd[11983]: Bad protocol version identification '228 <190>1 2018-10-04T05:00:27.660189+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41862
XXX XX XX:XX:XX XXXXXXXXX sshd[11957]: Bad protocol version identification '152 <190>1 2018-10-04T05:03:11.295200+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41772
XXX XX XX:XX:XX XXXXXXXXX sshd[11994]: Bad protocol version identification '598 <134>1 2018-10-04T05:03:33+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41878
XXX XX XX:XX:XX XXXXXXXXX sshd[12022]: Bad protocol version identification '598 <134>1 2018-10-04T05:04:25+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41938
XXX XX XX:XX:XX XXXXXXXXX sshd[12060]: Bad protocol version identification '152 <190>1 2018-10-04T05:06:11.867202+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 42108
XXX XX XX:XX:XX XXXXXXXXX sshd[12089]: Bad protocol version identification '607 <134>1 2018-10-04T05:07:00+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 42178
XXX XX XX:XX:XX XXXXXXXXX sshd[12107]: Bad protocol version identification '152 <190>1 2018-10-04T05:09:12.459587+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 42238
XXX XX XX:XX:XX XXXXXXXXX sshd[12240]: Bad protocol version identification '606 <134>1 2018-10-04T05:07:52+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 42352
XXX XX XX:XX:XX XXXXXXXXX sshd[18410]: Did not receive identification string from 127.0.0.1 port 36000
XXX XX XX:XX:XX XXXXXXXXX sshd[18411]: Did not receive identification string from 127.0.0.1 port 36002
XXX XX XX:XX:XX XXXXXXXXX sshd[18445]: Did not receive identification string from 127.0.0.1 port 36018
XXX XX XX:XX:XX XXXXXXXXX sshd[18446]: Did not receive identification string from 127.0.0.1 port 36020
XXX XX XX:XX:XX XXXXXXXXX sshd[18447]: Did not receive identification string from 127.0.0.1 port 36022
XXX XX XX:XX:XX XXXXXXXXX sshd[18448]: Did not receive identification string from 127.0.0.1 port 36024
XXX XX XX:XX:XX XXXXXXXXX sshd[18472]: Did not receive identification string from 127.0.0.1 port 36038
XXX XX XX:XX:XX XXXXXXXXX sshd[18473]: Did not receive identification string from 127.0.0.1 port 36040
XXX XX XX:XX:XX XXXXXXXXX sshd[18474]: Did not receive identification string from 127.0.0.1 port 36042
XXX XX XX:XX:XX XXXXXXXXX sshd[18475]: Did not receive identification string from 127.0.0.1 port 36044
XXX XX XX:XX:XX XXXXXXXXX sshd[18476]: Did not receive identification string from 127.0.0.1 port 36046
XXX XX XX:XX:XX XXXXXXXXX sshd[18477]: Did not receive identification string from 127.0.0.1 port 36048
XXX XX XX:XX:XX XXXXXXXXX sshd[18478]: Did not receive identification string from 127.0.0.1 port 36050

如果相关的话,我会使用恩格罗克让我的机器可以 ssh,因为我的路由器的端口转发给我带来了麻烦;这可能是原因吗?我也在使用 Google 的google-authenticator用于双因素身份验证。

这是值得担心的原因吗?每秒看到多个请求让我有点害怕。

答案1

这看起来有点像针对 ngrok 网络执行的端口扫描/漏洞扫描活动。扫描数据包通过其隧道功能重定向到您的 SSH 端口。

ngrok 的网络实际上是此类扫描活动的一个很好的目标,因为它们的目的是将开发环境暴露给互联网,而这些环境通常没有得到适当的保护。

但是,对于你的情况来说,这种扫描并不危险,因为 SSH 没有任何已知的可远程利用的漏洞。它只会填满你的日志,并且可能会占用一些带宽。

相关内容