我确实将 ufw 配置为默认拒绝传出流量。在全新安装的 Ubuntu 12.04 上,我总是会收到一些类似随机的 UDP 流量。
我很好奇是什么导致了这种情况以及我应该如何允许它(如果应该的话)。
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.789257] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=217 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53787 DPT=6122 LEN=197
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.793820] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=221 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=47086 DPT=6193 LEN=201
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.799648] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=194 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=48428 DPT=6157 LEN=174
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.799752] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57981 DPT=6151 LEN=205
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.760034] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=227 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=54342 DPT=6161 LEN=207
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.767767] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=55225 DPT=6131 LEN=191
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.769004] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=194 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=40362 DPT=6184 LEN=174
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.769114] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=52239 DPT=6122 LEN=205
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.723448] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=227 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=48456 DPT=6179 LEN=207
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.733470] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=195 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=59141 DPT=6113 LEN=175
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.739756] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=210 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=40221 DPT=6100 LEN=190
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.739860] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57698 DPT=6197 LEN=205
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.701304] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=227 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=37077 DPT=6127 LEN=207
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.709773] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45619 DPT=6149 LEN=191
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.714111] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=194 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=41899 DPT=6106 LEN=174
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.714278] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=56039 DPT=6163 LEN=205
答案1
查看您提供的 pcap,此流量来自您的主机托管商 OVH 安装的名为实时监控的程序:http://help.ovh.co.uk/RealTimeMonitoring
以前从未听说过。它会发送有关您的服务器健康和配置的信息。您应该向 OVH 询问有关它的信息以及如何卸载它。
看来安装并不是“全新的”,而是一个由 OVH 修改的安装。