为什么安装外部硬盘驱动器会触发 UFW 事件?

tag-icon tag-icon firewall automounting ufw
为什么安装外部硬盘驱动器会触发 UFW 事件?

今天我注意到当我插入 2TB 外置东芝硬盘时,它会在我的日志中触发 ufw 事件:

Jul 20 11:24:20 linuxbox kernel: [152873.728277] [UFW BLOCK] IN=inet1 OUT= MAC= SRC=xxxa DST=xxxb LEN=64 TC=0 HOPLIMIT=1 FLOWLBL=434908 PROTO=UDP SPT=8612 DPT=8610 LEN=24

它甚至在我当时通过 ssh 连接到的所有 Linux 计算机上触发相同的事件。为什么安装外部硬盘驱动器会触发 UFW 防火墙事件?

lsusb -t输出:

/:  Bus 09.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M
|__ Port 2: Dev 2, If 0, Class=Mass Storage, Driver=usb-storage, 5000M

答案1

这似乎是系统的正常功能。 Kali 论坛上有一个关于类似问题的帖子,他们没有找到罪魁祸首,但该问题已关闭,因为发出请求似乎是系统的正常功能。参考 :https://bugs.kali.org/view.php?id=3094

如果我执行 tcpdump :

sudo tcpdump port 8612 -XXX
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlo1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:41:08.463778 IP Computer.8612 > 192.168.1.255.8612: UDP, length 16
    0x0000:  ffff ffff ffff 184f 3291 3f81 0800 4500  .......O2.?...E.
    0x0010:  002c 9242 4000 4011 e9c9 c0a8 1e65 c0a8  .,.B@[email protected]..
    0x0020:  1eff 21a4 21a4 0018 6b25 424a 4e50 0201  ..!.!...k%BJNP..
    0x0030:  0000 0000 0000 0000 0000   

          ........

你看到 k%BJNP 了吗?

事实证明,BJNP 指的是佳能打印机。

如果我卸载 libsane,那么当我连接 USB 驱动器时,我将不再看到端口 8612 在防火墙中被阻止:

May 19 14:53:27 Device3 kernel: usb 2-3: new high-speed USB device number 11 using xhci_hcd
May 19 14:53:29 Computer kernel: usb 2-3: New USB device found, idVendor=048d, idProduct=1177
May 19 14:53:29 Computer kernel: usb 2-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
May 19 14:53:29 Computer kernel: usb 2-3: Product: USB Mass Storage Device
May 19 14:53:29 Computer kernel: usb 2-3: Manufacturer: Generic
May 19 14:53:29 Computer kernel: usb-storage 2-3:1.0: USB Mass Storage device detected
May 19 14:53:29 Computer kernel: scsi host2: usb-storage 2-3:1.0
May 19 14:53:29 Computer mtp-probe[9600]: checking bus 2, device 11: "/sys/devices/pci0000:00/0000:00:10.0/usb2/2-3"
May 19 14:53:29 Computer mtp-probe[9600]: bus: 2, device: 11 was not an MTP device
May 19 14:53:32 Computer kernel: scsi 2:0:0:0: Direct-Access     Generic  USB Flash Disk   0.00 PQ: 0 ANSI: 6
May 19 14:53:32 Computer kernel: sd 2:0:0:0: Attached scsi generic sg0 type 0
May 19 14:53:32 Computer kernel: sd 2:0:0:0: [sda] 31459328 512-byte logical blocks: (16.1 GB/15.0 GiB)
May 19 14:53:32 Computer kernel: sd 2:0:0:0: [sda] Write Protect is off
May 19 14:53:32 Computer kernel: sd 2:0:0:0: [sda] Mode Sense: 23 00 00 00
May 19 14:53:32 Computer kernel: sd 2:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
May 19 14:53:32 Computer kernel:  sda: sda1
May 19 14:53:33 Computer kernel: sd 2:0:0:0: [sda] Attached SCSI removable disk
May 19 14:53:34 Computer kernel: EXT4-fs (sda1): recovery complete
May 19 14:53:34 Computer kernel: EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null)

相关内容