安全大神能帮忙分析这份简单的路由器日志么？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

请不要在回答技术问题时复制粘贴 AI 生成的内容

这是一个创建于 3801 天前的主题，其中的信息可能已经有所发展或是发生改变。

上次发了一个贴 https://v2ex.com/t/202618 说的是闰秒问题，然后远程开启了路由器定期发送日志的功能。其中发现一行

[Time synchronized with NTP server] Friday, July 03, 2015 08:03:53

确实有可能是 NTP 时间同步是导致路由出了错

然后再顺便查看了其他的日志，发现路由日志显示有 Dos 攻击，还有远程登录，192.168.2.2 当时分配的应该是一台小米盒子。虽然我感觉也没什么大碍，就这么几条日志，但好奇为什么总来自那么一两个 IP 地址。家里人不会用 torrent，应该也不是下载的日志。

ps 所有的 DHCP 日志都已过滤掉

[Time synchronized with NTP server] Friday, July 03, 2015 08:03:53
[UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 19:59:15
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:18:52
[LAN access from remote] from 36.63.106.32:13797 to 192.168.2.2:1443, Thursday, July 02, 2015 18:18:24
[LAN access from remote] from 36.63.106.32:13753 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:45
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:30
[LAN access from remote] from 36.63.106.32:13733 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:29
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:26
[LAN access from remote] from 36.63.106.32:13708 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:14
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:56
[LAN access from remote] from 36.63.106.32:13645 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:40
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:26
[LAN access from remote] from 36.63.106.32:13621 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:24
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:10
[LAN access from remote] from 36.63.106.32:13603 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:09
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:05:04
[UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 16:38:24
[LAN access from remote] from 36.63.106.182:18629 to 192.168.2.2:1443, Thursday, July 02, 2015 16:04:18
[LAN access from remote] from 36.63.106.182:18562 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:44
[LAN access from remote] from 36.63.106.182:18527 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:27
[LAN access from remote] from 36.63.106.182:18486 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:12
[LAN access from remote] from 36.63.63.96:13617 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:46
[LAN access from remote] from 36.63.63.96:13557 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:18
[LAN access from remote] from 36.63.63.96:13520 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:06
[LAN access from remote] from 36.63.63.96:13491 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:57
[LAN access from remote] from 36.63.63.96:17395 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:35
[UPnP set event: del_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 09:44:23

July

Remote

thursday

3 条回复 2015-07-06 10:29:05 +08:00

goodmine

2015-07-05 09:54:17 +08:00

时间不应该费在这里，装个付费版的防火墙

lk09364

2015-07-05 10:20:04 +08:00

抓包吧。

JerningChan

2015-07-06 10:29:05 +08:00

你还敢用小米的东西呀?
我看到现在国内的所谓智能的电子产品就一个性质"流氓"
他们太懂得如何去介入不太懂it的家庭了
之前还有个好像小米路由器,搞什么网络挟持的...