firewalld服务的日志里发现以下大量相似内容,看着像是有人在扫描我的端口
Jan 11 21:56:52 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35492 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 22:03:36 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35522 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 22:08:21 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35548 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 22:17:18 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35594 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 22:19:16 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35598 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 23:46:57 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35976 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 23:46:57 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=47 ID=0 DF PROTO=TCP SPT=80 DPT=35978 WINDOW=17520 RES=0x00 RST URGP=0
Jan 11 23:49:36 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35996 WINDOW=17520 RES=0x00 RST URGP=0
Jan 12 00:02:32 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=36068 WINDOW=17520 RES=0x00 RST URGP=0
Jan 12 00:02:33 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=36072 WINDOW=17520 RES=0x00 RST URGP=0
Jan 12 00:04:33 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=47 ID=0 DF PROTO=TCP SPT=80 DPT=36078 WINDOW=17520 RES=0x00 RST URGP=0
但是我出口网关上并没有映射这么多端口,按道理不可能访问到我内网机器的这些端口,这些记录是怎么产生的?