weixin_42726196
RC47YUI6
采纳率0%
2021-01-12 14:51 阅读 42

centos8装了firewalld,疑似有人扫描我端口。但我没映射这些端口,对方如何扫描到的?

firewalld服务的日志里发现以下大量相似内容,看着像是有人在扫描我的端口

Jan 11 21:56:52 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35492 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 22:03:36 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35522 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 22:08:21 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35548 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 22:17:18 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35594 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 22:19:16 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35598 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 23:46:57 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35976 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 23:46:57 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=47 ID=0 DF PROTO=TCP SPT=80 DPT=35978 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 11 23:49:36 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=35996 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 12 00:02:32 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=36068 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 12 00:02:33 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=36072 WINDOW=17520 RES=0x00 RST URGP=0 
Jan 12 00:04:33 xxx kernel: STATE_INVALID_DROP: IN=eno1 OUT= MAC=a8:a1:59:08:25:79:9c:fe:a1:7e:32:4c:08:00 SRC=198.27.66.94 DST=本机地址 LEN=40 TOS=0x00 PREC=0x20 TTL=47 ID=0 DF PROTO=TCP SPT=80 DPT=36078 WINDOW=17520 RES=0x00 RST URGP=0 

但是我出口网关上并没有映射这么多端口,按道理不可能访问到我内网机器的这些端口,这些记录是怎么产生的?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

相关推荐