上次发了一个贴
https://v2ex.com/t/202618 说的是闰秒问题,然后远程开启了路由器定期发送日志的功能。其中发现一行
[Time synchronized with NTP server] Friday, July 03, 2015 08:03:53
确实有可能是 NTP 时间同步是导致路由出了错
然后再顺便查看了其他的日志,发现路由日志显示有 Dos 攻击,还有远程登录,192.168.2.2 当时分配的应该是一台 小米盒子。虽然我感觉也没什么大碍,就这么几条日志,但好奇为什么总来自那么一两个 IP 地址。家里人不会用 torrent,应该也不是下载的日志。
ps 所有的 DHCP 日志都已过滤掉
[Time synchronized with NTP server] Friday, July 03, 2015 08:03:53
[UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 19:59:15
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:18:52
[LAN access from remote] from 36.63.106.32:13797 to 192.168.2.2:1443, Thursday, July 02, 2015 18:18:24
[LAN access from remote] from 36.63.106.32:13753 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:45
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:30
[LAN access from remote] from 36.63.106.32:13733 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:29
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:17:26
[LAN access from remote] from 36.63.106.32:13708 to 192.168.2.2:1443, Thursday, July 02, 2015 18:17:14
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:56
[LAN access from remote] from 36.63.106.32:13645 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:40
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:26
[LAN access from remote] from 36.63.106.32:13621 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:24
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:16:10
[LAN access from remote] from 36.63.106.32:13603 to 192.168.2.2:1443, Thursday, July 02, 2015 18:16:09
[DoS Attack: SYN/ACK Scan] from source: 36.63.6.39, port 60066, Thursday, July 02, 2015 18:05:04
[UPnP set event: add_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 16:38:24
[LAN access from remote] from 36.63.106.182:18629 to 192.168.2.2:1443, Thursday, July 02, 2015 16:04:18
[LAN access from remote] from 36.63.106.182:18562 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:44
[LAN access from remote] from 36.63.106.182:18527 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:27
[LAN access from remote] from 36.63.106.182:18486 to 192.168.2.2:1443, Thursday, July 02, 2015 16:03:12
[LAN access from remote] from 36.63.63.96:13617 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:46
[LAN access from remote] from 36.63.63.96:13557 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:18
[LAN access from remote] from 36.63.63.96:13520 to 192.168.2.2:1443, Thursday, July 02, 2015 13:47:06
[LAN access from remote] from 36.63.63.96:13491 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:57
[LAN access from remote] from 36.63.63.96:17395 to 192.168.2.2:1443, Thursday, July 02, 2015 13:46:35
[UPnP set event: del_nat_rule] from source 192.168.2.9, Thursday, July 02, 2015 09:44:23