V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
yongsan01
V2EX  ›  Linux

端口被陌生 IP 恶意访问导致被 ban

  •  
  •   yongsan01 · 2019-09-22 16:39:14 +08:00 · 5980 次点击
    这是一个创建于 1896 天前的主题,其中的信息可能已经有所发展或是发生改变。

    Centos 6 x86 bbr LA 机房

    之前一直正常使用,最近发现端口在国内无法访问

    一开始没在意,就换了端口继续用,过了一天不到又 closed,于是去看了日志

    发现最后几次连接是由不同 IP 发来的恶意连接请求,这些请求之后端口就被 closed 了

    这属于服务器被攻击吗?

    log:

    2019-09-21 21:08:40 WARNING  unsupported addrtype 78, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 221.198.83.14:59208
    2019-09-21 21:08:40 WARNING  unsupported addrtype 181, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 219.143.174.157:25665
    2019-09-21 21:08:40 WARNING  unsupported addrtype 93, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 223.166.74.157:59194
    2019-09-21 21:08:40 WARNING  unsupported addrtype 209, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 171.36.133.60:59190
    2019-09-21 21:08:40 WARNING  unsupported addrtype 230, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 175.42.2.81:59206
    2019-09-21 21:08:40 WARNING  unsupported addrtype 169, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 59.173.153.107:59192
    2019-09-21 21:08:40 WARNING  unsupported addrtype 234, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 58.19.92.207:4857
    2019-09-21 21:08:40 WARNING  unsupported addrtype 50, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 36.32.3.90:59210
    2019-09-21 21:08:40 WARNING  unsupported addrtype 189, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 220.200.164.85:59200
    2019-09-21 21:08:40 INFO     connecting <8e>ÊÎO^TgH<84>&Ì8^K<81>)D:4186 from 175.152.109.65:59202
    2019-09-21 21:08:40 ERROR    invalid hostname: <8e>ÊÎO^TgH<84>&Ì8^K<81>)D when handling connection from 175.152.109.65:59202
    2019-09-21 21:08:40 WARNING  unsupported addrtype 206, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 125.84.177.43:1559
    2019-09-21 21:08:40 WARNING  unsupported addrtype 126, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 124.88.112.129:1759
    2019-09-21 21:08:40 WARNING  unsupported addrtype 142, maybe wrong password or encryption method
    2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 124.225.43.91:59188
    

    一些想法

    • 通过限制连接次数,判断出恶意连接后,拒绝陌生 ip 的访问(比如只能连 3 次,错误超过 3 次后列入黑名单)
    • 建立白名单,只允许白名单内的 IP 访问该端口

    希望各位能够推荐一些方法或应用 (抱拳

    2 条回复    2019-09-23 02:55:06 +08:00
    mason961125
        1
    mason961125  
       2019-09-22 17:01:08 +08:00
    fail2ban
    invalidtoken
        2
    invalidtoken  
       2019-09-23 02:55:06 +08:00 via Android
    被识别和探测了吧...
    换个不那么古老的协议,改一下密码
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   998 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 19:58 · PVG 03:58 · LAX 11:58 · JFK 14:58
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.