19,614
社区成员
发帖
与我相关
我的任务
分享ufw日志分析?
ubuntu@ubuntu:~$ cat /var/log/ufw.log
Jun 12 09:22:29 ubuntu kernel: [ 3699.409981] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=133 DF PROTO=TCP SPT=64471 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:22:53 ubuntu kernel: [ 3724.249833] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=1186 DF PROTO=TCP SPT=64626 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:22:53 ubuntu kernel: [ 3724.357949] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=1967 DF PROTO=TCP SPT=7566 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:23:50 ubuntu kernel: [ 3780.890302] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=8732 DF PROTO=TCP SPT=7702 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:24:05 ubuntu kernel: [ 3796.383180] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=28450 DF PROTO=TCP SPT=55683 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:24:31 ubuntu kernel: [ 3822.386445] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15337 DF PROTO=TCP SPT=55895 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:24:54 ubuntu kernel: [ 3844.422244] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=31960 DF PROTO=TCP SPT=56018 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:00 ubuntu kernel: [ 3850.418389] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=3669 DF PROTO=TCP SPT=56018 DPT=13211 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 12 09:25:00 ubuntu kernel: [ 3850.734514] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=15700 DF PROTO=TCP SPT=6226 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:02 ubuntu kernel: [ 3852.853162] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=6161 DF PROTO=TCP SPT=65025 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:21 ubuntu kernel: [ 3871.861136] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=7019 DF PROTO=TCP SPT=65180 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:24 ubuntu kernel: [ 3874.863059] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=7117 DF PROTO=TCP SPT=65180 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:51 ubuntu kernel: [ 3902.355253] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=20401 DF PROTO=TCP SPT=6920 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:26:19 ubuntu kernel: [ 3930.035067] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=9199 DF PROTO=TCP SPT=65497 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:26:42 ubuntu kernel: [ 3952.529644] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=26555 DF PROTO=TCP SPT=7416 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:27:36 ubuntu kernel: [ 4006.609438] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=1297 DF PROTO=TCP SPT=5379 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:27:58 ubuntu kernel: [ 4028.815660] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=13077 DF PROTO=TCP SPT=49642 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:16 ubuntu kernel: [ 4047.387887] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=13785 DF PROTO=TCP SPT=49759 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:19 ubuntu kernel: [ 4050.389109] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=13936 DF PROTO=TCP SPT=49759 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:25 ubuntu kernel: [ 4056.396888] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=14133 DF PROTO=TCP SPT=49759 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:37 ubuntu kernel: [ 4068.001131] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=7864 DF PROTO=TCP SPT=6847 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:29:15 ubuntu kernel: [ 4106.386938] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=16336 DF PROTO=TCP SPT=50116 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:31 ubuntu kernel: [ 4241.403535] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=31505 DF PROTO=TCP SPT=58295 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:40 ubuntu kernel: [ 4251.355901] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=23698 DF PROTO=TCP SPT=50668 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:53 ubuntu kernel: [ 4263.701506] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15706 DF PROTO=TCP SPT=58519 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:59 ubuntu kernel: [ 4269.705872] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=20050 DF PROTO=TCP SPT=58519 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:59 ubuntu kernel: [ 4269.968459] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=24662 DF PROTO=TCP SPT=50809 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:32:02 ubuntu kernel: [ 4272.968868] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=24797 DF PROTO=TCP SPT=50809 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:32:19 ubuntu kernel: [ 4289.585533] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=1752 DF PROTO=TCP SPT=58764 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:32:32 ubuntu kernel: [ 4302.878261] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=26059 DF PROTO=TCP SPT=50993 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:33:30 ubuntu kernel: [ 4361.083297] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=4142 DF PROTO=TCP SPT=42054 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:33:56 ubuntu kernel: [ 4387.035748] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5898 DF PROTO=TCP SPT=42390 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:14 ubuntu kernel: [ 4404.744598] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=7497 DF PROTO=TCP SPT=42594 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:20 ubuntu kernel: [ 4410.832320] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=7924 DF PROTO=TCP SPT=42664 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:23 ubuntu kernel: [ 4413.466964] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=31751 DF PROTO=TCP SPT=51505 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:43 ubuntu kernel: [ 4433.409784] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=32741 DF PROTO=TCP SPT=51653 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:01 ubuntu kernel: [ 4452.282293] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=14858 DF PROTO=TCP SPT=43051 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:27 ubuntu kernel: [ 4478.030553] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=17283 DF PROTO=TCP SPT=43306 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:32 ubuntu kernel: [ 4482.503334] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=2120 DF PROTO=TCP SPT=51972 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:48 ubuntu kernel: [ 4499.028392] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=19137 DF PROTO=TCP SPT=43495 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
问题:
1.ufw防火墙添加了规则:sudo ufw logging on low
这条规则是捕获,怎样的数据包?
2.怎样分析这个日志?
Jun 12 09:22:29 ubuntu kernel: [ 3699.409981] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=133 DF PROTO=TCP SPT=64471 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
这是日志的第一行,它的每一栏是什么意思?
3.怎么由日志,分析出系统是否有问题?
远程电脑只连接本机,被ufw防火墙挡住了!
或远程电脑已连上了本机,ufw防火墙都挡不住!
Jun 12 09:22:29 ubuntu kernel: [ 3699.409981] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=133 DF PROTO=TCP SPT=64471 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:22:53 ubuntu kernel: [ 3724.249833] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=1186 DF PROTO=TCP SPT=64626 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:22:53 ubuntu kernel: [ 3724.357949] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=1967 DF PROTO=TCP SPT=7566 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:23:50 ubuntu kernel: [ 3780.890302] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=8732 DF PROTO=TCP SPT=7702 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:24:05 ubuntu kernel: [ 3796.383180] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=28450 DF PROTO=TCP SPT=55683 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:24:31 ubuntu kernel: [ 3822.386445] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15337 DF PROTO=TCP SPT=55895 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:24:54 ubuntu kernel: [ 3844.422244] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=31960 DF PROTO=TCP SPT=56018 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:00 ubuntu kernel: [ 3850.418389] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=3669 DF PROTO=TCP SPT=56018 DPT=13211 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 12 09:25:00 ubuntu kernel: [ 3850.734514] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=15700 DF PROTO=TCP SPT=6226 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:02 ubuntu kernel: [ 3852.853162] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=6161 DF PROTO=TCP SPT=65025 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:21 ubuntu kernel: [ 3871.861136] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=7019 DF PROTO=TCP SPT=65180 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:24 ubuntu kernel: [ 3874.863059] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=7117 DF PROTO=TCP SPT=65180 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:25:51 ubuntu kernel: [ 3902.355253] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=20401 DF PROTO=TCP SPT=6920 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:26:19 ubuntu kernel: [ 3930.035067] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=9199 DF PROTO=TCP SPT=65497 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:26:42 ubuntu kernel: [ 3952.529644] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=26555 DF PROTO=TCP SPT=7416 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:27:36 ubuntu kernel: [ 4006.609438] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=1297 DF PROTO=TCP SPT=5379 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:27:58 ubuntu kernel: [ 4028.815660] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=13077 DF PROTO=TCP SPT=49642 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:16 ubuntu kernel: [ 4047.387887] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=13785 DF PROTO=TCP SPT=49759 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:19 ubuntu kernel: [ 4050.389109] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=13936 DF PROTO=TCP SPT=49759 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:25 ubuntu kernel: [ 4056.396888] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=14133 DF PROTO=TCP SPT=49759 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:28:37 ubuntu kernel: [ 4068.001131] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=183.63.212.82 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=55 ID=7864 DF PROTO=TCP SPT=6847 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:29:15 ubuntu kernel: [ 4106.386938] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=16336 DF PROTO=TCP SPT=50116 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:31 ubuntu kernel: [ 4241.403535] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=31505 DF PROTO=TCP SPT=58295 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:40 ubuntu kernel: [ 4251.355901] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=23698 DF PROTO=TCP SPT=50668 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:53 ubuntu kernel: [ 4263.701506] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=15706 DF PROTO=TCP SPT=58519 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:59 ubuntu kernel: [ 4269.705872] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=20050 DF PROTO=TCP SPT=58519 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:31:59 ubuntu kernel: [ 4269.968459] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=24662 DF PROTO=TCP SPT=50809 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:32:02 ubuntu kernel: [ 4272.968868] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=24797 DF PROTO=TCP SPT=50809 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:32:19 ubuntu kernel: [ 4289.585533] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=203.106.139.252 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=1752 DF PROTO=TCP SPT=58764 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:32:32 ubuntu kernel: [ 4302.878261] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=26059 DF PROTO=TCP SPT=50993 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:33:30 ubuntu kernel: [ 4361.083297] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=4142 DF PROTO=TCP SPT=42054 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:33:56 ubuntu kernel: [ 4387.035748] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5898 DF PROTO=TCP SPT=42390 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:14 ubuntu kernel: [ 4404.744598] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=7497 DF PROTO=TCP SPT=42594 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:20 ubuntu kernel: [ 4410.832320] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=7924 DF PROTO=TCP SPT=42664 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:23 ubuntu kernel: [ 4413.466964] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=31751 DF PROTO=TCP SPT=51505 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:34:43 ubuntu kernel: [ 4433.409784] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=32741 DF PROTO=TCP SPT=51653 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:01 ubuntu kernel: [ 4452.282293] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=14858 DF PROTO=TCP SPT=43051 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:27 ubuntu kernel: [ 4478.030553] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=17283 DF PROTO=TCP SPT=43306 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:32 ubuntu kernel: [ 4482.503334] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=2120 DF PROTO=TCP SPT=51972 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 12 09:35:48 ubuntu kernel: [ 4499.028392] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=14.192.210.71 DST=119.133.144.29 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=19137 DF PROTO=TCP SPT=43495 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
问题:
1.ufw防火墙添加了规则:sudo ufw logging on low
这条规则是捕获,怎样的数据包?
2.怎样分析这个日志?
Jun 12 09:22:29 ubuntu kernel: [ 3699.409981] [UFW LIMIT BLOCK] IN=ppp0 OUT= MAC= SRC=42.152.66.100 DST=119.133.144.29 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=133 DF PROTO=TCP SPT=64471 DPT=13211 WINDOW=8192 RES=0x00 SYN URGP=0
这是日志的第一行,它的每一栏是什么意思?
3.怎么由日志,分析出系统是否有问题?
远程电脑只连接本机,被ufw防火墙挡住了!
或远程电脑已连上了本机,ufw防火墙都挡不住!
...全文
请发表友善的回复…
发表回复
