Sobe-Datac: Vorfall – Zugriffe auf Chinesische Server

Das Syslog-Protokoll des Servers enthält innerhalb der letzten 10 Tage ca. 1.400.000 Einträge für Firewall-Blockierungen von DPort 21116.

Beispiel-Einträge:

idDatum/UhrzeitHostArtTag
340516822023-08-22 18:00:33UbuntuSrv0kernel:
[1133564.471736] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10010 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516812023-08-22 18:00:32UbuntuSrv0kernel:
[1133563.474998] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43842 PROTO=UDP SPT=56886 DPT=21116 LEN=234
340516802023-08-22 18:00:32UbuntuSrv0kernel:
[1133563.474885] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18364 PROTO=UDP SPT=56888 DPT=21116 LEN=234
340516792023-08-22 18:00:32UbuntuSrv0kernel:
[1133563.474834] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10009 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516782023-08-22 18:00:31UbuntuSrv0kernel:
[1133562.466103] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10008 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516772023-08-22 18:00:31UbuntuSrv0kernel:
[1133562.454938] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43841 PROTO=UDP SPT=56886 DPT=21116 LEN=234
340516762023-08-22 18:00:31UbuntuSrv0kernel:
[1133562.450976] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18363 PROTO=UDP SPT=56888 DPT=21116 LEN=234
340516752023-08-22 18:00:30UbuntuSrv0kernel:
[1133561.447893] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18362 PROTO=UDP SPT=56888 DPT=21116 LEN=234
340516742023-08-22 18:00:30UbuntuSrv0kernel:
[1133561.447869] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43840 PROTO=UDP SPT=56886 DPT=21116 LEN=234
340516732023-08-22 18:00:30UbuntuSrv0kernel:
[1133561.447812] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10007 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516722023-08-22 18:00:28UbuntuSrv0kernel:
[1133559.466787] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10006 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516712023-08-22 18:00:28UbuntuSrv0kernel:
[1133559.465984] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43839 PROTO=UDP SPT=56886 DPT=21116 LEN=234
340516702023-08-22 18:00:28UbuntuSrv0kernel:
[1133559.451219] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18361 PROTO=UDP SPT=56888 DPT=21116 LEN=234
340516692023-08-22 18:00:27UbuntuSrv0kernel:
[1133558.466066] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18360 PROTO=UDP SPT=56888 DPT=21116 LEN=234
340516682023-08-22 18:00:27UbuntuSrv0kernel:
[1133558.466030] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10005 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516672023-08-22 18:00:27UbuntuSrv0kernel:
[1133558.465969] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43838 PROTO=UDP SPT=56886 DPT=21116 LEN=234
340516662023-08-22 18:00:25UbuntuSrv0kernel:
[1133556.474689] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10004 PROTO=UDP SPT=56887 DPT=21116 LEN=234
340516652023-08-22 18:00:25UbuntuSrv0kernel:
[1133556.473980] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43837 PROTO=UDP SPT=56886 DPT=21116 LEN=234
340516642023-08-22 18:00:25UbuntuSrv0kernel:
[1133556.466148] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18359 PROTO=UDP SPT=56888 DPT=21116 LEN=234
340516632023-08-22 18:00:24UbuntuSrv0kernel:
[1133555.466572] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10003 PROTO=UDP SPT=56887 DPT=21116 LEN=234
Syslog

Beispiele für Zieladressen:

ASNAS20473 – The Constant Company, LLC
Hostname167.179.67.29.vultrusercontent.com
Range167.179.64.0/18
CompanyThe Constant Company, LLC
Japan

155.138.247.159

CountryUnited States
Domainvultr.com
ASNAS20473
Registryarin
USA

ASNAS55990 – Huawei Cloud Service data center
Hostnameecs-124-70-190-43.compute.hwclouds-dns.com
Range124.70.128.0/18
CompanyHuawei Public Cloud Service (Huawei Software Technologies Ltd.Co)
China

Wie vertrauensvoll sind diese Server?