Sobe-Datac: Vorfall – Zugriffe auf Chinesische Server
Das Syslog-Protokoll des Servers enthält innerhalb der letzten 10 Tage ca. 1.400.000 Einträge für Firewall-Blockierungen von DPort 21116.
Beispiel-Einträge:
id | Datum/Uhrzeit | Host | Art | Tag |
34051682 | 2023-08-22 18:00:33 | UbuntuSrv | 0 | kernel: |
[1133564.471736] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10010 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051681 | 2023-08-22 18:00:32 | UbuntuSrv | 0 | kernel: |
[1133563.474998] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43842 PROTO=UDP SPT=56886 DPT=21116 LEN=23 | 4 | |||
34051680 | 2023-08-22 18:00:32 | UbuntuSrv | 0 | kernel: |
[1133563.474885] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18364 PROTO=UDP SPT=56888 DPT=21116 LEN=23 | 4 | |||
34051679 | 2023-08-22 18:00:32 | UbuntuSrv | 0 | kernel: |
[1133563.474834] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10009 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051678 | 2023-08-22 18:00:31 | UbuntuSrv | 0 | kernel: |
[1133562.466103] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10008 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051677 | 2023-08-22 18:00:31 | UbuntuSrv | 0 | kernel: |
[1133562.454938] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43841 PROTO=UDP SPT=56886 DPT=21116 LEN=23 | 4 | |||
34051676 | 2023-08-22 18:00:31 | UbuntuSrv | 0 | kernel: |
[1133562.450976] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18363 PROTO=UDP SPT=56888 DPT=21116 LEN=23 | 4 | |||
34051675 | 2023-08-22 18:00:30 | UbuntuSrv | 0 | kernel: |
[1133561.447893] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18362 PROTO=UDP SPT=56888 DPT=21116 LEN=23 | 4 | |||
34051674 | 2023-08-22 18:00:30 | UbuntuSrv | 0 | kernel: |
[1133561.447869] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43840 PROTO=UDP SPT=56886 DPT=21116 LEN=23 | 4 | |||
34051673 | 2023-08-22 18:00:30 | UbuntuSrv | 0 | kernel: |
[1133561.447812] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10007 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051672 | 2023-08-22 18:00:28 | UbuntuSrv | 0 | kernel: |
[1133559.466787] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10006 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051671 | 2023-08-22 18:00:28 | UbuntuSrv | 0 | kernel: |
[1133559.465984] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43839 PROTO=UDP SPT=56886 DPT=21116 LEN=23 | 4 | |||
34051670 | 2023-08-22 18:00:28 | UbuntuSrv | 0 | kernel: |
[1133559.451219] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18361 PROTO=UDP SPT=56888 DPT=21116 LEN=23 | 4 | |||
34051669 | 2023-08-22 18:00:27 | UbuntuSrv | 0 | kernel: |
[1133558.466066] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18360 PROTO=UDP SPT=56888 DPT=21116 LEN=23 | 4 | |||
34051668 | 2023-08-22 18:00:27 | UbuntuSrv | 0 | kernel: |
[1133558.466030] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10005 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051667 | 2023-08-22 18:00:27 | UbuntuSrv | 0 | kernel: |
[1133558.465969] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43838 PROTO=UDP SPT=56886 DPT=21116 LEN=23 | 4 | |||
34051666 | 2023-08-22 18:00:25 | UbuntuSrv | 0 | kernel: |
[1133556.474689] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10004 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 | |||
34051665 | 2023-08-22 18:00:25 | UbuntuSrv | 0 | kernel: |
[1133556.473980] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=124.70.190.43 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=43837 PROTO=UDP SPT=56886 DPT=21116 LEN=23 | 4 | |||
34051664 | 2023-08-22 18:00:25 | UbuntuSrv | 0 | kernel: |
[1133556.466148] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=167.179.67.29 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=18359 PROTO=UDP SPT=56888 DPT=21116 LEN=23 | 4 | |||
34051663 | 2023-08-22 18:00:24 | UbuntuSrv | 0 | kernel: |
[1133555.466572] [FW] DENY LAN to WAN: IN=lan0 OUT=eth0 MAC=a0:48:1c:b8:51:1d:52:54:00:37:1f:57:08:00 SRC=172.20.10.11 DST=155.138.247.159 LEN=43 TOS=0x00 PREC=0x00 TTL=126 ID=10003 PROTO=UDP SPT=56887 DPT=21116 LEN=23 | 4 |
Beispiele für Zieladressen:
ASN | AS20473 – The Constant Company, LLC |
Hostname | 167.179.67.29.vultrusercontent.com |
Range | 167.179.64.0/18 |
Company | The Constant Company, LLC |
155.138.247.159
ASN | AS55990 – Huawei Cloud Service data center |
Hostname | ecs-124-70-190-43.compute.hwclouds-dns.com |
Range | 124.70.128.0/18 |
Company | Huawei Public Cloud Service (Huawei Software Technologies Ltd.Co) |
Wie vertrauensvoll sind diese Server?