路由器里发现大量的类似:
Mar 10 12:23:29 dropbear[2476]: Child connection from 162.142.125.54:59664
Mar 10 12:23:29 dropbear[2476]: Exit before auth: Exited normally
Mar 10 12:23:30 dropbear[2482]: Child connection from 162.142.125.54:44580
Mar 10 12:23:45 dropbear[2482]: Exit before auth: Exited normally
Mar 10 12:30:00 dropbear[5074]: Child connection from 162.142.125.128:26548
Mar 10 12:30:01 dropbear[5074]: Exit before auth: Exited normally
循着这些IP去访问对方,发现打开一个网页,网页内容是:
 What is Censys?Censys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet. We regularly probe every public IP address and popular domain names, curate and enrich the resulting data, and make it intelligible through an interactive search engine and API. Enterprises use Censys to understand their network attack surfaces. CERTs and security researchers use it to discover new threats and assess their global impact. Censys was founded by computer scientists at the University of Michigan, and data we collect has been used in hundreds of scientific papers by researchers around the world. Censys Scanning and Data CollectionOne way that Censys finds publicly-reachable devices is by using Internet-wide scanning. We make a small number of harmless connection attempts to every IPv4 address worldwide each day. When we discover that a computer or device is configured to accept connections, we follow up by completing protocol handshakes to learn more about the running services. We never attempt to bypass any technical barriers, exploit security problems, or otherwise access non-public-facing services, and we follow community best practices to reduce any burden on remote networks. The only data we receive is information that is publicly visible to anyone who connects to a particular address and port. Censys scans the Internet from the 192.35.168.0/23, 162.142.125.0/24, 74.120.14.0/24, and 167.248.133.0/24 subnets, which you can allowlist or blocklist if you wish. We sometimes make follow-up connections from other machines at dynamic IP addresses, but blocking the addresses above is sufficient to prevent your device from appearing in our IPv4 dataset. Censys data is sometimes used by researchers and network administrators to detect security problems and alert the operators of vulnerable systems. If you block our scans, you might not receive these important security notifications. How to Reach UsIf you have questions about Censys scanning, please get in touch at support@censys.io.
谷歌翻译了一下: 什么是Censys?Censys是一个平台,可帮助信息安全从业人员发现,监视和分析可从Internet访问的设备。我们会定期探查每个公共IP地址和流行域名,管理和丰富由此产生的数据,并通过交互式搜索引擎和API使其易于理解。 企业使用Censys来了解其网络攻击面。CERT和安全研究人员使用它来发现新威胁并评估其全球影响。Censys由密歇根大学的计算机科学家创立,我们收集的数据已被世界各地的研究人员用于数百篇科学论文中。 Censys扫描和数据收集Censys查找可公开访问的设备的一种方法是使用Internet范围的扫描。每天我们都会对全球每个IPv4地址进行少量无害的连接尝试。当发现计算机或设备配置为接受连接时,我们将通过完成协议握手来进行后续操作,以了解有关正在运行的服务的更多信息。 我们从不试图绕过任何技术障碍,利用安全问题或以其他方式访问非面向公众的服务,并且我们遵循社区最佳实践来减轻远程网络的负担。我们收到的唯一数据是对连接到特定地址和端口的任何人公开可见的信息。 Censys扫描来自192.35.168.0/23、162.142.125.0/24、74.120.14.0/24和167.248.133.0/24子网的Internet,如果需要,可以允许或禁止这些子网。 我们有时会通过动态IP地址与其他计算机建立后续连接,但是阻止上述地址足以防止您的设备出现在我们的IPv4数据集中。 研究人员和网络管理员有时会使用Censys数据来检测安全问题并警告易受攻击的系统的操作员。如果您阻止我们的扫描,则可能不会收到这些重要的安全通知。 如何到达我们
这样看起来这货每天都挂着服务器在扫描公网可访问的设备,我的不知道怎么就被黑进来了,路由器上挂的移动硬盘里多个目录底下有很多个病毒,幸好有装杀毒软件的习惯,否则后果不堪设想,问下大家遇到这样的扫描攻击,有什么办法解决吗?路由器又有远程访问需求,所以不能完全关闭所有端口,该如何加强防范呢,padavan的挂载功能怎么会怎么容易被黑进来呢?
| 
简体中文
繁體中文
English
日本語
Deutsch
한국 사람
بالعربية
TÜRKÇE
português
คนไทย
IP卡
狗仔卡
发表于 2021-3-14 09:44
置顶卡
沉默卡
喧嚣卡
顶贴卡
显身卡
