|
潜水多年第一次发帖,调试好久了,实在没办法了。路由器是三台天邑 ty-6201a,mesh组网,原厂固件 。 使用过程中发现wifi会不定时断流,下载过程中尤为明显,速率会从八九MB突然掉到一两兆 或者直接掉为零,此时电脑关闭wifi再打开速率又会恢复为八九MB(不是关闭路由器 )。在断流过程中发现 ping外网(Baidu.com)是没问题的,但此时浏览器就是打不开任何网址,一直转圈。重连后就可以秒开、、、我首先就是怀疑过热 然后拆机 自己加装了散热风扇 怕电容失效两个电容都替换了。然后问题依旧。然后想起调取日志,发现貌似是被什么攻击了?求大神解惑
Security Log
------------------------
Sep 29 23:07:42 kern.info syslogd started: BusyBox v1.30.1
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:3a:1d:60:19:51:da:08:00 SRC=192.168.1.107 DST=122.192.14.186 LEN=53 TOS=0x00 PREC=0x00 TTL=63 ID=17608 PROTO=UDP SPT=55893 DPT=26886 LEN=33
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:3a:1d:60:19:51:da:08:00 SRC=192.168.1.107 DST=223.12.72.28 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=57830 PROTO=UDP SPT=12345 DPT=8148 LEN=49
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:c6:0c:86:2d:28:08:08:00 SRC=192.168.1.108 DST=42.203.33.167 LEN=134 TOS=0x00 PREC=0x00 TTL=63 ID=46513 DF PROTO=UDP SPT=44520 DPT=9904 LEN=114
Sep 29 23:07:42 kern.notice kernel: Intrusion arp flood==> IN=wl1 OUT= MAC source = c6:0c:86:2d:28:08 MAC dest = ff:ff:ff:ff:ff:ff proto = 0x0806
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:3a:1d:60:19:51:da:08:00 SRC=192.168.1.107 DST=183.212.243.246 LEN=70 TOS=0x00 PREC=0x00 TTL=63 ID=36610 PROTO=UDP SPT=12345 DPT=10445 LEN=50
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:c6:0c:86:2d:28:08:08:00 SRC=192.168.1.108 DST=221.223.195.162 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=12789 DF PROTO=UDP SPT=44669 DPT=12345 LEN=48
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:3a:1d:60:19:51:da:08:00 SRC=192.168.1.107 DST=223.81.116.32 LEN=70 TOS=0x00 PREC=0x00 TTL=63 ID=16146 PROTO=UDP SPT=12345 DPT=6622 LEN=50
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:c6:0c:86:2d:28:08:08:00 SRC=192.168.1.108 DST=223.210.19.32 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=6276 DF PROTO=UDP SPT=38897 DPT=12345 LEN=48
Sep 29 23:07:42 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:3a:1d:60:19:51:da:08:00 SRC=192.168.1.107 DST=1.189.5.2 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=58480 PROTO=UDP SPT=12345 DPT=12345 LEN=48
Sep 29 23:17:30 kern.warn httpd[24751]: user logged out
Sep 29 23:17:36 kern.notice httpd[24751]: user login success
Sep 29 23:19:01 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:3a:1d:60:19:51:da:08:00 SRC=192.168.1.107 DST=110.81.6.18 LEN=69 TOS=0x00 PREC=0x00 TTL=63 ID=12333 PROTO=UDP SPT=12345 DPT=21506 LEN=49
Sep 29 23:37:53 kern.warn kernel: Intrusion syn flood==>IN=br0 OUT=eth0.1 MAC=44:56:e2:8f:a9:10:ac:cb:51:ff:c7:b9:08:00 SRC=192.168.1.104 DST=39.144.42.65 LEN=77 TOS=0x00 PREC=0x00 TTL=63 ID=17800 DF PROTO=UDP SPT=28668 DPT=45039 LEN=57
Sep 29 23:59:10 kern.notice httpd[26916]: user login success
|
|