温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

一次观察NETGEAR的log引起的小排查

发布时间:2020-08-01 11:21:05 来源:网络 阅读:1709 作者:nightrover 栏目:网络管理

一直从51CTO获取各种能量,几年前也暗暗下决心要写些有用的出来分享给大家。后来一直各种原因未能如愿,今天就先分享一个小case,只是记录一下这个事情,如果这个小case可以帮助到一些人也是很好的 : )



首先说结论:

优酷客户端,即使没有人观看,还是会和外界通信上传分享带宽。马上改设置,改成只要点击关闭优酷客户端就马上退出程序(默认是点击关闭按钮继续保持在后台运行)。


闲着无聊,配置了家里的NETGEAR的log邮件自动发送。


一次中午休息时间翻看Email,突然发现一系列的不对劲log,因为这个时间,家里小孩应该和外婆都睡着了。不应该会有持续的流量访问记录。试着追溯了一下,不看不知道,一看吓一跳,每天的情况都是这样。log如下:

[Site allowed: pss.alicdn.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:13:24

[Site allowed: gm.mmstat.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:12:38

[LAN access from remote] from180.166.203.34:27842 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:46

[LAN access from remote] from180.168.204.233:44983 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:46

[LAN access from remote] from116.227.132.241:54087 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:36

[LAN access from remote] from182.141.198.193:13795 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:35

[LAN access from remote] from101.81.29.75:53954 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26

[LAN access from remote] from182.141.198.193:13777 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26

[LAN access from remote] from182.141.198.193:14396 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26

[LAN access from remote] from180.166.203.34:5217 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:16

[LAN access from remote] from180.168.204.233:44963 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:16

[LAN access from remote] from116.227.132.241:53702 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:06

[LAN access from remote] from 101.81.29.75:53790to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:56

[LAN access from remote] from180.175.6.58:52103 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:56

[LAN access from remote] from180.166.203.34:45697 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:46

[LAN access from remote] from180.168.204.233:44952 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:46

[LAN access from remote] from117.42.108.159:4466 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:42

[LAN access from remote] from117.42.108.159:51342 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:42

[LAN access from remote] from124.79.39.187:49701 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36

[LAN access from remote] from116.227.132.241:53421 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36

[LAN access from remote] from180.175.212.180:54779 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36

[LAN access from remote] from124.236.156.4:10585 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:31

[LAN access from remote] from101.81.29.75:53673 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:26

[LAN access from remote] from47.93.39.123:42742 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:08

[LAN access from remote] from47.93.39.123:10001 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:08

[LAN access from remote] from 47.93.32.48:10002to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:02

[LAN access from remote] from47.93.32.48:57248 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:02

[LAN access from remote] from47.93.37.222:58968 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:56

[LAN access from remote] from47.93.37.222:10001 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:56

[Site allowed: 47.92.21.16] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:54

[LAN access from remote] from47.93.36.75:56338 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:50

[LAN access from remote] from123.56.3.233:10002 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:44

[LAN access from remote] from123.56.3.233:58070 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:44

[Site allowed: pis.alicdn.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:44

[Site allowed: pcs-sdk-server.alibaba.com]from source 10.0.0.6, Tuesday, Oct 31,2017 13:08:29

[Site allowed: filesupload.b0.upaiyun.com]from source 10.0.0.6, Tuesday, Oct 31,2017 13:08:25

[Site allowed: pc.ad-safe.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:25

[DHCP IP: (10.0.0.6)] to MAC addressC8:60:00:DE:0B:69, Tuesday, Oct 31,2017 13:08:25

[LAN access from remote] from36.62.91.114:35954 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:20

[LAN access from remote] from36.62.91.114:37431 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:20

[LAN access from remote] from114.82.32.214:50969 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:51

[LAN access from remote] from180.137.26.202:4408 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:45

[LAN access from remote] from116.224.135.178:59529 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:41

[LAN access from remote] from61.172.177.131:52028 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:41

[LAN access from remote] from 116.236.133.178:10921to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:40

[LAN access from remote] from180.137.26.202:1931 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:36

[LAN access from remote] from180.137.26.202:4407 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:36

[LAN access from remote] from139.226.64.15:35064 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:31

[LAN access from remote] from116.236.133.178:10920 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:31


已知: 4466是优酷客户端打通uPNP使用的本地端口。


那么问题来了,开始提出假设:

1,每天外婆在家里带娃,一直都看着电视带???


2,不是外婆看的,那是她们睡觉了以后,有人远程这台电脑看的?  楼主这台路由器配置了MAC准入,手里也有家里所有设备的MAC列表,所以可以确认这个MAC是家里客厅的台式机的。


开始求证结论:

抱着验证的想法,回到家,试着故意开着电脑,开着优酷客户端,但不进行播放视频。锁定以后观察日志,发现原来是优酷客户端的原因,即使没有人观看,还是会和外界通信上传分享带宽。马上改设置,改成只要点击关闭优酷客户端就马上推出程序(默认是点击关闭按钮继续保持在后台运行)。问题解决。


Note:

而且优酷这个客户端还有个恶心的地方,它会阻止这台电脑进入休眠,楼主配置了10分钟进入休眠,但是打开这个客户端的时候,就久久无法进入休眠,当然这个也有可能是楼主的电脑其它的问题导致。但是关闭这个客户端,休眠时间到了就正常进入休眠。



向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI