什么服务使用 UDP 端口 60059？

Question

什么服务使用 UDP 端口 60059？

我收到了一封来自 logcheck 的电子邮件，其中包含与 UDP 端口 60059 的许多尝试连接。

This email is sent by logcheck. If you no longer wish to receive
such mail, you can either deinstall the logcheck package or modify
its configuration file (/etc/logcheck/logcheck.conf).

System Events
=-=-=-=-=-=-=
Jul 29 04:42:02 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=171 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=58250 DPT=60059 LEN=151
Jul 29 04:42:03 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=171 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=58058 DPT=60059 LEN=151
Jul 29 04:42:06 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=65.75.216.14 DST=my.ip.add.ress LEN=192 TOS=0x00 PREC=0x00 TTL=119 ID=7012 PROTO=UDP SPT=1031 DPT=60059 LEN=172
Jul 29 04:42:12 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=93.193.28.53 DST=my.ip.add.ress LEN=201 TOS=0x00 PREC=0x00 TTL=110 ID=25276 PROTO=UDP SPT=62765 DPT=60059 LEN=181
Jul 29 04:42:15 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=171 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=2499 DPT=60059 LEN=151
Jul 29 04:42:15 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=87.118.106.136 DST=my.ip.add.ress LEN=218 TOS=0x00 PREC=0x00 TTL=119 ID=21989 PROTO=UDP SPT=16699 DPT=60059 LEN=198
Jul 29 04:42:18 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=64.25.177.219 DST=my.ip.add.ress LEN=151 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=55535 DPT=60059 LEN=131
Jul 29 04:42:19 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=141 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=4183 DPT=60059 LEN=121
Jul 29 04:42:23 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=180.28.163.114 DST=my.ip.add.ress LEN=103 TOS=0x00 PREC=0x00 TTL=111 ID=2050 PROTO=UDP SPT=1419 DPT=60059 LEN=83
Jul 29 04:42:32 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=87.10.109.97 DST=my.ip.add.ress LEN=144 TOS=0x00 PREC=0x00 TTL=112 ID=45314 PROTO=UDP SPT=61715 DPT=60059 LEN=124
Jul 29 04:42:32 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=96.237.240.66 DST=my.ip.add.ress LEN=111 TOS=0x00 PREC=0x00 TTL=112 ID=11398 PROTO=UDP SPT=3670 DPT=60059 LEN=91
Jul 29 04:42:34 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=67.0.76.62 DST=my.ip.add.ress LEN=97 TOS=0x00 PREC=0x00 TTL=118 ID=27883 PROTO=UDP SPT=6257 DPT=60059 LEN=77
Jul 29 04:42:37 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=46.163.65.86 DST=my.ip.add.ress LEN=199 TOS=0x00 PREC=0x00 TTL=117 ID=31816 PROTO=UDP SPT=61319 DPT=60059 LEN=179
Jul 29 04:42:38 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=95.97.106.138 DST=my.ip.add.ress LEN=211 TOS=0x00 PREC=0x00 TTL=116 ID=33070 PROTO=UDP SPT=3194 DPT=60059 LEN=191
Jul 29 04:42:41 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.182.190 DST=my.ip.add.ress LEN=200 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=48604 DPT=60059 LEN=180
Jul 29 04:42:41 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.182.190 DST=my.ip.add.ress LEN=192 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=30457 DPT=60059 LEN=172
Jul 29 04:42:41 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=91.121.182.190 DST=my.ip.add.ress LEN=192 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=50706 DPT=60059 LEN=172
Jul 29 04:42:42 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=84.19.190.64 DST=my.ip.add.ress LEN=139 TOS=0x00 PREC=0x00 TTL=56 ID=825 PROTO=UDP SPT=50758 DPT=60059 LEN=119
Jul 29 04:42:50 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=80.90.43.30 DST=my.ip.add.ress LEN=182 TOS=0x00 PREC=0x00 TTL=116 ID=30710 PROTO=UDP SPT=49846 DPT=60059 LEN=162
Jul 29 04:42:50 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=80.90.43.30 DST=my.ip.add.ress LEN=186 TOS=0x00 PREC=0x00 TTL=116 ID=30724 PROTO=UDP SPT=49856 DPT=60059 LEN=166
Jul 29 04:42:58 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=84.19.176.44 DST=my.ip.add.ress LEN=173 TOS=0x00 PREC=0x00 TTL=119 ID=12730 PROTO=UDP SPT=57695 DPT=60059 LEN=153
Jul 29 04:43:01 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=87.118.126.158 DST=my.ip.add.ress LEN=191 TOS=0x00 PREC=0x00 TTL=120 ID=30862 PROTO=UDP SPT=4822 DPT=60059 LEN=171
Jul 29 04:43:03 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=83.169.12.172 DST=my.ip.add.ress LEN=197 TOS=0x00 PREC=0x00 TTL=117 ID=29081 PROTO=UDP SPT=1641 DPT=60059 LEN=177
Jul 29 04:43:14 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=74.77.32.249 DST=my.ip.add.ress LEN=167 TOS=0x00 PREC=0x00 TTL=116 ID=30903 PROTO=UDP SPT=2112 DPT=60059 LEN=147
Jul 29 04:43:20 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=221.31.22.19 DST=my.ip.add.ress LEN=43 TOS=0x00 PREC=0x00 TTL=105 ID=2597 PROTO=UDP SPT=6257 DPT=60059 LEN=23
Jul 29 04:43:23 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=68.50.247.147 DST=my.ip.add.ress LEN=190 TOS=0x00 PREC=0x00 TTL=114 ID=25950 PROTO=UDP SPT=59025 DPT=60059 LEN=170
Jul 29 04:43:23 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=68.50.247.147 DST=my.ip.add.ress LEN=169 TOS=0x00 PREC=0x00 TTL=114 ID=25952 PROTO=UDP SPT=59027 DPT=60059 LEN=149
Jul 29 04:43:31 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=46.163.65.86 DST=my.ip.add.ress LEN=199 TOS=0x00 PREC=0x00 TTL=117 ID=12987 PROTO=UDP SPT=56856 DPT=60059 LEN=179
Jul 29 04:43:56 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=90.217.77.104 DST=my.ip.add.ress LEN=177 TOS=0x00 PREC=0x00 TTL=115 ID=14304 PROTO=UDP SPT=2711 DPT=60059 LEN=157
Jul 29 04:44:12 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=178.84.75.190 DST=my.ip.add.ress LEN=142 TOS=0x00 PREC=0x00 TTL=118 ID=41799 PROTO=UDP SPT=2844 DPT=60059 LEN=122
Jul 29 04:44:45 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=24.98.60.84 DST=my.ip.add.ress LEN=177 TOS=0x00 PREC=0x00 TTL=111 ID=2423 PROTO=UDP SPT=3968 DPT=60059 LEN=157
Jul 29 04:45:43 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=114.184.78.145 DST=my.ip.add.ress LEN=124 TOS=0x00 PREC=0x00 TTL=109 ID=8715 PROTO=UDP SPT=1262 DPT=60059 LEN=104
Jul 29 04:45:50 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=120.197.11.29 DST=my.ip.add.ress LEN=28 TOS=0x00 PREC=0x00 TTL=110 ID=19599 PROTO=ICMP TYPE=8 CODE=0 ID=299 SEQ=44068
Jul 29 04:46:14 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=114.184.78.145 DST=my.ip.add.ress LEN=124 TOS=0x00 PREC=0x00 TTL=109 ID=18607 PROTO=UDP SPT=1277 DPT=60059 LEN=104
Jul 29 04:48:34 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=79.27.22.113 DST=my.ip.add.ress LEN=109 TOS=0x00 PREC=0x00 TTL=114 ID=17010 PROTO=UDP SPT=63869 DPT=60059 LEN=89
Jul 29 04:48:34 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=79.27.22.113 DST=my.ip.add.ress LEN=105 TOS=0x00 PREC=0x00 TTL=114 ID=17013 PROTO=UDP SPT=63873 DPT=60059 LEN=85
Jul 29 04:52:04 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=193.40.58.14 DST=my.ip.add.ress LEN=165 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=16699 DPT=60059 LEN=145
Jul 29 04:52:22 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=193.40.58.14 DST=my.ip.add.ress LEN=165 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=16699 DPT=60059 LEN=145

Run Code Online (Sandbox Code Playgroud)

的结果netstat -lnptu显示如下：

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      2178/mysqld
tcp        0      0 0.0.0.0:33519           0.0.0.0:*               LISTEN      1387/rpc.statd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1375/portmap
tcp        0      0 0.0.0.0:4949            0.0.0.0:*               LISTEN      3391/munin-node
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2193/vsftpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2246/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2933/master
tcp6       0      0 :::80                   :::*                    LISTEN      748/apache2
tcp6       0      0 :::22                   :::*                    LISTEN      2246/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1859/dhclient
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1375/portmap
udp        0      0 my.ip.add.ress:123        0.0.0.0:*                           3325/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           3325/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           3325/ntpd
udp        0      0 0.0.0.0:715             0.0.0.0:*                           1387/rpc.statd
udp        0      0 0.0.0.0:57208           0.0.0.0:*                           1387/rpc.statd
udp6       0      0 ::1:123                 :::*                                3325/ntpd
udp6       0      0 fe80::fcfd:42ff:fee:123 :::*                                3325/ntpd
udp6       0      0 :::123                  :::*                                3325/ntpd

Run Code Online (Sandbox Code Playgroud)

有谁知道这个端口上可能运行什么？这是我应该担心的事情吗？我应该考虑拒绝来自违规 IP 地址的传入连接吗？

Answer 1

wom*_*ble 7

该端口上没有众所周知的服务。它将是某个或其他机器人在该端口上侦听 C&C（“命令和控制”）。要么有人盲目扫描寻找机器人的现有实例，要么您被感染并且恶意软件设法向 C&C 发出“我在这里”的信号，但您的防火墙阻止了实际控制机器人的尝试。鉴于源 IP 种类繁多，我倾向于认为这是一种分布式盲扫描。

如果它正在进行，流量的数据包转储可能对某人很有用。

归档时间：	14 年，1 月前
查看次数：	358 次
最近记录：	14 年，1 月前