惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
博客园 - 聂微东
Application and Cybersecurity Blog
Application and Cybersecurity Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
H
Help Net Security
L
LangChain Blog
T
Threat Research - Cisco Blogs
量子位
S
Securelist
Last Week in AI
Last Week in AI
L
Lohrmann on Cybersecurity
T
The Exploit Database - CXSecurity.com
P
Privacy International News Feed
The Hacker News
The Hacker News
Vercel News
Vercel News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Blog of Author Tim Ferriss
T
Threatpost
Security Latest
Security Latest
P
Palo Alto Networks Blog
Microsoft Security Blog
Microsoft Security Blog
NISL@THU
NISL@THU
F
Full Disclosure
WordPress大学
WordPress大学
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Heimdal Security Blog
J
Java Code Geeks
Recorded Future
Recorded Future
Hugging Face - Blog
Hugging Face - Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog RSS Feed
月光博客
月光博客
C
Cisco Blogs
V
Visual Studio Blog
D
DataBreaches.Net
H
Hacker News: Front Page
博客园 - 叶小钗
N
News and Events Feed by Topic
爱范儿
爱范儿
A
Arctic Wolf

刘荣星的博客

CentOS7 python2 安装 elasticsearch 模块 在VMWare Workstation虚拟机里使用 yubikey Gentoo Gnome 登陆界面开启触摸板轻击 python3去除emoji表情符号
记录几个内网广播包
JavasBoy · 2021-01-27 · via 刘荣星的博客

最近在VM虚拟机里调试iptables,发现网卡上面有很多DROP的数据包,开启iptables 记录日志功能,发现了以下几个日志非常频繁。

# 开启iptables 记录日志
iptables -A INPUT -i ens38 -j LOG --log-prefix "iptables_INPUT_ens38_DROP: " --log-level notice
iptables -A INPUT -i ens38 -j DROP

iptables -A OUTPUT -o ens38 -j LOG --log-prefix "iptables_OUTPUT_ens38_DROP: " --log-level notice
iptables -A OUTPUT -o ens38 -j DROP

日志文件

Jan 26 21:06:43 localhost kernel: iptables_INPUT_ens38_DROP: IN=ens38 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:c0:00:02:08:00 SRC=192.168.81.1 DST=192.168.81.255 LEN=291 TOS=0x00 PREC=0x00 TTL=128 ID=19920 PROTO=UDP SPT=54915 DPT=54
915 LEN=271 

Jan 27 09:50:13 localhost kernel: iptables_INPUT_ens38_DROP: IN=ens38 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:c0:00:02:08:00 SRC=192.168.81.1 DST=192.168.81.255 LEN=173 TOS=0x00 PREC=0x00 TTL=128 ID=59712 PROTO=UDP SPT=17500 DPT=17500 LEN=153 

第一个 UDP 5419端口的为 鼠标Logitech's 程序的广播包,详细的文档如下:

http://support.moonpoint.com/network/udp/port_54915/

Why may you see UDP packets with a source port of 54915 and a destination port of 54915 being sent to the broadcast address for a subnet? When I searched for information on these packets, I found they are associated with Logitech's Arx control software. Logitech states in regards to that software:

Win the information war and stay ahead of the competition with critical in-game information on your tablet or smartphone. Arx control serves as a second screen for supported titles.

Arx Control lets you monitor and control your Logitech G peripherals without ever leaving the game. Fine-tune your mouse DPI in real time, or call up a list of your G-Key macros for quick reference right on your smartphone or tablet device.

Troubleshoot and monitor your system hardware with GPU/CPU temperatures and usage levels. Control your media or launch games remotely with built-in controls.

Arx Control is available on Android and iOS on tablets and smartphones, and works on any system with Logitech Gaming Software installed. Stand your smartphone upright in the adjustable Arx Smart Dock, on select Logitech keyboards, for convenient viewing.

You can find the software on Apple's App Store at Logitech Arx Control. The page states "This app is only available on the App Store for iOS devices. Apple employs the iOS operating system on its iPhoneiPad, and iPod Touch devices. The software apparently looks for other devices with the Arx Conrol software installed by sending out the broadcast packets to UDP port 54,915 and then waits for those devices to respond.

第二个 UDP 包17500 为 DropBox 的LAN同步功能发的广播包。

关闭掉程序或者禁用这个LAN同步,以上两个广播包消失。