一次观察NETGEAR的log引起的小排查
一直从51CTO获取各种能量,几年前也暗暗下决心要写些有用的出来分享给大家。后来一直各种原因未能如愿,今天就先分享一个小case,只是记录一下这个事情,如果这个小case可以帮助到一些人也是很好的 : )
首先说结论:
优酷客户端,即使没有人观看,还是会和外界通信上传分享带宽。马上改设置,改成只要点击关闭优酷客户端就马上退出程序(默认是点击关闭按钮继续保持在后台运行)。
闲着无聊,配置了家里的NETGEAR的log邮件自动发送。
一次中午休息时间翻看Email,突然发现一系列的不对劲log,因为这个时间,家里小孩应该和外婆都睡着了。不应该会有持续的流量访问记录。试着追溯了一下,不看不知道,一看吓一跳,每天的情况都是这样。log如下:
[Site allowed: pss.alicdn.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:13:24
[Site allowed: gm.mmstat.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:12:38
[LAN access from remote] from180.166.203.34:27842 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:46
[LAN access from remote] from180.168.204.233:44983 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:46
[LAN access from remote] from116.227.132.241:54087 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:36
[LAN access from remote] from182.141.198.193:13795 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:35
[LAN access from remote] from101.81.29.75:53954 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26
[LAN access from remote] from182.141.198.193:13777 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26
[LAN access from remote] from182.141.198.193:14396 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26
[LAN access from remote] from180.166.203.34:5217 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:16
[LAN access from remote] from180.168.204.233:44963 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:16
[LAN access from remote] from116.227.132.241:53702 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:06
[LAN access from remote] from 101.81.29.75:53790to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:56
[LAN access from remote] from180.175.6.58:52103 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:56
[LAN access from remote] from180.166.203.34:45697 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:46
[LAN access from remote] from180.168.204.233:44952 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:46
[LAN access from remote] from117.42.108.159:4466 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:42
[LAN access from remote] from117.42.108.159:51342 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:42
[LAN access from remote] from124.79.39.187:49701 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36
[LAN access from remote] from116.227.132.241:53421 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36
[LAN access from remote] from180.175.212.180:54779 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36
[LAN access from remote] from124.236.156.4:10585 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:31
[LAN access from remote] from101.81.29.75:53673 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:26
[LAN access from remote] from47.93.39.123:42742 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:08
[LAN access from remote] from47.93.39.123:10001 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:08
[LAN access from remote] from 47.93.32.48:10002to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:02
[LAN access from remote] from47.93.32.48:57248 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:02
[LAN access from remote] from47.93.37.222:58968 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:56
[LAN access from remote] from47.93.37.222:10001 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:56
[Site allowed: 47.92.21.16] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:54
[LAN access from remote] from47.93.36.75:56338 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:50
[LAN access from remote] from123.56.3.233:10002 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:44
[LAN access from remote] from123.56.3.233:58070 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:44
[Site allowed: pis.alicdn.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:44
[Site allowed: pcs-sdk-server.alibaba.com]from source 10.0.0.6, Tuesday, Oct 31,2017 13:08:29
[Site allowed: filesupload.b0.upaiyun.com]from source 10.0.0.6, Tuesday, Oct 31,2017 13:08:25
[Site allowed: pc.ad-safe.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:25
[DHCP IP: (10.0.0.6)] to MAC addressC8:60:00:DE:0B:69, Tuesday, Oct 31,2017 13:08:25
[LAN access from remote] from36.62.91.114:35954 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:20
[LAN access from remote] from36.62.91.114:37431 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:20
[LAN access from remote] from114.82.32.214:50969 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:51
[LAN access from remote] from180.137.26.202:4408 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:45
[LAN access from remote] from116.224.135.178:59529 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:41
[LAN access from remote] from61.172.177.131:52028 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:41
[LAN access from remote] from 116.236.133.178:10921to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:40
[LAN access from remote] from180.137.26.202:1931 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:36
[LAN access from remote] from180.137.26.202:4407 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:36
[LAN access from remote] from139.226.64.15:35064 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:31
[LAN access from remote] from116.236.133.178:10920 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:31
已知: 4466是优酷客户端打通uPNP使用的本地端口。
那么问题来了,开始提出假设:
1,每天外婆在家里带娃,一直都看着电视带???
2,不是外婆看的,那是她们睡觉了以后,有人远程这台电脑看的? 楼主这台路由器配置了MAC准入,手里也有家里所有设备的MAC列表,所以可以确认这个MAC是家里客厅的台式机的。
开始求证结论:
抱着验证的想法,回到家,试着故意开着电脑,开着优酷客户端,但不进行播放视频。锁定以后观察日志,发现原来是优酷客户端的原因,即使没有人观看,还是会和外界通信上传分享带宽。马上改设置,改成只要点击关闭优酷客户端就马上推出程序(默认是点击关闭按钮继续保持在后台运行)。问题解决。
Note:
而且优酷这个客户端还有个恶心的地方,它会阻止这台电脑进入休眠,楼主配置了10分钟进入休眠,但是打开这个客户端的时候,就久久无法进入休眠,当然这个也有可能是楼主的电脑其它的问题导致。但是关闭这个客户端,休眠时间到了就正常进入休眠。