服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 什么服务使用UDP端口60059?
Intereting Posts
configurationJetty作为服务 – 如何? nginx phpmyadmin 404 交换做DKIM 本地安全策略/ Windows更新权限问题Server 2012 R2 如何在TXTlogging中使用包含语句? 按下电源closuresbutton已在HP Active Health System日志中注册? BASH脚本的这部分是如何工作的? 戴尔摸索OpenManage安装过程,忘记写文档? 用户从CSVDE导入后用户login名称不正确 我可以使用NLB在同一个(n)个服务器上平衡多个站点吗? Windows Server 2003 DC迁移到2 x 2012 R2 DC – DCDiag错误=广告:服务器不响应或不被考虑适用 OpenOffice无头模式 – 临时目录? Nginx可否redirect或重写以“?”开头而不使用“if”指令的url? validation发送数据包对接收的数据包? Exchange Server 2007 – Windows集成身份validation

什么服务使用UDP端口60059?

我收到了来自logcheck的一封电子邮件,其中包含许多尝试连接到UDP端口60059的邮件。 

This email is sent by logcheck. If you no longer wish to receive such mail, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). System Events =-=-=-=-=-=-= Jul 29 04:42:02 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=171 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=58250 DPT=60059 LEN=151 Jul 29 04:42:03 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=171 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=58058 DPT=60059 LEN=151 Jul 29 04:42:06 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=65.75.216.14 DST=my.ip.add.ress LEN=192 TOS=0x00 PREC=0x00 TTL=119 ID=7012 PROTO=UDP SPT=1031 DPT=60059 LEN=172 Jul 29 04:42:12 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=93.193.28.53 DST=my.ip.add.ress LEN=201 TOS=0x00 PREC=0x00 TTL=110 ID=25276 PROTO=UDP SPT=62765 DPT=60059 LEN=181 Jul 29 04:42:15 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=171 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=2499 DPT=60059 LEN=151 Jul 29 04:42:15 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=87.118.106.136 DST=my.ip.add.ress LEN=218 TOS=0x00 PREC=0x00 TTL=119 ID=21989 PROTO=UDP SPT=16699 DPT=60059 LEN=198 Jul 29 04:42:18 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=64.25.177.219 DST=my.ip.add.ress LEN=151 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=UDP SPT=55535 DPT=60059 LEN=131 Jul 29 04:42:19 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.95.131 DST=my.ip.add.ress LEN=141 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=4183 DPT=60059 LEN=121 Jul 29 04:42:23 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=180.28.163.114 DST=my.ip.add.ress LEN=103 TOS=0x00 PREC=0x00 TTL=111 ID=2050 PROTO=UDP SPT=1419 DPT=60059 LEN=83 Jul 29 04:42:32 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=87.10.109.97 DST=my.ip.add.ress LEN=144 TOS=0x00 PREC=0x00 TTL=112 ID=45314 PROTO=UDP SPT=61715 DPT=60059 LEN=124 Jul 29 04:42:32 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=96.237.240.66 DST=my.ip.add.ress LEN=111 TOS=0x00 PREC=0x00 TTL=112 ID=11398 PROTO=UDP SPT=3670 DPT=60059 LEN=91 Jul 29 04:42:34 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=67.0.76.62 DST=my.ip.add.ress LEN=97 TOS=0x00 PREC=0x00 TTL=118 ID=27883 PROTO=UDP SPT=6257 DPT=60059 LEN=77 Jul 29 04:42:37 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=46.163.65.86 DST=my.ip.add.ress LEN=199 TOS=0x00 PREC=0x00 TTL=117 ID=31816 PROTO=UDP SPT=61319 DPT=60059 LEN=179 Jul 29 04:42:38 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=95.97.106.138 DST=my.ip.add.ress LEN=211 TOS=0x00 PREC=0x00 TTL=116 ID=33070 PROTO=UDP SPT=3194 DPT=60059 LEN=191 Jul 29 04:42:41 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.182.190 DST=my.ip.add.ress LEN=200 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=48604 DPT=60059 LEN=180 Jul 29 04:42:41 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=91.121.182.190 DST=my.ip.add.ress LEN=192 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=30457 DPT=60059 LEN=172 Jul 29 04:42:41 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=91.121.182.190 DST=my.ip.add.ress LEN=192 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=50706 DPT=60059 LEN=172 Jul 29 04:42:42 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=84.19.190.64 DST=my.ip.add.ress LEN=139 TOS=0x00 PREC=0x00 TTL=56 ID=825 PROTO=UDP SPT=50758 DPT=60059 LEN=119 Jul 29 04:42:50 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=80.90.43.30 DST=my.ip.add.ress LEN=182 TOS=0x00 PREC=0x00 TTL=116 ID=30710 PROTO=UDP SPT=49846 DPT=60059 LEN=162 Jul 29 04:42:50 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=80.90.43.30 DST=my.ip.add.ress LEN=186 TOS=0x00 PREC=0x00 TTL=116 ID=30724 PROTO=UDP SPT=49856 DPT=60059 LEN=166 Jul 29 04:42:58 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=84.19.176.44 DST=my.ip.add.ress LEN=173 TOS=0x00 PREC=0x00 TTL=119 ID=12730 PROTO=UDP SPT=57695 DPT=60059 LEN=153 Jul 29 04:43:01 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=87.118.126.158 DST=my.ip.add.ress LEN=191 TOS=0x00 PREC=0x00 TTL=120 ID=30862 PROTO=UDP SPT=4822 DPT=60059 LEN=171 Jul 29 04:43:03 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=83.169.12.172 DST=my.ip.add.ress LEN=197 TOS=0x00 PREC=0x00 TTL=117 ID=29081 PROTO=UDP SPT=1641 DPT=60059 LEN=177 Jul 29 04:43:14 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=74.77.32.249 DST=my.ip.add.ress LEN=167 TOS=0x00 PREC=0x00 TTL=116 ID=30903 PROTO=UDP SPT=2112 DPT=60059 LEN=147 Jul 29 04:43:20 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=221.31.22.19 DST=my.ip.add.ress LEN=43 TOS=0x00 PREC=0x00 TTL=105 ID=2597 PROTO=UDP SPT=6257 DPT=60059 LEN=23 Jul 29 04:43:23 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=68.50.247.147 DST=my.ip.add.ress LEN=190 TOS=0x00 PREC=0x00 TTL=114 ID=25950 PROTO=UDP SPT=59025 DPT=60059 LEN=170 Jul 29 04:43:23 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:7c:75:3f:08:00 SRC=68.50.247.147 DST=my.ip.add.ress LEN=169 TOS=0x00 PREC=0x00 TTL=114 ID=25952 PROTO=UDP SPT=59027 DPT=60059 LEN=149 Jul 29 04:43:31 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=46.163.65.86 DST=my.ip.add.ress LEN=199 TOS=0x00 PREC=0x00 TTL=117 ID=12987 PROTO=UDP SPT=56856 DPT=60059 LEN=179 Jul 29 04:43:56 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=90.217.77.104 DST=my.ip.add.ress LEN=177 TOS=0x00 PREC=0x00 TTL=115 ID=14304 PROTO=UDP SPT=2711 DPT=60059 LEN=157 Jul 29 04:44:12 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=178.84.75.190 DST=my.ip.add.ress LEN=142 TOS=0x00 PREC=0x00 TTL=118 ID=41799 PROTO=UDP SPT=2844 DPT=60059 LEN=122 Jul 29 04:44:45 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=24.98.60.84 DST=my.ip.add.ress LEN=177 TOS=0x00 PREC=0x00 TTL=111 ID=2423 PROTO=UDP SPT=3968 DPT=60059 LEN=157 Jul 29 04:45:43 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=114.184.78.145 DST=my.ip.add.ress LEN=124 TOS=0x00 PREC=0x00 TTL=109 ID=8715 PROTO=UDP SPT=1262 DPT=60059 LEN=104 Jul 29 04:45:50 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=120.197.11.29 DST=my.ip.add.ress LEN=28 TOS=0x00 PREC=0x00 TTL=110 ID=19599 PROTO=ICMP TYPE=8 CODE=0 ID=299 SEQ=44068 Jul 29 04:46:14 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=114.184.78.145 DST=my.ip.add.ress LEN=124 TOS=0x00 PREC=0x00 TTL=109 ID=18607 PROTO=UDP SPT=1277 DPT=60059 LEN=104 Jul 29 04:48:34 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=79.27.22.113 DST=my.ip.add.ress LEN=109 TOS=0x00 PREC=0x00 TTL=114 ID=17010 PROTO=UDP SPT=63869 DPT=60059 LEN=89 Jul 29 04:48:34 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=79.27.22.113 DST=my.ip.add.ress LEN=105 TOS=0x00 PREC=0x00 TTL=114 ID=17013 PROTO=UDP SPT=63873 DPT=60059 LEN=85 Jul 29 04:52:04 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=193.40.58.14 DST=my.ip.add.ress LEN=165 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=16699 DPT=60059 LEN=145 Jul 29 04:52:22 myserver kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=fe:fd:42:e4:26:54:88:43:e1:a4:04:ff:08:00 SRC=193.40.58.14 DST=my.ip.add.ress LEN=165 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=16699 DPT=60059 LEN=145

netstat -lnptu的结果显示如下: 

 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2178/mysqld tcp 0 0 0.0.0.0:33519 0.0.0.0:* LISTEN 1387/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1375/portmap tcp 0 0 0.0.0.0:4949 0.0.0.0:* LISTEN 3391/munin-node tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2193/vsftpd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2246/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2933/master tcp6 0 0 :::80 :::* LISTEN 748/apache2 tcp6 0 0 :::22 :::* LISTEN 2246/sshd udp 0 0 0.0.0.0:68 0.0.0.0:* 1859/dhclient udp 0 0 0.0.0.0:111 0.0.0.0:* 1375/portmap udp 0 0 my.ip.add.ress:123 0.0.0.0:* 3325/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 3325/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 3325/ntpd udp 0 0 0.0.0.0:715 0.0.0.0:* 1387/rpc.statd udp 0 0 0.0.0.0:57208 0.0.0.0:* 1387/rpc.statd udp6 0 0 ::1:123 :::* 3325/ntpd udp6 0 0 fe80::fcfd:42ff:fee:123 :::* 3325/ntpd udp6 0 0 :::123 :::* 3325/ntpd

有谁知道这个端口上可能运行什么? 这是我应该担心的吗? 我应该考虑拒绝来自有问题的IP地址的传入连接吗?

那个港口没有知名的服务。 C&C(“命令和控制”)会监听那个端口。 无论是有人盲目扫描寻找机器人的现有实例,或者你被感染,恶意软件设法得到它的“我在这里”向C&C发出信号,但是你的防火墙阻止了实际控制机器人的尝试。 鉴于源IP的种类繁多,我倾向于认为这是一个分布式盲扫。

如果正在进行中,stream量的数据包转储可能对某人非常有用。