亚马逊 EC2 实例上的可疑网络活动
[英]Suspicious network activity on amazon EC2 instance
问题描述
I have created an amazon ec2 instance and I am hosting a flask server (the public ip of the server is known only to another server, it is not meant to be used by clients but only by another computer).
我已经创建了一个 amazon ec2 实例并且我正在托管一个 flask 服务器(服务器的公共 ip 只有另一台服务器知道,它并不意味着被客户端使用,而只能被另一台计算机使用)。
For some reason, I am receiving a weird.network activity:出于某种原因,我收到了一个 weird.network 活动:
From the logs:从日志:
162.142.125.10 - - [18/Apr/2022 19:45:39] "GET / HTTP/1.1" 200 -
118.123.105.85 - - [18/Apr/2022 20:06:30] "GET / HTTP/1.0" 200 -
198.235.24.20 - - [18/Apr/2022 22:37:16] "GET / HTTP/1.1" 200 -
128.14.209.250 - - [19/Apr/2022 01:24:07] "GET / HTTP/1.1" 200 -
128.14.209.250 - - [19/Apr/2022 01:24:15] code 400, message Bad request version ('À\x14À')
128.14.209.250 - - [19/Apr/2022 07:05:32] "▬♥☺ ±☺ ♥♥Ýfé$0±6nu♀¤♫ëe éSV∟É#☼ß↨♠\ VÀ◄ÀÀ‼À À¶À" HTTPStatus.BAD_REQUEST -
I have looked all these IPs and they are across the globe.我查看了所有这些 IP,它们遍布全球。
Why am I getting these kind of requests?为什么我会收到这些请求? What are they probably trying to achieve?他们可能想要达到什么目的?
[EDIT] [编辑]
162.142.125.10 -> https://about.censys.io/
118.123.105.85 -> ChinaNet Sichuan Province Network
198.235.24.20 -> Palo Alto Networks Inc
128.14.209.250 -> zl-dal-us-gp1-wk123.internet-census.org
1 个解决方案
解决方案1
2 已采纳 2022-04-20 03:57:48
As others said, it's common that bots and (ethical?) hackers around the world scan your machine if it's on a public.network.正如其他人所说,如果您的机器在公共网络上,世界各地的机器人和(道德?)黑客扫描您的机器是很常见的。
Your assumption that "the public ip of the server is known only to another server" simply isn't true.您假设“服务器的公共 ip 只有另一台服务器知道”根本不正确。 If you want to achieve that, you should place your server inside a private VPC su.net and/or allow the traffic only from the specific server via Security Group configuration.如果你想实现这一点,你应该将你的服务器放在私有 VPC su.net 中和/或通过安全组配置仅允许来自特定服务器的流量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.