文章描述了作者注意到防火墙日志中存在来自私有IP范围(如10.0.0.0/8和192.168.0.0/24)的自动化扫描攻击其WAN接口的情况。攻击通常针对常见端口如445(SMB),且扫描行为呈现规律性。作者质疑为何私有IP能够到达其公共WAN接口,并推测攻击者可能试图通过这种方式绕过防火墙。 2025-10-4 22:50:55 Author: www.reddit.com(查看原文) 阅读量:40 收藏
I have noticed in my firewall logs some blocks on the WAN interface using a public IP address from various private IP ranges from the 10.0.0.0/8 or 192.168.0.0/24 subnets, typically hitting common known ports but typically port 445 (SMB) but other well known ports as well. The scans happen at various hours and judging from that the private IP will hit my WAN IP with a few different ports then disappear I assume these are all automated scans.
My questions are 1. I was always under the impression that private IPs are non-routable but some how they are hitting my internet facing interface with a public IP, how is someone able to do this? 2. What is the purpose of using those IPs to try and connect to my WAN IP, I am guessing in some attempt to bypass my firewall?
如有侵权请联系:admin#unsafe.sh