一次觀察NETGEAR的log引起的小排查

一直從51CTO獲取各種能量，幾年前也暗暗下決心要寫些有用的出來分享給大家。後來一直各種原因未能如願，今天就先分享一個小case，只是記錄一下這個事情，如果這個小case可以幫助到一些人也是很好的 : )

首先說結論：

優酷客戶端，即使沒有人觀看，還是會和外界通信上傳分享帶寬。馬上改設置，改成只要點擊關閉優酷客戶端就馬上退出程序(默認是點擊關閉按鈕繼續保持在後臺運行)。

閒着無聊，配置了家裏的NETGEAR的log郵件自動發送。

一次中午休息時間翻看Email，突然發現一系列的不對勁log，因爲這個時間，家裏小孩應該和外婆都睡着了。不應該會有持續的流量訪問記錄。試着追溯了一下，不看不知道，一看嚇一跳，每天的情況都是這樣。log如下：

[Site allowed: pss.alicdn.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:13:24

[Site allowed: gm.mmstat.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:12:38

[LAN access from remote] from180.166.203.34:27842 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:46

[LAN access from remote] from180.168.204.233:44983 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:46

[LAN access from remote] from116.227.132.241:54087 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:36

[LAN access from remote] from182.141.198.193:13795 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:35

[LAN access from remote] from101.81.29.75:53954 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26

[LAN access from remote] from182.141.198.193:13777 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26

[LAN access from remote] from182.141.198.193:14396 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:26

[LAN access from remote] from180.166.203.34:5217 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:16

[LAN access from remote] from180.168.204.233:44963 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:16

[LAN access from remote] from116.227.132.241:53702 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:11:06

[LAN access from remote] from 101.81.29.75:53790to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:56

[LAN access from remote] from180.175.6.58:52103 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:56

[LAN access from remote] from180.166.203.34:45697 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:46

[LAN access from remote] from180.168.204.233:44952 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:46

[LAN access from remote] from117.42.108.159:4466 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:42

[LAN access from remote] from117.42.108.159:51342 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:42

[LAN access from remote] from124.79.39.187:49701 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36

[LAN access from remote] from116.227.132.241:53421 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36

[LAN access from remote] from180.175.212.180:54779 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:36

[LAN access from remote] from124.236.156.4:10585 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:31

[LAN access from remote] from101.81.29.75:53673 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:10:26

[LAN access from remote] from47.93.39.123:42742 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:08

[LAN access from remote] from47.93.39.123:10001 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:08

[LAN access from remote] from 47.93.32.48:10002to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:02

[LAN access from remote] from47.93.32.48:57248 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:09:02

[LAN access from remote] from47.93.37.222:58968 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:56

[LAN access from remote] from47.93.37.222:10001 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:56

[Site allowed: 47.92.21.16] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:54

[LAN access from remote] from47.93.36.75:56338 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:50

[LAN access from remote] from123.56.3.233:10002 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:44

[LAN access from remote] from123.56.3.233:58070 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:44

[Site allowed: pis.alicdn.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:44

[Site allowed: pcs-sdk-server.alibaba.com]from source 10.0.0.6, Tuesday, Oct 31,2017 13:08:29

[Site allowed: filesupload.b0.upaiyun.com]from source 10.0.0.6, Tuesday, Oct 31,2017 13:08:25

[Site allowed: pc.ad-safe.com] from source10.0.0.6, Tuesday, Oct 31,2017 13:08:25

[DHCP IP: (10.0.0.6)] to MAC addressC8:60:00:DE:0B:69, Tuesday, Oct 31,2017 13:08:25

[LAN access from remote] from36.62.91.114:35954 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:20

[LAN access from remote] from36.62.91.114:37431 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:08:20

[LAN access from remote] from114.82.32.214:50969 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:51

[LAN access from remote] from180.137.26.202:4408 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:45

[LAN access from remote] from116.224.135.178:59529 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:41

[LAN access from remote] from61.172.177.131:52028 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:41

[LAN access from remote] from 116.236.133.178:10921to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:40

[LAN access from remote] from180.137.26.202:1931 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:36

[LAN access from remote] from180.137.26.202:4407 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:36

[LAN access from remote] from139.226.64.15:35064 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:31

[LAN access from remote] from116.236.133.178:10920 to 10.0.0.6:4466, Tuesday, Oct 31,2017 13:06:31

已知： 4466是優酷客戶端打通uPNP使用的本地端口。

那麼問題來了，開始提出假設：

1，每天外婆在家裏帶娃，一直都看着電視帶？？？

2，不是外婆看的，那是她們睡覺了以後，有人遠程這臺電腦看的？  樓主這臺路由器配置了MAC准入，手裏也有家裏所有設備的MAC列表，所以可以確認這個MAC是家裏客廳的臺式機的。

開始求證結論：

抱着驗證的想法，回到家，試着故意開着電腦，開着優酷客戶端，但不進行播放視頻。鎖定以後觀察日誌，發現原來是優酷客戶端的原因，即使沒有人觀看，還是會和外界通信上傳分享帶寬。馬上改設置，改成只要點擊關閉優酷客戶端就馬上推出程序(默認是點擊關閉按鈕繼續保持在後臺運行)。問題解決。

Note：

而且優酷這個客戶端還有個噁心的地方，它會阻止這臺電腦進入休眠，樓主配置了10分鐘進入休眠，但是打開這個客戶端的時候，就久久無法進入休眠，當然這個也有可能是樓主的電腦其它的問題導致。但是關閉這個客戶端，休眠時間到了就正常進入休眠。