|
|
|
|
|
  Re: 服务器受到攻击,请帮忙 - onfire [ 2006-07-11 08:48 | 194 byte(s)]
|
|
|
|
[Original]
[Print]
[Top]
|
用来上网的,这几天受到攻击,我用iptraf看了下,有几十万个连接,并且是来自不同的IP地址,该怎么防御呢?请各位大虾帮帮忙,万分感谢
这是iptraf抓到的:
IPTraf
┌ TCP Connections (Source Host:Port) ──────────────────── Packets ────── Bytes Flags ── Iface ──┐
│┌61.185.208.202:2561 = 0 0 ---- eth0 │
│└245.125.16.125:5794 > 1 46 ---- eth0 │
│┌249.162.186.26:17772 > 1 46 ---- eth0 │
│└61.185.208.202:10222 = 0 0 ---- eth0 │
│┌219.68.24.132:17396 > 3 315 -PA- eth0 │
│└61.185.208.202:3640 > 3 120 --A- eth0 │
│┌61.185.208.202:4230 > 43 1978 --A- eth0 │
│└125.42.157.100:20000 > 59 41508 --A- eth0 │
│┌61.228.76.28:34532 = 1 48 S--- eth0 │
│└61.185.208.202:24418 = 0 0 ---- eth0 │
│┌245.127.162.102:61499 > 1 46 ---- eth0 │
│└61.185.208.202:163 = 0 0 ---- eth0 │
│┌250.170.229.18:35621 > 1 46 ---- eth0 │
│└61.185.208.202:55924 = 0 0 ---- eth0 │
│┌61.185.208.202:13165 = 0 0 ---- eth0 │
│└252.21.8.101:33854 > 1 46 ---- eth0 │
│┌252.129.231.87:28350 > 1 46 ---- eth0 │
│└61.185.208.202:29126 = 0 0 ---- eth0 │
└ TCP: 43658 entries ────────────────────────────────────────────────────────────────── Active ─┘
┌────────────────────────────────────────────────────────────────────────────────────────────────┐
│ UDP (60 bytes) from 61.185.208.202:1049 to 61.134.1.4:53 on eth0 │
│ UDP (129 bytes) from 61.185.208.202:24418 to 219.81.230.97:21863 on eth0 │
│ UDP (129 bytes) from 61.185.208.202:24418 to 61.231.187.247:23831 on eth0 │
│ UDP (90 bytes) from 61.185.208.202:24418 to 201.3.15.10:16786 on eth0 │
│ UDP (92 bytes) from 61.185.208.202:24418 to 218.162.210.7:29614 on eth0 │
│ UDP (92 bytes) from 61.185.208.202:24418 to 218.89.140.179:28718 on eth0 │
│ UDP (92 bytes) from 61.185.208.202:1043 to 218.79.232.219:31913 on eth0 │
│ UDP (60 bytes) from 61.185.208.202:1049 to 61.134.1.4:53 on eth0 │
│ UDP (92 bytes) from 61.183.94.195:22526 to 61.185.208.202:24418 on eth0 │
└ Bottom ────── Elapsed time: 0:02 ────────────────────────────────────────────────────────────┘
Pkts captured (all interfaces): 87854 │ TCP flow rate: 0.00 kbits/s
Up/Dn/PgUp/PgDn-scroll M-more TCP info W-chg actv win S-sort TCP X-exit
大多是IAAN保留的IP地址,该怎么办啊?
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
先把那些保留地址DROP掉再说吧,因为那是没有分配的地址,很可能是伪造的源地址。
iptables -t filter -I INPUT 1 -p tcp -s $E_CLASS_IP -j DROP
其中$E_CLASS_IP代表您要DROP的E类地址。
|
|
|
[Original]
[Print]
[Top]
|
|
|
声明: 本页内容为中国Linux论坛的内容镜像,文章的版权以及其他所有的相关权利属于中国Linux论坛和相应文章的作者,如果转载,请注明文章来源及相关版权信息。