交流 › Linux、BSD、Unix › m0n0被人攻击。。请求帮助!

xiong1810 发表于 2005-12-6 22:09:42

m0n0被人攻击。。请求帮助!

日志如下：
Last 50 firewall log entries
Act Time If Source Destination Proto
14:03:06.847063 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.847070 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.847076 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
4 14:03:06.847082 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
3 14:03:06.848043 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.848056 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
14:03:06.848063 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.848075 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.848082 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.848090 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.848096 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.848102 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
2 14:03:06.848110 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.849043 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.849051 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.849058 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.849065 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
14:03:06.849076 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.849083 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.849091 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
2 14:03:06.849096 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.849106 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
2 14:03:06.849112 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.850044 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
14:03:06.850052 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.850060 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
2 14:03:06.850066 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
2 14:03:06.850080 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
14:03:06.850088 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
2 14:03:06.850094 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.851044 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
2 14:03:06.851054 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.851062 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.851068 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.851080 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.851085 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
14:03:06.851091 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.851098 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
3 14:03:06.851105 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
2 14:03:06.852042 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.852053 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
2 14:03:06.852061 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
14:03:06.852075 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
14:03:06.852081 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
14:03:06.852088 WAN 219.234.226.131, port 1120 218.75.84.102, port 80 UDP
14:03:06.852094 WAN 211.138.113.118, port 3463 218.75.84.102, port 80 UDP
3 14:03:06.852100 WAN 211.138.113.118, port 3469 218.75.84.102, port 80 UDP
14:03:06.853044 WAN 211.138.113.118, port 3474 218.75.84.102, port 80 UDP
15 14:03:06.853053 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP
3 14:03:06.856048 WAN 211.161.160.36, port 3637 218.75.84.102, port 80 UDP

夕夜如风 发表于 2005-12-6 23:40:06

攻击的IP还是比较集中的，查一下对方是哪里的IP

大不了以暴亦暴吧

wuxj 发表于 2005-12-8 13:53:08

不用在意，看谁的带宽和机器好了。随他来吧。

xiong1810 发表于 2005-12-8 13:57:05

攻击我的时候，我也经掉线了！

anfeny 发表于 2005-12-8 18:55:37

在WAN上把那几个IP ，DROUP掉

wuxj 发表于 2005-12-9 16:43:42

DROUP掉没用的，有记录就是已经被DROUP掉了。
换个好点的网卡可能会有点帮助。

xiong1810 发表于 2005-12-11 10:46:24

今天又被ddos了，外网流量96m左右，在wan上封了攻击方的ip一样没用！

xiong1810 发表于 2005-12-11 12:25:10

04:20:17.904598 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
8 04:20:17.904617 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.905592 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.905612 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.905626 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
9 04:20:17.906586 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
9 04:20:17.907611 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
2 04:20:17.909615 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.909637 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.909653 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
2 04:20:17.909666 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.910583 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.910598 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
7 04:20:17.910635 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.911592 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.911610 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
9 04:20:17.912583 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
9 04:20:17.913604 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
7 04:20:17.915592 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.916642 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.916656 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.916669 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
04:20:17.916689 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP
9 04:20:17.917582 WAN 220.167.166.74, port 4661 218.75.84.102, port 80 UDP

anfeny 发表于 2005-12-11 19:25:29

换个WAN IP先顶一下
向电信的反映反映

wuxj 发表于 2005-12-13 18:14:10

原帖由 xiong1810 于 2005-12-11 10:46 发表
今天又被ddos了，外网流量96m左右，在wan上封了攻击方的ip一样没用！
你确定？一般来说 DDOS都是碎片包、非法包，不会有这么大的流量，反倒是cpu、内存会很高，你这样的流量，检查一下木马或是P2P之类才对。

Helvin 发表于 2006-2-8 11:12:50

关闭UDP 80

sysctl
net.inet.tcp.blackhole: 2
net.inet.udp.blackhole: 1
net.inet.tcp.msl=7500

xiong1810 发表于 2006-2-8 13:25:11

谢谢,先收下备用!
另外请教一下关闭udp 80端口是在规则里封,还是用命今?

[ 本帖最后由 xiong1810 于 2006-2-8 13:31 编辑 ]

fysfxy 发表于 2007-5-3 13:36:08

原帖由 wuxj 于 2005-12-13 18:14 发表 http://bbs.routerclub.com/images/common/back.gif

你确定？一般来说 DDOS都是碎片包、非法包，不会有这么大的流量，反倒是cpu、内存会很高，你这样的流量，检查一下木马或是P2P之类才对。

我也天天被别人攻击，但从来没有外网 96M的时候。估计你是看花眼了。哈。。。

漫步彩云端 发表于 2007-5-4 14:21:46

ddos 我绝的也不应该 有这么大的流量啊 应该是你看错了 或者 有 bt 在

fysfxy 发表于 2007-5-14 01:28:19

一般很少有外网攻击的，除非你跟别人有过节。

查看完整版本: m0n0被人攻击。。请求帮助!