交流 › RouterOS › 网吧路由被攻击瘫痪前的日志，请高手帮忙解说一下

dx53133 发表于 2009-4-2 17:38:36

网吧路由被攻击瘫痪前的日志，请高手帮忙解说一下

firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:58081->192.168.1.248:58080, len 55 in 31-Mar 17:44:43.68 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:58081->192.168.1.248:58080, len 32 in 31-Mar 17:44:43.68 from 192.168.1.254
firewall,info forward: in:lan out:wan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:1065->202.96.134.133:53, len 61 in 31-Mar 17:44:44.23 from 192.168.1.254
firewall,info forward: in:lan out:wan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:1065->202.96.154.8:53, len 61 in 31-Mar 17:44:44.23 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:58081->192.168.1.248:58080, len 39 in 31-Mar 17:44:44.68 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:58081->192.168.1.248:58080, len 55 in 31-Mar 17:44:44.68 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto UDP, 192.169.1.202:58081->192.168.1.248:58080, len 32 in 31-Mar 17:44:44.68 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto TCP (SYN), 192.169.1.202:1066->192.168.1.251:9090, len 64 in 31-Mar 17:44:45.26 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto TCP (SYN), 192.169.1.202:1060->192.168.1.249:3260, len 64 in 31-Mar 17:44:45.26 from 192.168.1.254
firewall,info forward: in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto TCP (SYN), 192.169.1.202:1061->192.168.1.252:80, len 64 in 31-Mar 17:44:45.60 from 192.168.1.254

acaiplus 发表于 2009-4-4 19:41:20

被内网UDP了

coldfire520 发表于 2009-4-9 00:58:14

网络风暴吧。。。虽然不懂

gxhacker 发表于 2009-4-9 18:20:17

不是网络风暴

guairenqiutian 发表于 2009-4-9 23:23:30

254的机器狂攻击你的路由呵呵

nprotect2008 发表于 2009-5-20 00:07:49

in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto TCP (SYN)

这不是已经告诉你了么

攻击来自内部网络(Lan to Lan)
SRC-MAC:源来自00:21:27:ad:52:7e这个MAC地址
攻击方式可以确定为TCP(SYN:洪水)

IP/ARP绑定就可以解决了.

phenix3344 发表于 2009-5-21 01:13:55

in:lan out:lan, src-mac 00:21:27:ad:52:7e, proto TCP (SYN)

这不是已经告诉你了么

攻击来自内部网络(Lan to Lan)
SRC-MAC:源来自00:21:27:ad:52:7e这个MAC地址
攻击方式可以确定为TCP(SYN:洪水)

IP/ ...
nprotect2008 发表于 2009-5-20 00:07 http://bbs.routerclub.com/images/common/back.gif


绑定是无法解决洪水类攻击问题的

zefa 发表于 2009-5-21 11:54:54

攻击方式可以确定为TCP(SYN:洪水)

ycfei 发表于 2009-5-28 16:02:50

00:21:27:ad:52:7e就只有这个MAC攻击你。

查看完整版本: 网吧路由被攻击瘫痪前的日志，请高手帮忙解说一下