dajun
发表于 2005-1-16 02:35:53
我用局域网的一台LINUX客户机PING RouteOS路由的结果如下:(注:192.168.0.211是网关)# ping 192.168.0.211PING 192.168.0.211 (192.168.0.211) 56(84) bytes of data.From 192.168.0.5: icmp_seq=1 Redirect Host(New nexthop: 192.168.0.211)64 bytes from 192.168.0.211: icmp_seq=1 ttl=63 time=0.505 msFrom 192.168.0.5: icmp_seq=2 Redirect Host(New nexthop: 192.168.0.211)64 bytes from 192.168.0.211: icmp_seq=2 ttl=63 time=0.488 msFrom 192.168.0.5: icmp_seq=3 Redirect Host(New nexthop: 192.168.0.211)64 bytes from 192.168.0.211: icmp_seq=3 ttl=63 time=0.534 msFrom 192.168.0.5: icmp_seq=4 Redirect Host(New nexthop: 192.168.0.211)64 bytes from 192.168.0.211: icmp_seq=4 ttl=63 time=0.607 msFrom 192.168.0.5: icmp_seq=5 Redirect Host(New nexthop: 192.168.0.211)64 bytes from 192.168.0.211: icmp_seq=5 ttl=63 time=0.497 ms--- 192.168.0.211 ping statistics ---9 packets transmitted, 9 received, 0% packet loss, time 7996msrtt min/avg/max/mdev = 0.488/0.551/0.682/0.078 ms(注:路由器的IP与MAC已经绑定,路由器内部网卡已设置arp=reply-only)现在的状况是,过十几分钟一掉线。而且掉线的时间仅十几秒又能自动连接上。我用RouteOS两个月以来还是第一次出现这种情况。我怀疑是病毒在作怪;因为上面的TTL=63明显不对,ping值是从192.168.0.5这台机器上回应的。我找到192.168.0.5那台机器。然后把它关机,这时下面的所有客户机都同时掉线。大约30秒钟后ping 192.168.0.211 恢复正常TTL=64用tracert192.168.0.211进行跟踪路由时中间经过192.168.0.5这台机器。就算是arp欺骗造成的。那么192.168.0.5这台客户机怎么还有数据转发功能呢?不明白啊?大家能帮我分析一下吗?有什么可行的办法能够防止这种情况的再次发生呢?希望大家提出自己一些见解和看法,谢谢!!
jk0wg
发表于 2005-1-16 02:42:35
这样的情况不太清楚..帮你顶~~~
页:
[1]