ospace
发表于 2005-4-20 16:55:19
RouterOS 受到攻击,但上网正常.带200台电脑(压力测试)
madlife
发表于 2005-4-20 17:02:33
1G内存?3G CPU??楼主,能不能共享一下你的防火设置?
smile787
发表于 2005-4-20 17:28:06
攻击是在意念中进行的?
ospace
发表于 2005-4-20 17:41:06
add dst-address=:25 protocol=tcp action=drop comment="" disabled=no add dst-address=:69 protocol=udp action=drop comment="" disabled=no add dst-address=:113 protocol=tcp action=drop comment="" disabled=no add dst-address=:113 protocol=udp action=drop comment="" disabled=no add dst-address=:123 protocol=udp action=drop comment="" disabled=no add dst-address=:134-139 protocol=tcp action=drop comment="" disabled=no add dst-address=:134-139 protocol=udp action=drop comment="" disabled=no add dst-address=:161-162 protocol=tcp action=drop comment="" disabled=no add dst-address=:161-162 protocol=udp action=drop comment="" disabled=no add dst-address=:445 protocol=tcp action=drop comment="" disabled=no add dst-address=:445 protocol=udp action=drop comment="" disabled=no add dst-address=:500 protocol=tcp action=drop comment="" disabled=no add dst-address=:500 protocol=udp action=drop comment="" disabled=no add dst-address=:1080 protocol=tcp action=drop comment="" disabled=no add dst-address=:1092 protocol=tcp action=drop comment="" disabled=no add dst-address=:1363-1364 protocol=tcp action=drop comment="" disabled=no add dst-address=:1368 protocol=tcp action=drop comment="" disabled=no add dst-address=:1373 protocol=tcp action=drop comment="" disabled=no add dst-address=:1433-1434 protocol=tcp action=drop comment="" disabled=no add dst-address=:1524 protocol=tcp action=drop comment="" disabled=no add dst-address=:2535 protocol=tcp action=drop comment="" disabled=no add dst-address=:2745 protocol=tcp action=drop comment="" disabled=no add dst-address=:2745 protocol=udp action=drop comment="" disabled=no add dst-address=:2283 protocol=tcp action=drop comment="" disabled=no add dst-address=:3127-3128 protocol=tcp action=drop comment="" disabled=no add dst-address=:3150 protocol=tcp action=drop comment="" disabled=no add dst-address=:3306 protocol=tcp action=drop comment="" disabled=no add dst-address=:3306 protocol=udp action=drop comment="" disabled=no add dst-address=:3389 protocol=tcp action=drop comment="" disabled=no add dst-address=:3389 protocol=udp action=drop comment="" disabled=no add dst-address=:3410 protocol=tcp action=drop comment="" disabled=no add dst-address=:3801 protocol=udp action=drop comment="" disabled=no add dst-address=:4444 protocol=tcp action=drop comment="" disabled=no add dst-address=:4444 protocol=udp action=drop comment="" disabled=no add dst-address=:5000 protocol=tcp action=drop comment="" disabled=no add dst-address=:5000 protocol=udp action=drop comment="" disabled=no add dst-address=:5354 protocol=tcp action=drop comment="" disabled=no add dst-address=:5354 protocol=udp action=drop comment="" disabled=no add dst-address=:5554 protocol=tcp action=drop comment="" disabled=no add dst-address=:5800 protocol=tcp action=drop comment="" disabled=no add dst-address=:5800 protocol=udp action=drop comment="" disabled=no add dst-address=:5900 protocol=tcp action=drop comment="" disabled=no add dst-address=:5900 protocol=udp action=drop comment="" disabled=no add dst-address=:6267 protocol=tcp action=drop comment="" disabled=no add dst-address=:7306-7308 protocol=tcp action=drop comment="" disabled=no add dst-address=:7306-7308 protocol=udp action=drop comment="" disabled=no add dst-address=:7511 protocol=tcp action=drop comment="" disabled=no add dst-address=:7511 protocol=udp action=drop comment="" disabled=no add dst-address=:7626 protocol=tcp action=drop comment="" disabled=no add dst-address=:8225 protocol=tcp action=drop comment="" disabled=no add dst-address=:8225 protocol=udp action=drop comment="" disabled=no add dst-address=:8866 protocol=tcp action=drop comment="" disabled=no add dst-address=:9898 protocol=tcp action=drop comment="" disabled=no add dst-address=:10000 protocol=tcp action=drop comment="" disabled=no add dst-address=:10000 protocol=udp action=drop comment="" disabled=no add dst-address=:10080 protocol=tcp action=drop comment="" disabled=no add dst-address=:12345-12346 protocol=tcp action=drop comment="" disabled=no add dst-address=:12345-12346 protocol=udp action=drop comment="" disabled=no add dst-address=:17027 protocol=tcp action=drop comment="" disabled=no add dst-address=:17027 protocol=udp action=drop comment="" disabled=no add dst-address=:17300 protocol=tcp action=drop comment="" disabled=no add dst-address=:27374 protocol=tcp action=drop comment="" disabled=no add dst-address=:27374 protocol=udp action=drop comment="" disabled=no add dst-address=:20168 protocol=tcp action=drop comment="" disabled=no add dst-address=:20168 protocol=udp action=drop comment="" disabled=no add dst-address=:23444 protocol=tcp action=drop comment="" disabled=no add dst-address=:23444 protocol=udp action=drop comment="" disabled=no add dst-address=:30100 protocol=tcp action=drop comment="" disabled=no add dst-address=:31337-31338 protocol=tcp action=drop comment="" disabled=no add dst-address=:31337-31338 protocol=udp action=drop comment="" disabled=no add dst-address=:31789-31790 protocol=tcp action=drop comment="" disabled=no add dst-address=:31789-31790 protocol=udp action=drop comment="" disabled=no add dst-address=:34555 protocol=tcp action=drop comment="" disabled=no add dst-address=:35555 protocol=tcp action=drop comment="" disabled=no add dst-address=:39213 protocol=tcp action=drop comment="" disabled=no add dst-address=:39213 protocol=udp action=drop comment="" disabled=no add dst-address=:45576 protocol=tcp action=drop comment="" disabled=no add dst-address=:45576 protocol=udp action=drop comment="" disabled=no add dst-address=:65506 protocol=tcp action=drop comment="" disabled=no add dst-address=:23 protocol=tcp action=drop comment="" disabled=no
75122889
发表于 2005-4-21 17:03:27
CPU1g内存256能不能把网卡型号说说楼主的防火墙是怎么弄的``能不能全部发出来?
lq-ww
发表于 2005-4-22 00:25:18
ddos?
hzkane
发表于 2005-4-22 01:30:18
最好先看看log。别动不动就说是被人攻击了。。。
bow
发表于 2005-4-22 09:11:32
66030 p/s像是被人攻击了.正常不会有这么高的接受包
anoy
发表于 2005-4-22 13:14:24
楼主这是什么防火墙设置啊这是设置到那个chain上的
neverseen
发表于 2005-4-22 15:30:00
QUOTE (anoy @ Apr 22 2005, 01:14 PM)
楼主这是什么防火墙设置啊这是设置到那个chain上的
我也想知道啊是加在/ ip firewall rule input 里还是加在/ ip firewall rule forward 啊知道的大哥指点一下啦 谢谢了
ospace
发表于 2005-4-23 09:55:01
http://www.routerclub.com/ipb/index.php?showtopic=6802
neverseen
发表于 2005-4-24 01:00:26
我在INPUT里发现OS阻断了大量的包啊端口都是135-139啊有TCP,也有UDP啊还有TCP的1433-1434端口请教一下,怎么分辨这是从外面的ISP传进来的还是我内部的机器中了毒啊?我把src.address调成了192。168。0。0/24135-139端口的TCP包就没了,但UDP包还有啊我怀疑是2000的中了冲击波,就把2台2000的服务器都关了但计算还在不断增加,哎,其它的全是98系统啊,为什么还有这种包?哎,网太慢了,把135-139 的UDP端口打开,网速好了很多怎么办啊?难道防毒要付出这么大的性能损失吗?
ht11
发表于 2005-4-24 04:33:00
楼上的限速做了没?多少台客户机?什么版本的OS?最近出现的情况?
neverseen
发表于 2005-4-24 09:56:47
QUOTE (ht11 @ Apr 24 2005, 04:33 AM)
楼上的限速做了没?多少台客户机?什么版本的OS?最近出现的情况?
8.22的G版,10M电信光纤PPPOE拨号方式,带80台机器,每台机器限速,上传384kb,下载512kb一起限的线程使用数,每台机器15个线程,不开防火速度不错,开了就慢防火墙是照这位大哥的贴子配置的,跟楼主的也是一样http://www.routerclub.com/ipb/index.php?showtopic=6802 而且我在打开了以后把没有流量的那些被封的端口规则都暂时屏了所以其实也就是很少的几条而已(8条)我的机器是1。7G的AMDXP,256M,10G盘,开了DNS缓存,没开WEB缓存I559的内网,RELTEAK的8139的外网,CPU的占用率也低,一般只有1%,什么都开了最高也就11%由于现在客户机还没打开下载,所以流量一般是上传几百Kb,下载1Mb左右我想把下载打开,才做的限速,限连接,然后做的防毒
madlife
发表于 2005-4-25 14:42:48
我的机器是1。7G的AMDXP,256M,10G盘,开了DNS缓存,没开WEB缓存I559的内网,RELTEAK的8139的外网,开了DNS缓存,怎么开的??