皮皮
2005-02-01, 04:03 PM
小弟家網站最近常收到此類的連線
tcp 0 0 172.16.1.1:80 211.23.65.227:64884 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4751 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4749 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4747 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4745 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64876 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4743 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4741 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:65378 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64864 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4739 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64614 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64870 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4737 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:65126 SYN_RECV -
.............最少有500個以上!!
是惡意攻擊嗎?
造成公司內部的上網也好慢好慢~~更何況網站~~也是慢的嚇人!!!
有人熟IPTABLES的設定嗎?需要增加哪幾條設定呢?
以下是小弟的設定~~
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 203.86.164.36 anywhere tcp
DROP tcp -- swtp130-10.adsl.seed.net.tw anywhere tcp
DROP tcp -- 202.153.117.2 anywhere tcp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
ACCEPT tcp -- dns.e-muse.com.tw anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 61-71-73-196.adsl.static.giga.net.tw anywhere tcp
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP icmp -- anywhere anywhere icmp echo-request
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
syn-flood tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain syn-flood (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere limit: avg 1/sec burst 4
DROP all -- anywhere
贊助商連結
tcp 0 0 172.16.1.1:80 211.23.65.227:64884 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4751 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4749 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4747 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4745 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64876 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4743 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4741 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:65378 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64864 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4739 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64614 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:64870 SYN_RECV -
tcp 0 0 172.16.1.1:80 61.231.94.233:4737 SYN_RECV -
tcp 0 0 172.16.1.1:80 211.23.65.227:65126 SYN_RECV -
.............最少有500個以上!!
是惡意攻擊嗎?
造成公司內部的上網也好慢好慢~~更何況網站~~也是慢的嚇人!!!
有人熟IPTABLES的設定嗎?需要增加哪幾條設定呢?
以下是小弟的設定~~
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 203.86.164.36 anywhere tcp
DROP tcp -- swtp130-10.adsl.seed.net.tw anywhere tcp
DROP tcp -- 202.153.117.2 anywhere tcp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
ACCEPT tcp -- dns.e-muse.com.tw anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 210-192-XX-XX.adsl.ttn.net anywhere tcp
ACCEPT tcp -- 61-71-73-196.adsl.static.giga.net.tw anywhere tcp
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP icmp -- anywhere anywhere icmp echo-request
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
syn-flood tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain syn-flood (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere limit: avg 1/sec burst 4
DROP all -- anywhere
贊助商連結