V2EX = way to explore V2EX 是一个关于分享和探索的地方
Sign Up Now For Existing Member Sign In
This topic created in 4302 days ago, the information mentioned may be changed or developed.
tcpdump显示众多源ip,而且来自不同地方,24小时不间断的刷啊
……
22:59:53.757199 IP 111.8.62.3.8038 > my_server_name.webcache: R 1002659497:1002659497(0) ack 1 win 0
22:59:53.758036 IP 110.205.143.219.broad.bj.bj.dynamic.163data.com.cn.5029 > my_server_name.webcache: S 2851863028:2851863028(0) win 1480
22:59:53.774206 IP 130.76.181.60.broad.wz.zj.dynamic.163data.com.cn.36426 > my_server_name.webcache: S 2831028411:2831028411(0) win 1480
22:59:53.776075 IP 123.139.209.184.30137 > my_server_name.webcache: S 4017635361:4017635361(0) win 1480
22:59:53.776839 IP 121.34.221.119.9908 > my_server_name.webcache: S 837044024:837044024(0) win 1480
22:59:53.781730 IP 144.0.193.26.27286 > my_server_name.webcache: R 2655450285:2655450285(0) ack 1 win 0
22:59:53.783780 IP 221.234.18.213.18438 > my_server_name.webcache: S 3902858610:3902858610(0) win 1480
22:59:53.783793 IP 221.234.18.213.18438 > my_server_name.webcache: S 3902858610:3902858610(0) win 1480
22:59:53.789409 IP 206.82.184.183.adsl-pool.sx.cn.8488 > my_server_name.webcache: S 13292673:13292673(0) win 1480
22:59:53.803736 IP 166.105.183.60.broad.sx.zj.dynamic.163data.com.cn.59965 > my_server_name.webcache: R 2434986321:2434986321(0) ack 1 win 0
22:59:53.817055 IP 14.154.201.202.dxmessagebase2 > my_server_name.webcache: S 2422988313:2422988313(0) win 1480
22:59:53.817658 IP 180.115.186.7.39709 > my_server_name.webcache: R 3067036612:3067036612(0) ack 1 win 0
22:59:53.818075 IP 153.37.55.209.57890 > my_server_name.webcache: S 2647351680:2647351680(0) win 1480
22:59:53.818087 IP 153.37.55.209.57890 > my_server_name.webcache: S 2647351680:2647351680(0) win 1480
22:59:53.824919 IP 144.0.193.26.27385 > my_server_name.webcache: S 1679616443:1679616443(0) win 1480
22:59:53.824932 IP 144.0.193.26.27385 > my_server_name.webcache: S 1679616443:1679616443(0) win 1480
22:59:53.832040 IP 27.185.89.240.8278 > my_server_name.webcache: S 2250297298:2250297298(0) win 1480
22:59:53.842221 IP 175.169.242.165.51397 > my_server_name.webcache: R 966327137:966327137(0) ack 1 win 0
22:59:53.858841 IP 58.217.15.160.9770 > my_server_name.webcache: R 3874420565:3874420565(0) ack 1 win 0
22:59:53.863049 IP 119.39.100.149.20802 > my_server_name.webcache: R 1758236370:1758236370(0) ack 1 win 0
22:59:53.898999 IP 115.239.101.28.33431 > my_server_name.webcache: S 1548454999:1548454999(0) win 1480
22:59:53.902565 IP 125.110.164.254.9133 > my_server_name.webcache: S 3853615462:3853615462(0) win 1480
22:59:53.902580 IP 49.74.31.167.8254 > my_server_name.webcache: S 1346836169:1346836169(0) win 1480
22:59:53.911242 IP 27.224.112.168.bmc-messaging > my_server_name.webcache: S 297943441:297943441(0) win 1480
22:59:53.929590 IP dns112.online.tj.cn.32535 > my_server_name.webcache: S 2075983090:2075983090(0) win 1480
22:59:53.935222 IP 16.71.65.222.broad.xw.sh.dynamic.163data.com.cn.8449 > my_server_name.webcache: S 2913705709:2913705709(0) win 1480
22:59:53.946193 IP 222.45.49.113.8390 > my_server_name.webcache: S 3781919088:3781919088(0) win 1480
22:59:53.947681 IP 66.207.116.112.broad.km.yn.dynamic.163data.com.cn.33159 > my_serer_name.webcache: S 2209899657:2209899657(0) win 1480
22:59:53.976692 IP 14.218.21.6.9852 > my_server_name.webcache: S 3023885051:3023885051(0) win 1480
22:59:53.981722 IP 221.0.170.122.14864 > my_server_name.webcache: S 3007029936:3007029936(0) win 1480
22:59:53.985180 IP 110.255.103.153.28030 > my_server_name.webcache: S 2555479591:2555479591(0) win 1480
22:59:53.986831 IP 183.159.3.34.8346 > my_server_name.webcache: R 2380657566:2380657566(0) ack 1 win 0
22:59:53.994203 IP 118.117.57.14.cp-cluster > my_server_name.webcache: S 3081085765:3081085765(0) win 1480
22:59:54.011245 IP 113.90.202.185.4836 > my_server_name.webcache: S 776337793:776337793(0) win 1480
22:59:54.013997 IP 49.118.57.184.8258 > my_server_name.webcache: S 1156547442:1156547442(0) win 1480
22:59:54.014009 IP 221.215.151.250.44029 > my_server_name.webcache: S 3109020875:3109020875(0) win 1480
22:59:54.022167 IP 111.197.58.220.9137 > my_server_name.webcache: S 3907009925:3907009925(0) win 1480
22:59:54.022184 IP 111.197.58.220.9137 > my_server_name.webcache: S 3907009925:3907009925(0) win 1480
22:59:54.022900 IP 61.185.143.28.8284 > my_server_name.webcache: R 1173062330:1173062330(0) ack 1 win 0
22:59:54.028399 IP 136.252.36.120.broad.xm.fj.dynamic.163data.com.cn.simco > my_server_name.webcache: S 1312027176:1312027176(0) win 1480
22:59:54.034943 IP 61.185.143.28.8392 > my_server_name.webcache: S 1614871623:1614871623(0) win 1480
22:59:54.034955 IP 61.185.143.28.8392 > my_server_name.webcache: S 1614871623:1614871623(0) win 1480
22:59:54.035394 IP hn.ly.kd.adsl.8111 > my_server_name.webcache: S 1001433483:1001433483(0) win 1480
22:59:54.039576 IP 132.197.224.121.broad.wx.js.dynamic.163data.com.cn.10336 > my_server_name.webcache: S 1342978446:1342978446(0) win 1480
22:59:54.046402 IP 106.7.171.189.pxc-spvr-ft > my_server_name.webcache: S 1452239929:1452239929(0) win 1480
22:59:54.052456 IP 113.13.235.78.10169 > my_server_name.webcache: S 2948772484:2948772484(0) win 1480
22:59:54.057786 IP 221.214.165.207.28021 > my_server_name.webcache: S 4175701552:4175701552(0) win 1480
22:59:54.057799 IP 221.214.165.207.28021 > my_server_name.webcache: S 4175701552:4175701552(0) win 1480
22:59:54.059363 IP 75.86.249.116.broad.km.yn.dynamic.163data.com.cn.51418 > my_server_name.webcache: S 3740281310:3740281310(0) win 1480
22:59:54.062078 IP 72.75.224.121.broad.sz.js.dynamic.163data.com.cn.7210 > my_server_name.webcache: S 4248304216:4248304216(0) win 1480
22:59:54.069013 IP 112.236.115.118.9566 > my_server_name.webcache: S 2405441829:2405441829(0) win 1480
22:59:54.074719 IP 118.244.255.191.netsupport > my_server_name.webcache: R 3061295251:3061295251(0) ack 1 win 0
22:59:54.079061 IP 221.234.18.213.18438 > my_server_name.webcache: S 3902858610:3902858610(0) win 1480
22:59:54.079764 IP 49.118.233.13.42780 > my_server_name.webcache: S 284912091:284912091(0) win 1480
22:59:54.095316 IP 60.208.145.149.10256 > my_server_name.webcache: S 4047045660:4047045660(0) win 1480
22:59:54.095963 IP 243.182.186.220.broad.wz.zj.dynamic.163data.com.cn.9967 > my_server_name.webcache: S 537343209:537343209(0) win 1480
22:59:54.102875 IP 60.208.145.149.10256 > my_server_name.webcache: S 4047045660:4047045660(0) win 1480
22:59:54.102888 IP 222.85.82.172.25527 > my_server_name.webcache: S 3426084465:3426084465(0) win 1480
22:59:54.105697 IP 183.4.78.98.13468 > my_server_name.webcache: S 2301594782:2301594782(0) win 1480
22:59:54.107782 IP 183.4.78.98.13468 > my_server_name.webcache: S 2301594782:2301594782(0) win 1480
22:59:54.107796 IP 223.245.221.200.7679 > my_server_name.webcache: S 2689566425:2689566425(0) win 1480
22:59:54.108961 IP 183.37.240.190.gdp-port > my_server_name.webcache: S 4051266830:4051266830(0) win 1480
22:59:54.117948 IP 203.40.160.220.broad.fz.fj.dynamic.163data.com.cn.10441 > my_server_name.webcache: R 578534989:578534989(0) ack 1 win 0
22:59:54.124967 IP 125.80.164.76.25311 > my_server_name.webcache: S 451547197:451547197(0) win 1480
22:59:54.135321 IP 4.196.161.222.adsl-pool.jlccptt.net.cn.10157 > my_server_name.webcache: S 4105966441:4105966441(0) win 1480
22:59:54.146985 IP 1.30.208.122.10451 > my_server_name.webcache: S 1245850958:1245850958(0) win 1480
22:59:54.156400 IP 213.81.23.175.adsl-pool.jlccptt.net.cn.9796 > my_server_name.webcache: R 3580832085:3580832085(0) ack 1 win 0
22:59:54.183885 IP 50.136.164.60.dail.ww.gs.dynamic.163data.com.cn.9686 > my_server_name.webcache: S 3016376764:3016376764(0) win 1480
22:59:54.186629 IP 110.18.37.197.10133 > my_server_name.webcache: S 2034068461:2034068461(0) win 1480
22:59:54.196794 IP 110.18.37.197.10133 > my_server_name.webcache: S 2034068461:2034068461(0) win 1480
22:59:54.204207 IP 115.197.77.171.48161 > my_server_name.webcache: S 2814195837:2814195837(0) win 1480
22:59:54.208412 IP 119.127.11.57.43422 > my_server_name.webcache: S 2900665168:2900665168(0) win 1480
22:59:54.217071 IP 213.81.23.175.adsl-pool.jlccptt.net.cn.sctp-tunneling > my_server_name.webcache: S 1115400968:1115400968(0) win 1480
22:59:54.217084 IP 213.81.23.175.adsl-pool.jlccptt.net.cn.sctp-tunneling > my_server_name.webcache: S 1115400968:1115400968(0) win 1480
22:59:54.217496 IP 222.169.69.157.4871 > my_server_name.webcache: S 4075432759:4075432759(0) win 1480
22:59:54.218155 IP 106.123.253.121.35167 > my_server_name.webcache: S 3729309272:3729309272(0) win 1480
22:59:54.219195 IP 60.215.9.53.7635 > my_server_name.webcache: S 424080732:424080732(0) win 1480
22:59:54.227259 IP 113.140.203.200.davsrcs > my_server_name.webcache: R 3002732680:3002732680(0) ack 1 win 0
22:59:54.234954 IP 113.63.193.231.9946 > my_server_name.webcache: R 3908004795:3908004795(0) ack 1 win 0
22:59:54.243492 IP 101.68.10.163.15661 > my_server_name.webcache: F 75140799:75140799(0) ack 1 win 65392
22:59:54.267196 IP 222.188.196.139.56758 > my_server_name.webcache: S 1991756040:1991756040(0) win 1480
22:59:54.268158 IP 115.202.32.23.9255 > my_server_name.webcache: S 89562150:89562150(0) win 1480
22:59:54.268174 IP 115.202.32.23.9255 > my_server_name.webcache: S 89562150:89562150(0) win 1480
22:59:54.273537 IP 124.67.140.33.20199 > my_server_name.webcache: S 500945474:500945474(0) win 1480
22:59:54.276398 IP 14.146.43.25.9707 > my_server_name.webcache: S 160170707:160170707(0) win 1480
22:59:54.279003 IP 14.146.43.25.9707 > my_server_name.webcache: S 160170707:160170707(0) win 1480
22:59:54.280061 IP 183.3.16.119.8064 > my_server_name.webcache: R 2011629550:2011629550(0) ack 1 win 0
22:59:54.296037 IP 113.8.223.196.aironetddp > my_server_name.webcache: S 167678558:167678558(0) win 1480
…….
……
22:59:53.757199 IP 111.8.62.3.8038 > my_server_name.webcache: R 1002659497:1002659497(0) ack 1 win 0
22:59:53.758036 IP 110.205.143.219.broad.bj.bj.dynamic.163data.com.cn.5029 > my_server_name.webcache: S 2851863028:2851863028(0) win 1480
22:59:53.774206 IP 130.76.181.60.broad.wz.zj.dynamic.163data.com.cn.36426 > my_server_name.webcache: S 2831028411:2831028411(0) win 1480
22:59:53.776075 IP 123.139.209.184.30137 > my_server_name.webcache: S 4017635361:4017635361(0) win 1480
22:59:53.776839 IP 121.34.221.119.9908 > my_server_name.webcache: S 837044024:837044024(0) win 1480
22:59:53.781730 IP 144.0.193.26.27286 > my_server_name.webcache: R 2655450285:2655450285(0) ack 1 win 0
22:59:53.783780 IP 221.234.18.213.18438 > my_server_name.webcache: S 3902858610:3902858610(0) win 1480
22:59:53.783793 IP 221.234.18.213.18438 > my_server_name.webcache: S 3902858610:3902858610(0) win 1480
22:59:53.789409 IP 206.82.184.183.adsl-pool.sx.cn.8488 > my_server_name.webcache: S 13292673:13292673(0) win 1480
22:59:53.803736 IP 166.105.183.60.broad.sx.zj.dynamic.163data.com.cn.59965 > my_server_name.webcache: R 2434986321:2434986321(0) ack 1 win 0
22:59:53.817055 IP 14.154.201.202.dxmessagebase2 > my_server_name.webcache: S 2422988313:2422988313(0) win 1480
22:59:53.817658 IP 180.115.186.7.39709 > my_server_name.webcache: R 3067036612:3067036612(0) ack 1 win 0
22:59:53.818075 IP 153.37.55.209.57890 > my_server_name.webcache: S 2647351680:2647351680(0) win 1480
22:59:53.818087 IP 153.37.55.209.57890 > my_server_name.webcache: S 2647351680:2647351680(0) win 1480
22:59:53.824919 IP 144.0.193.26.27385 > my_server_name.webcache: S 1679616443:1679616443(0) win 1480
22:59:53.824932 IP 144.0.193.26.27385 > my_server_name.webcache: S 1679616443:1679616443(0) win 1480
22:59:53.832040 IP 27.185.89.240.8278 > my_server_name.webcache: S 2250297298:2250297298(0) win 1480
22:59:53.842221 IP 175.169.242.165.51397 > my_server_name.webcache: R 966327137:966327137(0) ack 1 win 0
22:59:53.858841 IP 58.217.15.160.9770 > my_server_name.webcache: R 3874420565:3874420565(0) ack 1 win 0
22:59:53.863049 IP 119.39.100.149.20802 > my_server_name.webcache: R 1758236370:1758236370(0) ack 1 win 0
22:59:53.898999 IP 115.239.101.28.33431 > my_server_name.webcache: S 1548454999:1548454999(0) win 1480
22:59:53.902565 IP 125.110.164.254.9133 > my_server_name.webcache: S 3853615462:3853615462(0) win 1480
22:59:53.902580 IP 49.74.31.167.8254 > my_server_name.webcache: S 1346836169:1346836169(0) win 1480
22:59:53.911242 IP 27.224.112.168.bmc-messaging > my_server_name.webcache: S 297943441:297943441(0) win 1480
22:59:53.929590 IP dns112.online.tj.cn.32535 > my_server_name.webcache: S 2075983090:2075983090(0) win 1480
22:59:53.935222 IP 16.71.65.222.broad.xw.sh.dynamic.163data.com.cn.8449 > my_server_name.webcache: S 2913705709:2913705709(0) win 1480
22:59:53.946193 IP 222.45.49.113.8390 > my_server_name.webcache: S 3781919088:3781919088(0) win 1480
22:59:53.947681 IP 66.207.116.112.broad.km.yn.dynamic.163data.com.cn.33159 > my_serer_name.webcache: S 2209899657:2209899657(0) win 1480
22:59:53.976692 IP 14.218.21.6.9852 > my_server_name.webcache: S 3023885051:3023885051(0) win 1480
22:59:53.981722 IP 221.0.170.122.14864 > my_server_name.webcache: S 3007029936:3007029936(0) win 1480
22:59:53.985180 IP 110.255.103.153.28030 > my_server_name.webcache: S 2555479591:2555479591(0) win 1480
22:59:53.986831 IP 183.159.3.34.8346 > my_server_name.webcache: R 2380657566:2380657566(0) ack 1 win 0
22:59:53.994203 IP 118.117.57.14.cp-cluster > my_server_name.webcache: S 3081085765:3081085765(0) win 1480
22:59:54.011245 IP 113.90.202.185.4836 > my_server_name.webcache: S 776337793:776337793(0) win 1480
22:59:54.013997 IP 49.118.57.184.8258 > my_server_name.webcache: S 1156547442:1156547442(0) win 1480
22:59:54.014009 IP 221.215.151.250.44029 > my_server_name.webcache: S 3109020875:3109020875(0) win 1480
22:59:54.022167 IP 111.197.58.220.9137 > my_server_name.webcache: S 3907009925:3907009925(0) win 1480
22:59:54.022184 IP 111.197.58.220.9137 > my_server_name.webcache: S 3907009925:3907009925(0) win 1480
22:59:54.022900 IP 61.185.143.28.8284 > my_server_name.webcache: R 1173062330:1173062330(0) ack 1 win 0
22:59:54.028399 IP 136.252.36.120.broad.xm.fj.dynamic.163data.com.cn.simco > my_server_name.webcache: S 1312027176:1312027176(0) win 1480
22:59:54.034943 IP 61.185.143.28.8392 > my_server_name.webcache: S 1614871623:1614871623(0) win 1480
22:59:54.034955 IP 61.185.143.28.8392 > my_server_name.webcache: S 1614871623:1614871623(0) win 1480
22:59:54.035394 IP hn.ly.kd.adsl.8111 > my_server_name.webcache: S 1001433483:1001433483(0) win 1480
22:59:54.039576 IP 132.197.224.121.broad.wx.js.dynamic.163data.com.cn.10336 > my_server_name.webcache: S 1342978446:1342978446(0) win 1480
22:59:54.046402 IP 106.7.171.189.pxc-spvr-ft > my_server_name.webcache: S 1452239929:1452239929(0) win 1480
22:59:54.052456 IP 113.13.235.78.10169 > my_server_name.webcache: S 2948772484:2948772484(0) win 1480
22:59:54.057786 IP 221.214.165.207.28021 > my_server_name.webcache: S 4175701552:4175701552(0) win 1480
22:59:54.057799 IP 221.214.165.207.28021 > my_server_name.webcache: S 4175701552:4175701552(0) win 1480
22:59:54.059363 IP 75.86.249.116.broad.km.yn.dynamic.163data.com.cn.51418 > my_server_name.webcache: S 3740281310:3740281310(0) win 1480
22:59:54.062078 IP 72.75.224.121.broad.sz.js.dynamic.163data.com.cn.7210 > my_server_name.webcache: S 4248304216:4248304216(0) win 1480
22:59:54.069013 IP 112.236.115.118.9566 > my_server_name.webcache: S 2405441829:2405441829(0) win 1480
22:59:54.074719 IP 118.244.255.191.netsupport > my_server_name.webcache: R 3061295251:3061295251(0) ack 1 win 0
22:59:54.079061 IP 221.234.18.213.18438 > my_server_name.webcache: S 3902858610:3902858610(0) win 1480
22:59:54.079764 IP 49.118.233.13.42780 > my_server_name.webcache: S 284912091:284912091(0) win 1480
22:59:54.095316 IP 60.208.145.149.10256 > my_server_name.webcache: S 4047045660:4047045660(0) win 1480
22:59:54.095963 IP 243.182.186.220.broad.wz.zj.dynamic.163data.com.cn.9967 > my_server_name.webcache: S 537343209:537343209(0) win 1480
22:59:54.102875 IP 60.208.145.149.10256 > my_server_name.webcache: S 4047045660:4047045660(0) win 1480
22:59:54.102888 IP 222.85.82.172.25527 > my_server_name.webcache: S 3426084465:3426084465(0) win 1480
22:59:54.105697 IP 183.4.78.98.13468 > my_server_name.webcache: S 2301594782:2301594782(0) win 1480
22:59:54.107782 IP 183.4.78.98.13468 > my_server_name.webcache: S 2301594782:2301594782(0) win 1480
22:59:54.107796 IP 223.245.221.200.7679 > my_server_name.webcache: S 2689566425:2689566425(0) win 1480
22:59:54.108961 IP 183.37.240.190.gdp-port > my_server_name.webcache: S 4051266830:4051266830(0) win 1480
22:59:54.117948 IP 203.40.160.220.broad.fz.fj.dynamic.163data.com.cn.10441 > my_server_name.webcache: R 578534989:578534989(0) ack 1 win 0
22:59:54.124967 IP 125.80.164.76.25311 > my_server_name.webcache: S 451547197:451547197(0) win 1480
22:59:54.135321 IP 4.196.161.222.adsl-pool.jlccptt.net.cn.10157 > my_server_name.webcache: S 4105966441:4105966441(0) win 1480
22:59:54.146985 IP 1.30.208.122.10451 > my_server_name.webcache: S 1245850958:1245850958(0) win 1480
22:59:54.156400 IP 213.81.23.175.adsl-pool.jlccptt.net.cn.9796 > my_server_name.webcache: R 3580832085:3580832085(0) ack 1 win 0
22:59:54.183885 IP 50.136.164.60.dail.ww.gs.dynamic.163data.com.cn.9686 > my_server_name.webcache: S 3016376764:3016376764(0) win 1480
22:59:54.186629 IP 110.18.37.197.10133 > my_server_name.webcache: S 2034068461:2034068461(0) win 1480
22:59:54.196794 IP 110.18.37.197.10133 > my_server_name.webcache: S 2034068461:2034068461(0) win 1480
22:59:54.204207 IP 115.197.77.171.48161 > my_server_name.webcache: S 2814195837:2814195837(0) win 1480
22:59:54.208412 IP 119.127.11.57.43422 > my_server_name.webcache: S 2900665168:2900665168(0) win 1480
22:59:54.217071 IP 213.81.23.175.adsl-pool.jlccptt.net.cn.sctp-tunneling > my_server_name.webcache: S 1115400968:1115400968(0) win 1480
22:59:54.217084 IP 213.81.23.175.adsl-pool.jlccptt.net.cn.sctp-tunneling > my_server_name.webcache: S 1115400968:1115400968(0) win 1480
22:59:54.217496 IP 222.169.69.157.4871 > my_server_name.webcache: S 4075432759:4075432759(0) win 1480
22:59:54.218155 IP 106.123.253.121.35167 > my_server_name.webcache: S 3729309272:3729309272(0) win 1480
22:59:54.219195 IP 60.215.9.53.7635 > my_server_name.webcache: S 424080732:424080732(0) win 1480
22:59:54.227259 IP 113.140.203.200.davsrcs > my_server_name.webcache: R 3002732680:3002732680(0) ack 1 win 0
22:59:54.234954 IP 113.63.193.231.9946 > my_server_name.webcache: R 3908004795:3908004795(0) ack 1 win 0
22:59:54.243492 IP 101.68.10.163.15661 > my_server_name.webcache: F 75140799:75140799(0) ack 1 win 65392
22:59:54.267196 IP 222.188.196.139.56758 > my_server_name.webcache: S 1991756040:1991756040(0) win 1480
22:59:54.268158 IP 115.202.32.23.9255 > my_server_name.webcache: S 89562150:89562150(0) win 1480
22:59:54.268174 IP 115.202.32.23.9255 > my_server_name.webcache: S 89562150:89562150(0) win 1480
22:59:54.273537 IP 124.67.140.33.20199 > my_server_name.webcache: S 500945474:500945474(0) win 1480
22:59:54.276398 IP 14.146.43.25.9707 > my_server_name.webcache: S 160170707:160170707(0) win 1480
22:59:54.279003 IP 14.146.43.25.9707 > my_server_name.webcache: S 160170707:160170707(0) win 1480
22:59:54.280061 IP 183.3.16.119.8064 > my_server_name.webcache: R 2011629550:2011629550(0) ack 1 win 0
22:59:54.296037 IP 113.8.223.196.aironetddp > my_server_name.webcache: S 167678558:167678558(0) win 1480
…….
Supplement 1 Jul 19, 2014
怀疑受到基于P2P的DDoS攻击,这种攻击类型只能在应用层防御?
Supplement 2 Jul 19, 2014
sar四次结果:
18时46分35秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分36秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分36秒 eth0 256.00 0.00 15616.00 0.00 0.00 0.00 0.00
18时46分36秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分37秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分37秒 eth0 262.00 4.00 15720.00 844.0 0.00 0.00 5.00
18时46分37秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分38秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分38秒 eth0 264.00 2.00 15840.00 684.00 0.00 0.00 0.00
18时46分38秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分39秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分39秒 eth0 277.00 2.00 16636.00 684.00 0.00 0.00 1.00
Average: IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 264.75 2.00 15953.00 553.00 0.00 0.00 1.50
18时46分35秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分36秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分36秒 eth0 256.00 0.00 15616.00 0.00 0.00 0.00 0.00
18时46分36秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分37秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分37秒 eth0 262.00 4.00 15720.00 844.0 0.00 0.00 5.00
18时46分37秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分38秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分38秒 eth0 264.00 2.00 15840.00 684.00 0.00 0.00 0.00
18时46分38秒 IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
18时46分39秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
18时46分39秒 eth0 277.00 2.00 16636.00 684.00 0.00 0.00 1.00
Average: IFACE rxpck/s txpck/s rxbyt/s txbyt/s rxcmp/s txcmp/s rxmcst/s
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 264.75 2.00 15953.00 553.00 0.00 0.00 1.50
 | 1 pp3182429 Jul 17, 2014  1 关注。 |
 | 2 wzxjohn Jul 17, 2014 难道不是DDoS?有什么好奇怪的??? |
 | 3 thekll OP @wzxjohn tcpdump显示大量不同的源ip,如果这些ip是随机伪造的,应该不可能完成三次握手,为什么通过netstat查看状态有大量ESTABLISHED? 我理解的伪造源ip的攻击主要用于SYN Flood,所以不清楚我目前遇到的属于哪种。 以下是tcpdump加参数-nnX的输出结果: 01:55:04.500822 IP 180.111.189.20.8707 > 172.16.201.201.8080: S 598833600:598833600(0) win 1480 0x0000: 4500 0028 ed6a 0000 fe06 e806 b46f bd14 E..(.j.......o.. 0x0010: ac10 c9c9 2203 1f90 23b1 79c0 0000 0000 ...."...#.y..... 0x0020: 5002 05c8 e3b7 0000 0000 0000 0000 P............. 01:55:04.500839 IP 180.111.189.20.8707 > 172.16.201.201.8080: S 598833600:598833600(0) win 1480 0x0000: 4500 0028 eaaf 0000 fe06 eac1 b46f bd14 E..(.........o.. 0x0010: ac10 c9c9 2203 1f90 23b1 79c0 0000 0000 ...."...#.y..... 0x0020: 5002 05c8 e3b7 0000 0000 0000 0000 P............. 01:55:04.511716 IP 39.65.237.157.10156 > 172.16.201.201.8080: S 1194565532:1194565532(0) win 1480 0x0000: 4500 0028 e880 0000 fe06 4996 2741 ed9d E..(......I.'A.. 0x0010: ac10 c9c9 27ac 1f90 4733 9f9c 0000 0000 ....'...G3...... 0x0020: 5002 05c8 f155 0000 0000 0000 0000 P....U........ 01:55:04.522350 IP 119.115.113.83.8002 > 172.16.201.201.8080: R 1449166068:1449166068(0) ack 1 win 0 0x0000: 4500 0028 2e47 0000 3406 f9e8 7773 7153 E..(.G..4...wsqS 0x0010: ac10 c9c9 1f42 1f90 5660 84f4 0000 0001 .....B..V`...... 0x0020: 5014 0000 3708 0000 0000 0000 0000 P...7......... 01:55:04.546348 IP 27.38.53.206.19385 > 172.16.201.201.8080: S 3372241407:3372241407(0) win 1480 0x0000: 4500 0028 ed04 0000 fe06 08fd 1b26 35ce E..(.........&5. 0x0010: ac10 c9c9 4bb9 1f90 c900 51ff 0000 0000 ....K.....Q..... 0x0020: 5002 05c8 5d03 0000 0000 0000 0000 P...]......... 01:55:04.548370 IP 218.59.187.45.30950 > 172.16.201.201.8080: R 2916263863:2916263863(0) ack 1 win 0 0x0000: 4500 0028 68ca 0000 2e06 18c3 da3b bb2d E..(h........;.- 0x0010: ac10 c9c9 78e6 1f90 add2 a7b7 0000 0001 ....x........... 0x0020: 5014 0000 b68b 0000 0000 0000 0000 P............. 01:55:04.569272 IP 220.249.184.116.9025 > 172.16.201.201.8080: S 3974400993:3974400993(0) win 1480 0x0000: 4500 0028 ee98 0000 fe06 c2ee dcf9 b874 E..(...........t 0x0010: ac10 c9c9 2341 1f90 ece4 8be1 0000 0000 ....#A.......... 0x0020: 5002 05c8 e33a 0000 0000 0000 0000 P....:...….. sar命令查看每秒大概100多次攻击,暂时通过iptable封掉了一些ip段,只是缓解了一些服务器的压力,还是没法根本上解决问题。 |
 | 5 ultimate010 Jul 19, 2014 1 我前几天搞了个代理服务器,结果没设置限制,被代理网站爬到了,ip挂到网上,n多不知道来源的ip访问我的代理。后来发现后立刻关掉,一段时间内还是有大量ip访问。 建议把ip放到谷歌搜索一下,说不定就再某个代理服务器网站上。 |
| 6 thekll OP |
| 7 ultimate010 Jul 19, 2014 @thekll 有没有可能被误判为代理,然后被别人用了,换个非常用端口。 |
 | 8 luo362722353 Jul 19, 2014 @ultimate010 我建议你写一些限制..不然成为公用就不好了 |
 | 9 izoabr Jul 19, 2014 你的glassfinsh应该是建立长连接,然后就保持一个或几个连接就够的吧,你加个规则,源IP连接8080第一次握手限制一下,然后是每分钟连接数超过多少就丢到一个block池里去。 |
 | 10 ysjdx Jul 20, 2014 1 很明显 开放8080端口 被扫描器扫到(有些只扫描端口,不测试是不是代理) 然后挂到网上给别人当代理用了 出现BitTorrent.protocol 是因为有人尝试用代理下载p2p文件 以前被整过,后来直接换端口 |
| 11 thekll OP @ysjdx 我觉得还是P2P的DDoS攻击的可能性大一些,所有的包都会出现这样的数据: 每隔约10秒种连续发起几次请求: 01:34:08.375341 IP (tos 0x0, ttl 52, id 11617, offset 0, flags [none], proto: TCP (6), length: 40) 221.11.4.29.8146 >172.16.201.201.8080: R, cksum 0xe0ed (correct), 68:68(0) ack 1 win 0 0x0000: 4500 0028 2d61 0000 3406 026d dd0b 041d E..(-a..4..m.... 0x0010: ac10 c9c9 1fd2 1f90 3b74 3172 470d 848a ........;t1rG... 0x0020: 5014 0000 e0ed 0000 0000 0000 0000 P............. 01:34:08.634566 IP (tos 0x0, ttl 254, id 5929, offset 0, flags [none], proto: TCP (6), length: 40) 221.11.4.29.8259 > 172.16.201.201.8080: S, cksum 0x87cc (correct), 872372089:872372089(0) win 1480 0x0000: 4500 0028 1729 0000 fe06 4ea4 dd0b 041d E..(.)....N..... 0x0010: ac10 c9c9 2043 1f90 33ff 5779 0000 0000 .....C..3.Wy.... 0x0020: 5002 05c8 87cc 0000 0000 0000 0000 P............. 01:34:08.634613 IP (tos 0x0, ttl 254, id 5763, offset 0, flags [none], proto: TCP (6), length: 40) 221.11.4.29.8259 > 172.16.201.201.8080: S, cksum 0x87cc (correct), 872372089:872372089(0) win 1480 0x0000: 4500 0028 1683 0000 fe06 4f4a dd0b 041d E..(......OJ.... 0x0010: ac10 c9c9 2043 1f90 33ff 5779 0000 0000 .....C..3.Wy.... 0x0020: 5002 05c8 87cc 0000 0000 0000 0000 P............. 01:34:08.635147 IP (tos 0x0, ttl 254, id 4579, offset 0, flags [none], proto: TCP (6), length: 40) 221.11.4.29.8259 > 172.16.201.201.8080: ., cksum 0xdb9e (correct), 872372090:872372090(0) ack 1196319952 win 1480 0x0000: 4500 0028 11e3 0000 fe06 53ea dd0b 041d E..(......S..... 0x0010: ac10 c9c9 2043 1f90 33ff 577a 474e 64d0 .....C..3.WzGNd. 0x0020: 5010 05c8 db9e 0000 0000 0000 0000 P............. 01:34:08.659073 IP (tos 0x0, ttl 52, id 11713, offset 0, flags [none], proto: TCP (6), length: 40) 221.11.4.29.8259 > 172.16.201.201.8080: ., cksum 0xe1b1 (correct), 68:68(0) ack 1 win 65392 0x0000: 4500 0028 2dc1 0000 3406 020d dd0b 041d E..(-...4....... 0x0010: ac10 c9c9 2043 1f90 33ff 57be 474e 64d0 .....C..3.W.GNd. 0x0020: 5010 ff70 e1b1 0000 0000 0000 0000 P..p.......... 01:34:08.841644 IP (tos 0x0, ttl 52, id 11732, offset 0, flags [none], proto: TCP (6), length: 108) 221.11.4.29.8259 > 172.16.201.201.8080: P, cksum 0xd7aa (correct), 0:68(68) ack 1 win 65392 0x0000: 4500 006c 2dd4 0000 3406 01b6 dd0b 041d E..l-...4....... 0x0010: ac10 c9c9 2043 1f90 33ff 577a 474e 64d0 .....C..3.WzGNd. 0x0020: 5018 ff70 d7aa 0000 1342 6974 546f 7272 P..p.....BitTorr 0x0030: 656e 7420 7072 6f74 6f63 6f6c 0000 0000 ent.protocol.... 0x0040: 0018 0005 3014 d66d 104e 0db3 a489 8180 ....0..m.N...... 0x0050: 3932 5623 1dd2 072c 2d58 4638 3731 302d 92V#...,-XF8710- 0x0060: 7751 7164 6e34 6370 5076 4963 wQqdn4cpPvIc 对p2p协议不是很了解,不知道这是不是p2p客户端重连机制? |
 | 12 dndx Jul 20, 2014 这么多 SYN 包,难道是老掉牙的 SYN DDoS ? |
 | 13 qiuai PRO 可能某个基于8080端口的程序又出BUG了吧...比如说面板啊什么的...常用8080端口 |
| 14 thekll OP @dndx 没有SYN啊 @qiuai 从tcpdump的输出来看,应该是基于P2P的DDoS攻击。 google发现UCLA的这篇论文提供了一种解决思路:由于p2p客户端攻击时要建立tcp连接,在握手数据包中会含有BT协议请求,此时 过滤掉它,这样就不能建立完整的tcp链路,然后采用SYN-cookie技术解决由此产生的SYN flood. http://oak.cs.ucla.edu/~sia/pub/cs239spring06.pdf 正在尝试用这个办法解决。 |
| 15 ultimate010 Jul 20, 2014 @luo362722353 恩,被公用之后,我换了大号端口,限制了指定ip使用了。 |
Select Language