Chinaunix

标题: 被人DDOS了？求救！ [打印本页]

作者: fxdfbl 时间: 2005-02-02 16:26
标题: 被人DDOS了？求救！
tcp       0    0 XX.XX.XX.XX:80       164.203.47.127:1712    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       98.120.33.117:55032    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       11.114.246.249:34218 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       199.59.15.237:15392    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       79.231.227.99:20903    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       96.252.204.58:20599    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       96.165.206.236:29259 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       183.206.81.31:26981    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       91.58.212.117:24790    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       197.137.47.87:14730    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       138.215.211.38:29796 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       209.199.136.47:23056 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       108.162.227.210:4507 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       99.40.244.72:49790    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       148.93.152.146:54365 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       192.217.156.96:39265 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       147.65.44.47:6335    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       175.123.82.194:49533 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       146.202.196.98:38419 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       140.10.23.207:12039    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       48.82.12.136:48999    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       186.105.5.71:18783    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       215.175.80.239:30391 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       93.103.239.45:37472    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       96.165.162.164:48495 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       11.53.202.49:23399    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       57.215.128.124:13028 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       98.118.5.118:38153    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       9.98.33.43:17142       SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       112.36.127.36:41656    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       12.199.204.187:42206 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       21.127.63.142:50804    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       68.247.100.169:20942 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       82.143.212.79:47753    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       149.22.138.29:35919    SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       160.150.85.195:27618 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       176.54.170.126:21103 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       18.214.111.205:55706 SYN_RECV
tcp       0    0 XX.XX.XX.XX:80       184.89.40.188:4360    SYN_RECV

实在没办法了，一打开80端马上就连接不上去服务器。后来写了个程序执行：

<?php
for {$i=0;$i<100;$i++)
{
exec("netstat -n | grep :80 | grep SYN >;>;test.txt");
sleep(10);
}
?>;

复制代码

结果取出来一看，test.txt文件竟然有3M多大，里面有39966条SYN记录，而这39966个IP里面，有32000多个是不同的！

大家帮我看看这到底是如何一回事？该如何应付？

作者: mil 时间: 2005-02-03 14:14
标题: 被人DDOS了？求救！
典型的DDOS。你可以尝试把IIS换个端口，以为应急~！

作者: 剑心通明 时间: 2005-02-03 14:22
标题: 被人DDOS了？求救！
在freebsd我只知道的是可以在sysctl.conf里面加入：
####以下为防止dos攻击#####
net.inet.tcp.msl=7500
##freebsd默认为30000
net.inet.tcp.blackhole=2
##接收到一个已经关闭的端口发来的所有包，直接drop，如果设置为1则是只针对TCP包
net.inet.udp.blackhole=1
##接收到一个已经关闭的端口发来的所有UDP包直接drop
########end#################
其他的不大清楚，关注

作者: arongbd 时间: 2007-12-28 17:25
标题: 回复 #2 mil 的帖子
遇到DDOS攻击不妨使用冰盾防火墙，免费下载地址：www.bingdun.com QQ:929931618

作者: tongliguo 时间: 2008-02-11 16:31
来个硬件的防火墙来顶住吧
没有用的

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)