ss5 1080端口被攻击如何解决

loniy

机器上开了SS5的SOCKS代理。端口为1080

近期常常间隔1，2小时自动重启。。。。搞了很久也不知道怎么回事。

TCPDUMP后发现奇怪的包

水平较菜，目前只大概猜 到发送大量的FIN标志包。。。。

这样的攻击有可能造成重启吗？如果负载过大的话。。那为什么他不攻击80，，还是APACHE连接机制比较好

有没有办法解决这种攻击。

12:29:26.747312 IP (tos 0x0, ttl 115, id 20907, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.3751 > my ip..134.socks: S [tcp sum ok] 2138886867:2138886867(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:26.747358 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..134.socks > 222.231.59.26.3751: R [tcp sum ok] 0:0(0) ack 2138886868 win 0

12:29:27.417965 IP (tos 0x0, ttl 115, id 21575, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.3751 > my ip..134.socks: S [tcp sum ok] 2138886867:2138886867(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:27.417979 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..134.socks > 222.231.59.26.3751: R [tcp sum ok] 0:0(0) ack 1 win 0

12:29:28.188567 IP (tos 0x0, ttl 115, id 22426, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.3751 > my ip..134.socks: S [tcp sum ok] 2138886867:2138886867(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:28.188584 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..134.socks > 222.231.59.26.3751: R [tcp sum ok] 0:0(0) ack 1 win 0

12:29:34.853252 IP (tos 0x0, ttl 115, id 29544, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.8978 > my ip..131.socks: S [tcp sum ok] 518693620:518693620(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:34.853311 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 222.231.59.26.8978: R [tcp sum ok] 0:0(0) ack 518693621 win 0

12:29:35.507777 IP (tos 0x0, ttl 115, id 30183, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.8978 > my ip..131.socks: S [tcp sum ok] 518693620:518693620(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:35.507790 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 222.231.59.26.8978: R [tcp sum ok] 0:0(0) ack 1 win 0

12:29:35.682688 IP (tos 0x0, ttl 119, id 39919, offset 0, flags [DF], proto 6, length: 4 216.32.69.74.4859 > my ip..131.socks: S [tcp sum ok] 197881388:197881388(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:35.682700 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 216.32.69.74.4859: R [tcp sum ok] 0:0(0) ack 197881389 win 0

12:29:36.054995 IP (tos 0x0, ttl 115, id 30784, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.8978 > my ip..131.socks: S [tcp sum ok] 518693620:518693620(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:36.055014 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 222.231.59.26.8978: R [tcp sum ok] 0:0(0) ack 1 win 0

12:29:36.104470 IP (tos 0x0, ttl 119, id 39949, offset 0, flags [DF], proto 6, length: 4 216.32.69.74.4859 > my ip..131.socks: S [tcp sum ok] 197881388:197881388(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:36.104489 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 216.32.69.74.4859: R [tcp sum ok] 0:0(0) ack 1 win 0

12:29:36.607346 IP (tos 0x0, ttl 119, id 40013, offset 0, flags [DF], proto 6, length: 4 216.32.69.74.4859 > my ip..131.socks: S [tcp sum ok] 197881388:197881388(0) win 65535 <mss 1460,nop,nop,sackOK>

12:29:36.607395 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 216.32.69.74.4859: R [tcp sum ok] 0:0(0) ack 1 win 0





那上面奇怪的人头是什么。。搞什么 搞。。。。自动转换这么郁闷的功能竟然也开启

[ 本帖最后由 loniy 于 2007-5-13 01:34 编辑 ]

fangxia67

用iptables
iptables -A allowed -p tcp --dport 1080  -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A allowed -p tcp -j DROP
正常的包允许  其他的删掉

iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

marsaber

经常重启,不排除硬件的可能哦.
是不是CPU温度太高了?机箱内温度呢?

platinum

很多人都说，自己也的确感觉 socks5 不稳定，建议换其他的 proxy 代理
还有一个 for linux 的开源代理，具体名字我忘记了……

loniy

不是温度，，，把服务关了，就正常了，不重启了，，，，