- 论坛徽章:
- 0
|
tcpdump 抓包如下:
20:35:37.529087 IP 61.53.229.191.2823 > 221.8.17.22.80: UDP, length 4
20:35:37.529100 IP 221.192.121.124.1431 > 221.8.17.22.80: UDP, length 4
20:35:37.529136 IP 124.90.26.124.1359 > 221.8.17.22.80: UDP, length 4
20:35:37.529185 IP 60.3.170.224.4629 > 221.8.17.22.80: UDP, length 4
20:35:37.529223 IP 211.103.79.8.54561 > 221.8.17.22.80: UDP, length 4
20:35:37.529272 IP 121.51.24.96.1882 > 221.8.17.22.80: UDP, length 4
20:35:37.530251 IP 124.234.242.151.4649 > 221.8.17.22.80: UDP, length 4
20:35:37.530290 IP 218.104.90.252.37557 > 221.8.17.22.80: UDP, length 4
20:35:37.530337 IP 203.92.154.37.29635 > 221.8.17.22.80: UDP, length 4
20:35:37.530369 IP 60.14.58.86.1529 > 221.8.17.22.80: UDP, length 4
20:35:37.530423 IP 124.234.242.151.4641 > 221.8.17.22.80: UDP, length 4
20:35:37.530461 IP 218.84.213.83.49626 > 221.8.17.22.80: UDP, length 4
20:35:37.530498 IP 58.17.35.242.31688 > 221.8.17.22.80: UDP, length 4
20:35:37.530546 IP 221.195.216.52.1343 > 221.8.17.22.80: UDP, length 4
20:35:37.530584 IP 218.84.213.83.12706 > 221.8.17.22.80: UDP, length 4
20:35:37.530633 IP 124.91.104.236.1270 > 221.8.17.22.80: UDP, length 4
20:35:37.530665 IP 124.234.242.151.4653 > 221.8.17.22.80: UDP, length 4
20:35:37.530707 IP 124.234.242.151.4655 > 221.8.17.22.80: UDP, length 4
20:35:37.530755 IP 222.130.30.182.3810 > 221.8.17.22.80: UDP, length 4
20:35:37.530789 IP 124.234.242.151.4643 > 221.8.17.22.80: UDP, length 4
20:35:37.530842 IP 61.53.229.191.2828 > 221.8.17.22.80: UDP, length 4
20:35:37.530879 IP 124.234.242.151.4648 > 221.8.17.22.80: UDP, length 4
我用脚本查过,大概有30-200个外网IP不等.全国各地哪都有.
当攻击开始时,有如下证状:
CPU占用率加大
开始时丢包,然后掉网,带宽全部被占满
iptables 中设置了将所有UDP协议发往80端口的包全部DROP,
iptables -vnL 结果显示确实丢弃了很多包,但这根本不能解决问题,网速一样的慢,一样的掉线,
郁闷中....
遇到这种问题,只能求助于防火墙吗?前几天试过锐捷的那个路由器,说是能防住每分/秒(忘了)300M攻击,还是什么电信级路由器,比LINUX死的还快.
谁有好的解决办法?或是比较好用的防火墙,请留言.谢谢. |
|
免费注册
发表于 2007-01-20 11:54
