
平台论坛博客文库

› 论坛 › 操作系统 › Linux系统管理 › 网络问题请帮助

[网络管理] 网络问题请帮助 [复制链接]

lzj019

白手起家

论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2006-12-17 14:45 |只看该作者 |倒序浏览

我的IPTABLES如下:

#Display start message
echo "Starting iptables rules..."
#setting
IPT="/sbin/iptables"
IP_ME="172.22.7.85"
IP_SERVER="210.34.132.148"
IP_YE="172.22.7.93"
IP_ALL="any/0"
#CLEAN
$IPT -F
$IPT -X
#GLOBAL
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
#1.OUT VISIT IN
#(1)ALLOW VISIT ALL
$IPT -A INPUT -s $IP_ME -j ACCEPT
$IPT -A INPUT -s $IP_YE -j ACCEPT
$IPT -A INPUT -s $IP_SERVER -j ACCEPT
$IPT -A INPUT -s 127.0.0.1 -j ACCEPT
$IPT -A INPUT -s 210.34.143.78 -j ACCEPT
#$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#syn-flood
$IPT -N syn-flood
$IPT -A INPUT -p tcp --syn -j syn-flood
#$IPT -I syn-flood -p tcp -m limit --limit 3/h --limit-burst 4 -j RETURN
$IPT -A syn-flood -j REJECT

复制代码

服务器运行两个半小时
#iptable -L -nv如下:

[root@gs lzjie]# /sbin/iptables -L -nv
Chain INPUT (policy DROP 3897 packets, 248K bytes)
pkts bytes target prot opt in out source destination
11425 537K ACCEPT all -- * * 172.22.7.85 0.0.0.0/0
0 0 ACCEPT all -- * * 172.22.7.93 0.0.0.0/0
0 0 ACCEPT all -- * * 210.34.132.148 0.0.0.0/0
4 200 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
1765 106K ACCEPT all -- * * 210.34.143.78 0.0.0.0/0
73577 3724K syn-flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 89550 packets, 16M bytes)
pkts bytes target prot opt in out source destination
Chain syn-flood (1 references)
pkts bytes target prot opt in out source destination
73577 3724K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

复制代码

打开各项服务并关掉IPTABLE
#netstat -n结果如下

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 210.34.132.148:21 202.106.77.75:52566 SYN_RECV
tcp 0 0 210.34.132.148:21 81.6.209.237:1612 SYN_RECV
...
tcp 0 0 210.34.132.148:21 83.55.234.142:4013 SYN_RECV
tcp 0 0 210.34.132.148:21 221.5.54.41:41646 SYN_RECV
tcp 0 0 210.34.132.148:21 203.191.19.46:46921 SYN_RECV
tcp 0 0 210.34.132.148:21 58.244.33.40:50447 SYN_RECV
tcp 0 0 210.34.132.148:21 60.20.246.84:4190 SYN_RECV
tcp 0 0 210.34.132.148:21 125.41.109.184:2985 SYN_RECV
tcp 0 0 210.34.132.148:21 59.65.52.197:4323 SYN_RECV
tcp 0 0 210.34.132.148:21 58.244.67.127:38492 SYN_RECV
tcp 0 0 210.34.132.148:21 202.180.123.221:3779 SYN_RECV
...
tcp 0 0 210.34.132.148:21 88.5.139.136:12606 SYN_RECV
tcp 0 0 210.34.132.148:21 219.159.0.190:3474 SYN_RECV
...
tcp 0 0 210.34.132.148:21 60.22.194.9:2412 SYN_RECV
tcp 0 0 210.34.132.148:21 222.139.141.183:2674 SYN_RECV
tcp 0 0 210.34.132.148:21 220.249.250.35:17736 SYN_RECV
tcp 0 0 210.34.132.148:21 121.25.232.11:1884 SYN_RECV
tcp 0 0 210.34.132.148:21 221.209.136.84:1534 SYN_RECV
tcp 0 0 210.34.132.148:21 58.17.12.192:42824 SYN_RECV
tcp 0 0 210.34.132.148:21 221.137.184.231:53265 SYN_RECV
tcp 0 0 210.34.132.148:21 219.239.34.132:58478 SYN_RECV
tcp 0 0 210.34.132.148:21 218.186.153.194:65225 SYN_RECV
tcp 0 0 210.34.132.148:21 217.164.217.108:60971 SYN_RECV
tcp 0 0 210.34.132.148:21 202.113.245.139:1883 SYN_RECV
tcp 0 0 210.34.132.148:21 125.36.11.182:2115 SYN_RECV
tcp 0 0 210.34.132.148:21 222.22.114.59:2280 SYN_RECV
tcp 0 0 210.34.132.148:21 60.20.134.127:4560 SYN_RECV
tcp 0 0 210.34.132.148:21 125.42.156.162:2859 SYN_RECV
tcp 0 0 210.34.132.148:21 221.218.182.226:3248 SYN_RECV
tcp 0 0 210.34.132.148:21 121.43.232.186:41823 SYN_RECV
tcp 0 0 210.34.132.148:21 58.20.122.229:2599 SYN_RECV
tcp 0 0 210.34.132.148:21 61.48.106.52:4638 SYN_RECV
tcp 0 0 210.34.132.148:21 203.190.106.34:3128 SYN_RECV
tcp 0 0 210.34.132.148:21 218.57.200.64:14365 SYN_RECV
tcp 0 0 210.34.132.148:21 222.18.126.73:1707 SYN_RECV
tcp 0 0 210.34.132.148:21 211.90.223.178:33715 SYN_RECV
tcp 0 0 210.34.132.148:21 221.2.225.133:4794 SYN_RECV
tcp 0 0 210.34.132.148:21 222.134.181.140:3470 SYN_RECV
tcp 0 0 210.34.132.148:21 193.170.53.9:3765 SYN_RECV
tcp 0 0 210.34.132.148:21 58.252.28.52:31600 SYN_RECV
tcp 0 0 210.34.132.148:21 222.164.20.178:3199 SYN_RECV
tcp 0 0 210.34.132.148:21 203.190.106.34:3143 SYN_RECV
tcp 0 0 210.34.132.148:21 124.240.124.166:36809 SYN_RECV
tcp 0 0 210.34.132.148:21 124.248.97.126:3431 SYN_RECV
tcp 0 0 210.34.132.148:21 86.75.164.106:1470 SYN_RECV
tcp 0 0 210.34.132.148:21 219.148.152.18:1882 SYN_RECV
tcp 0 0 210.34.132.148:21 221.1.6.217:1803 SYN_RECV
tcp 0 0 210.34.132.148:21 60.25.124.64:3189 SYN_RECV
tcp 0 0 210.34.132.148:21 222.165.103.84:1839 SYN_RECV
tcp 0 0 210.34.132.148:21 211.101.192.42:11957 SYN_RECV
tcp 0 0 210.34.132.148:21 220.249.31.138:3191 SYN_RECV
tcp 0 0 210.34.132.148:21 81.6.209.237:1888 SYN_RECV
tcp 0 0 210.34.132.148:21 203.122.127.96:60742 SYN_RECV
tcp 0 0 210.34.132.148:21 222.136.16.202:3058 SYN_RECV
tcp 0 0 210.34.132.148:21 121.27.86.51:4828 SYN_RECV
tcp 0 0 210.34.132.148:21 88.106.251.25:3363 SYN_RECV
tcp 0 0 210.34.132.148:21 82.36.64.13:3389 SYN_RECV
tcp 0 0 210.34.132.148:21 220.234.141.61:2559 SYN_RECV
tcp 0 0 210.34.132.148:21 218.109.75.156:2718 SYN_RECV
tcp 0 0 210.34.132.148:21 221.1.6.217:2045 SYN_RECV
tcp 0 0 210.34.132.148:21 203.130.122.43:3086 SYN_RECV
tcp 0 0 210.34.132.148:21 124.254.81.103:3029 SYN_RECV
tcp 0 0 210.34.132.148:21 61.139.52.60:47622 SYN_RECV
tcp 0 0 210.34.132.148:21 192.150.179.57:2574 SYN_RECV
tcp 0 0 210.34.132.148:21 203.190.106.34:3166 SYN_RECV
tcp 0 0 210.34.132.148:21 202.115.125.2:43942 SYN_RECV
tcp 0 0 210.34.132.148:21 84.174.178.80:61738 SYN_RECV
tcp 0 0 210.34.132.148:21 222.58.173.87:3468 SYN_RECV
tcp 0 0 210.34.132.148:21 203.152.82.23:4492 SYN_RECV
tcp 0 0 210.34.132.148:21 125.46.0.14:64668 SYN_RECV
tcp 0 0 210.34.132.148:21 220.221.114.251:3508 SYN_RECV
tcp 0 0 210.34.132.148:21 143.238.127.151:60983 SYN_RECV
tcp 0 0 210.34.132.148:21 124.89.122.176:28482 SYN_RECV
tcp 0 0 210.34.132.148:21 61.50.229.102:61122 SYN_RECV
tcp 0 0 210.34.132.148:21 59.64.244.159:4074 SYN_RECV
tcp 0 0 210.34.132.148:21 74.109.153.243:63077 SYN_RECV
tcp 0 0 210.34.132.148:21 58.20.45.77:3592 SYN_RECV
tcp 0 0 210.34.132.148:21 61.178.224.65:2797 SYN_RECV
tcp 0 0 210.34.132.148:21 125.40.168.184:1875 SYN_RECV
tcp 0 0 210.34.132.148:21 80.236.127.168:4702 SYN_RECV
tcp 0 0 210.34.132.148:21 222.129.128.248:4311 SYN_RECV
tcp 0 0 210.34.132.148:21 218.57.179.203:12299 SYN_RECV
tcp 0 0 210.34.132.148:21 60.16.145.206:2609 SYN_RECV
tcp 0 0 210.34.132.148:21 222.164.154.26:63117 SYN_RECV
tcp 0 0 210.34.132.148:21 125.96.131.174:1939 SYN_RECV
tcp 0 0 210.34.132.148:21 222.164.106.79:4299 SYN_RECV
tcp 0 0 210.34.132.148:21 219.75.6.45:3506 SYN_RECV
tcp 0 0 210.34.132.148:21 58.245.164.95:2843 SYN_RECV
tcp 0 0 210.34.132.148:21 155.69.5.235:19317 SYN_RECV
tcp 0 0 210.34.132.148:21 218.26.121.203:56522 SYN_RECV
...
tcp 0 0 210.34.132.148:21 222.20.212.186:1118 FIN_WAIT2
tcp 0 0 210.34.132.148:21 210.45.240.8:53774 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.32.41.95:3724 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:61375 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:64447 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.78.51.93:32244 TIME_WAIT
tcp 0 0 210.34.132.148:21 202.106.77.75:5048 TIME_WAIT
tcp 0 0 210.34.132.148:21 58.101.23.155:3265 FIN_WAIT2
tcp 0 0 210.34.132.148:21 221.197.110.84:3112 TIME_WAIT
tcp 0 0 210.34.132.148:21 58.17.145.155:57138 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.215.252.104:2194 FIN_WAIT2
tcp 0 29 210.34.132.148:21 219.156.175.97:3202 FIN_WAIT1
tcp 0 0 210.34.132.148:21 61.182.45.23:29535 FIN_WAIT2
tcp 0 29 210.34.132.148:21 60.220.170.210:1928 FIN_WAIT1
tcp 0 0 210.34.132.148:21 221.217.169.229:61881 TIME_WAIT
tcp 0 0 210.34.132.148:21 219.157.42.230:1148 TIME_WAIT
tcp 0 29 210.34.132.148:21 222.58.173.87:3858 FIN_WAIT1
tcp 0 0 210.34.132.148:21 218.58.180.10:50537 FIN_WAIT2
tcp 0 0 210.34.132.148:21 221.221.32.240:4639 FIN_WAIT2
tcp 0 0 210.34.132.148:21 221.205.61.33:3900 TIME_WAIT
tcp 0 0 210.34.132.148:21 218.24.137.193:2627 FIN_WAIT2
tcp 0 116800 210.34.132.148:7780 172.22.6.140:1169 ESTABLISHED
tcp 0 0 210.34.132.148:21 60.210.175.81:1987 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.203.24.214:3605 FIN_WAIT2
tcp 0 0 210.34.132.148:21 221.217.169.229:62341 TIME_WAIT
tcp 1 1 210.34.132.148:21 222.66.94.22:57572 CLOSING
tcp 0 0 210.34.132.148:21 210.45.240.8:57915 TIME_WAIT
tcp 0 0 210.34.132.148:21 172.22.6.140:1165 ESTABLISHED
tcp 0 0 210.34.132.148:21 202.106.77.75:54917 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:63617 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.220.168.96:4606 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.66.94.22:57582 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:58162 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:61581 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.197.110.84:3096 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.39.56.156:64923 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.18.127.31:3475 FIN_WAIT2
tcp 0 0 210.34.132.148:21 221.197.110.84:3100 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:54327 TIME_WAIT
...
tcp 0 0 210.34.132.148:21 218.28.19.229:44525 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:56110 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:60049 TIME_WAIT
tcp 1 1 210.34.132.148:21 202.203.45.85:2632 CLOSING
tcp 0 0 210.34.132.148:21 210.45.240.8:57647 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:57391 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:59807 TIME_WAIT
tcp 0 0 210.34.132.148:21 202.106.77.75:53912 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.31.187.43:4731 TIME_WAIT
...
tcp 0 0 210.34.132.148:21 221.217.169.229:61415 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:55129 TIME_WAIT
tcp 0 29 210.34.132.148:21 58.19.113.65:3500 FIN_WAIT1
tcp 0 0 210.34.132.148:21 222.164.64.168:2108 FIN_WAIT2
tcp 0 0 210.34.132.148:21 210.45.240.8:55386 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:63205 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.8.43.137:3803 TIME_WAIT
tcp 0 0 210.34.132.148:21 202.106.77.75:11234 TIME_WAIT
tcp 0 0 210.34.132.148:21 202.106.77.75:25058 TIME_WAIT
tcp 0 0 210.34.132.148:21 125.1.88.24:10696 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:54364 TIME_WAIT
tcp 0 0 210.34.132.148:21 125.1.88.24:10697 TIME_WAIT
tcp 0 0 210.34.132.148:21 202.106.77.75:3300 TIME_WAIT
tcp 0 0 210.34.132.148:21 218.194.4.196:2422 FIN_WAIT2
tcp 0 29 210.34.132.148:21 210.45.240.8:58207 FIN_WAIT1
tcp 0 0 210.34.132.148:21 218.15.102.254:1762 FIN_WAIT2
tcp 0 0 210.34.132.148:21 172.22.105.71:1458 ESTABLISHED
tcp 0 0 210.34.132.148:37763 172.22.10.20:2334 TIME_WAIT
tcp 0 29 210.34.132.148:21 124.254.81.103:2892 FIN_WAIT1
tcp 0 0 210.34.132.148:21 220.249.150.18:38905 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.137.91.131:7722 FIN_WAIT2
tcp 0 0 210.34.132.148:21 202.106.77.75:5096 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.217.169.229:63725 TIME_WAIT
tcp 0 0 210.34.132.148:21 219.231.223.159:4062 FIN_WAIT2
tcp 0 0 210.34.132.148:21 222.164.20.178:3196 FIN_WAIT2
tcp 0 29 210.34.132.148:21 220.253.64.56:2053 FIN_WAIT1
tcp 0 0 210.34.132.148:21 222.32.41.95:3798 TIME_WAIT
tcp 0 0 210.34.132.148:21 222.31.177.29:2864 FIN_WAIT2
tcp 0 0 210.34.132.148:21 202.106.77.75:34289 TIME_WAIT
tcp 0 29 210.34.132.148:21 81.178.110.244:4682 FIN_WAIT1
tcp 0 0 210.34.132.148:21 218.28.19.229:43144 TIME_WAIT
tcp 0 0 210.34.132.148:21 210.45.240.8:57161 TIME_WAIT
tcp 0 0 210.34.132.148:21 60.20.227.235:2431 FIN_WAIT2
tcp 0 0 210.34.132.148:21 221.217.169.229:62197 TIME_WAIT
tcp 0 0 210.34.132.148:21 124.254.81.103:2902 TIME_WAIT
tcp 0 0 210.34.132.148:21 221.5.139.157:2418 FIN_WAIT2
tcp 0 0 210.34.132.148:21 222.138.130.90:1740 TIME_WAIT
...

复制代码

SYN_RECV +TIME_WAIT数量可达1000

服务器已经关闭vsftpd,httpd,sendmail,mysqld等服务
可网络还是会出现短时间掉线,掉线时间为几分钟,而后可自动连上
不知道这是不是SYN-FLOOD攻击造成的,如果是的话那为什么我已经drop掉几乎所有来源IP的数据包了(请看IPTABLE)还会出现这情况呢

期待各位回答这问题困扰了我快2个月了查了很多资料现在分不清楚掉线是硬件问题还是系统问题还是攻击造成的

[ 本帖最后由 lzj019 于 2006-12-17 14:53 编辑 ]

文库|博客

返回列表

Chinaunix › 论坛 › 操作系统 › Linux系统管理 › 网络问题请帮助

[网络管理] 网络问题请帮助 [复制链接]

浏览过的版块