- 论坛徽章:
- 0
|
 最近“高波”病毒泛滥,内网用户不停的发送大量的包,攻击445,和135端口。我的网关作了nat,其中一个模块ip_conntarck经常被冲满,造成table full,dropping packet.内网丢包严重。我试着用iptables命令阻挡,没什么效果。
我的命令是:
iptables -A INPUT -p tcp(udp) --dport 445 -j DROP
iptables -A FORWARD -p tcp(udp) --dport 445 -j DROP
iptables -t nat -A PREROUTING -p tcp(udp) --dport 445 -j DROP
比较典型的网关攻击现象:
17:18:42.051139 10.0.32.130.4820 >; 10.156.80.60.445: S 3248761990:3248761990(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051147 10.0.32.130.4821 >; 10.48.170.55.445: S 3248808510:3248808510(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051155 10.0.32.130.4822 >; 10.13.127.141.445: S 3248848483:3248848483(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051163 10.0.32.130.4823 >; 10.198.217.23.445: S 3248900858:3248900858(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051171 10.0.32.130.4824 >; 10.162.184.198.445: S 3248946508:3248946508(0
) win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051179 10.0.32.130.4825 >; 10.200.199.134.445: S 3249000810:3249000810(0
) win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051187 10.0.32.130.4826 >; 10.246.59.206.445: S 3249060906:3249060906(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051195 10.0.32.130.4827 >; 10.213.194.86.445: S 3249097008:3249097008(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.051203 10.0.32.130.4828 >; 10.37.99.18.445: S 3249143859:3249143859(0) w
in 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.140174 10.0.32.130.4920 >; 10.54.0.152.445: S 3252056318:3252056318(0) w
in 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.146798 10.0.32.130.4921 >; 10.167.135.238.445: S 3252113090:3252113090(0
) win 64240 <mss 1460,nop,nop,sackOK>; (DF)
17:18:42.146948 10.0.32.130.4923 >; 10.156.196.21.445: S 3252166355:3252166355(0)
win 64240 <mss 1460,nop,nop,sackOK>; (DF)
10.0.32.130是内网机子,不停拼命发包。
有没有什么好办法?可以解决???郁闷中呀!听说这里高手云集,希望大家集思广益……不吝赐教……谢谢 |
|
免费注册
发表于 2004-11-13 17:12