免费注册	查看新帖 \|


平台论坛博客文库

› 论坛 › 备份版区 › Solaris › solaris web服务遭受sys_flood攻击，求助

最近访问板块

发新帖

查看: 3764 | 回复: 3

上一主题

下一主题

solaris web服务遭受sys_flood攻击，求助 [复制链接]

论坛徽章:: 0

电梯直达

跳转到指定楼层

1楼 [收藏(0)] [报告]

发表于 2006-09-02 12:15 |只看该作者 |倒序浏览

我们的web服务器，系统是solairs2.6（老了一点），suitspot的服务软件，最近遭受sys_flood攻击，我实在找不到好的办法，只能不断的封ip，弄的我疲惫不堪，请各位大虾救命，下面为netstat -an抓下的连接情况，大量的syn连接。\r\n\r\n……\r\n 192.168.10.5.80 222.171.138.73.2384 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2383 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2382 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2381 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2412 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2411 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2410 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2409 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2407 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.171.138.73.2392 65535 0 10080 0 FIN_WAIT_1\r\n192.168.10.5.80 222.160.37.69.1149 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63888 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2646 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4970 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2817 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63889 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63890 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2648 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2818 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63891 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4973 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2819 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63892 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63893 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2820 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63894 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63895 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2652 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2821 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1154 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63896 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63897 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2654 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2822 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1156 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.173.107.61.63898 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1157 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2056 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2823 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1158 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2824 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4980 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2058 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2658 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2825 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4982 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1160 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1161 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2826 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1162 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2661 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2827 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1163 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2828 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2064 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2829 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1164 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2066 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4988 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2665 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1165 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2830 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4990 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2667 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2831 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1166 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2832 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1167 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2833 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4994 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1168 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2073 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2671 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2834 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4996 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1169 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2835 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.4998 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1170 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2674 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2836 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1171 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2676 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2837 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1172 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2678 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1025 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2838 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1173 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2839 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2079 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1174 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2681 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2840 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1030 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2841 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2082 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1176 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1034 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2684 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1177 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2842 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1036 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2843 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1178 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1038 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2844 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1180 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2688 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2845 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1181 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2846 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1182 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1042 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2691 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2847 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2693 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2848 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1184 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1045 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2695 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2849 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1186 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2697 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2850 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1048 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1188 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2699 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2851 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1050 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2701 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2852 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1052 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2703 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2853 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1191 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1054 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2705 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2854 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2707 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1193 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.171.138.73.2855 0 0 10080 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1194 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2709 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2711 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1059 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2713 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1197 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2715 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1063 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2717 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1065 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2719 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1067 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2721 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1069 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2723 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1203 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2725 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1071 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1205 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2727 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1207 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2729 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1208 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1075 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2731 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1209 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1077 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2733 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1211 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1079 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2735 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1213 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2737 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2739 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2741 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1217 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.32.0.233.1084 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2743 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2747 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1221 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2749 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2751 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1223 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2753 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2755 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1225 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 210.46.89.145.2140 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1226 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2757 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2759 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2761 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1231 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2765 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1232 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1233 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2768 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1235 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2770 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1238 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2773 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1241 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2777 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 222.160.37.69.1243 0 0 9996 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2779 0 0 8760 0 SYN_RCVD\r\n192.168.10.5.80 202.102.138.42.2781 0 0 8760 0 SYN_RCVD\r\n……

论坛徽章:: 0

2楼 [报告]

发表于 2006-09-02 17:10 |只看该作者

提高未连接队列大小(SYN flood attack)\r\n #ndd -set /dev/tcp tcp_conn_req_max_q0 4096 \r\n提高连接队列大小(连接耗尽攻击)\r\n #ndd -set /dev/tcp tcp_conn_req_max_q 1024 \r\n\r\n此办法属于被动措施，还得找出谁干的，然后想办法。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 1

荣誉会员
日期:2011-11-23 16:44:17

3楼 [报告]

发表于 2006-09-02 22:57 |只看该作者

ps -fe看一下，将可疑进程干掉先。偶碰到过类似情况，就是从进程入手

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

4楼 [报告]

发表于 2006-09-03 10:04 |只看该作者

构造的数据包的源端口是有特征的，试一下现干封掉源端口8760,9996,10080，的数据包。最后前面还是搞一个防火墙有简单抗ddos的功能的，这样简单特征的攻击试能屏蔽掉的，如果高级的攻击，只能用真正抗ddos的设备了。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

发新帖

Chinaunix › 论坛 › 备份版区 › Solaris › solaris web服务遭受sys_flood攻击，求助

北京盛拓优讯信息技术有限公司. 版权所有京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号：11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员联系我们：huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP