- 论坛徽章:
- 0
|
09:52:36.743651 IP (tos 0x0, ttl 55, id 23028, offset 0, flags [DF], proto 6, length: 40) 123.123.123.123.telnet > 222.222.222.222.webcache: R [tcp sum ok] 544896488:544896488(0) win 0\r\n09:52:36.743660 IP (tos 0x0, ttl 55, id 23030, offset 0, flags [DF], proto 6, length: 40) 123.123.123.123.telnet > 222.222.222.222.webcache: R [tcp sum ok] 259012300:259012300(0) win 0\r\n09:52:36.743675 IP (tos 0x0, ttl 55, id 23031, offset 0, flags [DF], proto 6, length: 40) 123.123.123.123.telnet > 222.222.222.222.webcache: R [tcp sum ok] 1586470382:1586470382(0) win 0\r\n\r\ntcpdump到这种包,\r\n被攻击之后症状如下:iptraf和netstat看不到任何连接,也没有udp的洪水\r\n流量图上看in流量非常大\r\n包中的ip地址用123.123.123.123代替源地址\r\n222.222.222.222代替目的地址\r\n\r\n攻击源头是真实地址,不是伪造的\r\n\r\n想请问下这种类型的带宽攻击是什么原理呢 |
|