论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2014-03-14 14:45 |只看该作者 |倒序浏览

我的服务器没有开NTP服务，但是一直有外部IP发送大量的ntp报文到我的123端口，每分钟大概15w个报文，经常把我的网络冲死必须得重启network才能解决，这算是攻击么，我改怎么解决？？

我已经增加了iptables策略，将udp目标端口为123的报文drop，但是效果不是很好啊。

14:15:13.837653 IP 192.95.43.227.34618 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.837780 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.839361 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.851085 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857552 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857564 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857566 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857568 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.858967 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861576 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861585 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861588 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861590 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874200 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874215 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874218 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874229 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879357 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879366 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879580 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879589 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.884428 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925329 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925353 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925356 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925358 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, lengt
14:15:13.927300 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.948565 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952981 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952990 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952993 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952996 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8

文库|博客

syshz

稍有积蓄

论坛徽章:: 0

2楼 [报告]

发表于 2014-03-14 15:22 |只看该作者

iptables -A INPUT -p tcp –dport 123 -j DROP
iptables -A INPUT -p udp –dport 123 -j DROP

ntp.conf配置添加

restrict default noquery nomodify notrap nopeer
restrict -6 default noquery nomodify notrap nopeer