这是哪一类型的扫描或攻击?

2015-02-08 18:02:22 +08:00
 aiwha

17:39:51.699395 IP 60.169.78.195.77 > 223.151.171.122.9064: Flags [S], seq 0, win 16384, length 0
17:39:51.699600 IP 223.151.171.122.9064 > 60.169.78.195.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:39:59.597065 IP 222.186.56.153.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:39:59.597259 IP 223.151.171.122.9000 > 222.186.56.153.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:12.094916 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:12.095126 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:17.805986 IP 60.173.11.130.6000 > 223.151.171.122.8118: Flags [S], seq 1942618112, win 16384, length 0
17:40:17.806194 IP 223.151.171.122.8118 > 60.173.11.130.6000: Flags [R.], seq 0, ack 1942618113, win 0, length 0
17:40:18.383223 IP 222.186.56.153.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:18.383395 IP 223.151.171.122.9000 > 222.186.56.153.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:23.543628 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:23.543833 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:29.908367 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:29.908566 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:40.417706 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:40.417905 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:49.944221 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:49.944430 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
17:40:50.123528 IP 222.186.34.81.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
17:40:50.123683 IP 223.151.171.122.9000 > 222.186.34.81.77: Flags [R.], seq 0, ack 1, win 0, length 0

很有规律的,它来个S(win 16384),我回个R,我的ip是223.151.171.122,对方ip则有多个。

这是我在路由器上的pppoe口抓包发现的,已经排除了内网主机向外发包的可能。

2734 次点击
所在节点    站长
4 条回复
kliy
2015-02-08 18:11:14 +08:00
TCPDUMP?
aiwha
2015-02-08 18:13:00 +08:00
哦,明白了,应该是在尝试连接我的特定端口,但我的iptables将它们复位了。。。
aiwha
2015-02-08 18:14:25 +08:00
@kliy 嗯,openwrt下现成的包貌似只有tcpdump,我喜欢用的snort得自己搞交叉编译。。。。
laoyuan
2015-02-08 19:08:55 +08:00
好像写一个人造智能接管互联网啊。。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/169292

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX