服务器商说是有攻击把服务器给停了,并发来了日志,请帮忙看一下。

2016-06-10 16:17:26 +08:00
 openbaby
x.x.x.x 是服务器地址,但是服务器流量并不大,也就 5MB/s ,这该怎么破?

Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from 182.36.165.220:57214 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 182.36.165.220:57214; first packet (SYN)
Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN sent; 5 packets, 648 bytes, avg flow rate 0.33 kbits/s
Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 118.122.119.107:54012; FIN sent; 5 packets, 248 bytes, avg flow rate 0.08 kbits/s
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 58.56.141.90:62721 to x.x.x.x:80; first packet
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 222.211.174.138:35154 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 183.136.216.66:55628 to x.x.x.x:80; Connection reset; 1 packets, 46 bytes, avg flow rate 0.00 kbits/s; opposite direction 0 packets, 0 bytes; avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 119.130.132.28:59662 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN sent; 7 packets, 773 bytes, avg flow rate 0.38 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58156 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58156; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58157 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58157; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53352 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53354 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53353 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58637; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 61.161.186.78:50237 to x.x.x.x:80; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 61.161.186.78:50237; first packet
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 61.161.186.78:50493 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 61.161.186.78:50493; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53355 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:35408 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:35408; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 118.122.119.107:54012 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:34231 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:34231; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8393 to x.x.x.x:80; FIN sent; 5 packets, 2259 bytes, avg flow rate 1.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8393; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8399 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8399; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42603; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42604; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42605; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8400 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8400; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:55989 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:55989; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 48 bytes; from 61.180.202.194:3259 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 120.193.200.69:2783 to x.x.x.x:80; FIN sent; 17 packets, 10158 bytes, avg flow rate 2.70 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 120.193.200.69:2783; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58640; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53356 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 58.59.49.163:44735 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 58.59.49.163:44735; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.202.142.141:58637 to x.x.x.x:80; Connection reset; 1 packets, 52 bytes, avg flow rate 0.00 kbits/s; opposite direction 1 packets, 52 bytes; avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.246.193.138:65128 to x.x.x.x:80; FIN sent; 5 packets, 720 bytes, avg flow rate 0.22 kbits/s
4727 次点击
所在节点    云计算
25 条回复
donghouhe
2016-06-10 16:27:59 +08:00
这是被 d 的意思吗
Bryan0Z
2016-06-10 16:28:44 +08:00
5 mb/s 也停?
Andy1999
2016-06-10 16:30:17 +08:00
哥们改换家托管了
openbaby
2016-06-10 16:37:37 +08:00
@donghouhe
@Bryan0Z
@Andy1999 我不认为是被 D ,都是正常的访问,他们就说被 SYN 攻击,还说违反了他们的多项条例。
xupefei
2016-06-10 16:40:51 +08:00
怎么会是正常访问呢, 01:12:00 一秒钟里一堆 IP 来发 SYN ,而且只发 SYN ,没有后续动作。
5MB/s 是挺小,但是仍旧是 SYN flood 攻击。
openbaby
2016-06-10 16:48:03 +08:00
@xupefei 这台服务器的用途比较特殊,就是只做 301 跳转,没有具体的网站内容,任何访问都通过 301 重定向到另一台服务器去。
lslqtz
2016-06-10 17:10:54 +08:00
该换家服务商了。
realpg
2016-06-10 17:20:07 +08:00
SYN FLOOD 都没法解决的机房?
而且 SYNFLOOD 是吃服务器资源的而不是吃流量的,你确定这不是个超售二十倍的 VPS 么
lightforce
2016-06-10 17:23:14 +08:00
syn flood 很好防啊,最难防的是混合
webjin1
2016-06-10 17:37:41 +08:00
Tos 有写吗?
webjin1
2016-06-10 17:38:22 +08:00
看样子像板瓦工
jasontse
2016-06-10 17:39:54 +08:00
才 80Kpps 不到就停机啊,搬家吧
openbaby
2016-06-10 19:19:10 +08:00
@lightforce
@realpg
@jasontse
@lslqtz 我不知道设置下 iptables 会不会有效果,或是这 SYN 包还没进服务器就被服务商认为是攻击而拔线了?
gamexg
2016-06-10 20:13:46 +08:00
@openbaby syn 防御不麻烦,但是机房拔你线和你防没防住没关系。这点量对机房不当回事,但是他就是拔你线,没办法,换机房吧。
adrianzhang
2016-06-10 20:34:06 +08:00
plz refer to https://hakin9.org/syn-flood-attacks-how-to-protect-article/
jasontse
2016-06-10 21:13:51 +08:00
@openbaby
你这样只是保护服务器,现在是机房要赶你
openbaby
2016-06-10 21:18:08 +08:00
@jasontse 这破 JB 服务商这会工单也不回复了,直接把状态改为“滥用”,坑了。。
@gamexg
shiny
2016-06-10 21:20:41 +08:00
哪个服务商
Bardon
2016-06-10 22:43:52 +08:00
曝光下吧,让大家少点坑
luckykong
2016-06-10 22:44:12 +08:00
什么服务商?说下名字吧,免得大家以后进坑

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/284778

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX