服务器商说是有攻击把服务器给停了,并发来了日志,请帮忙看一下。

2016-06-10 16:17:26 +08:00
 openbaby
x.x.x.x 是服务器地址,但是服务器流量并不大,也就 5MB/s ,这该怎么破?

Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from 182.36.165.220:57214 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 182.36.165.220:57214; first packet (SYN)
Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN sent; 5 packets, 648 bytes, avg flow rate 0.33 kbits/s
Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 118.122.119.107:54012; FIN sent; 5 packets, 248 bytes, avg flow rate 0.08 kbits/s
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 58.56.141.90:62721 to x.x.x.x:80; first packet
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 222.211.174.138:35154 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 183.136.216.66:55628 to x.x.x.x:80; Connection reset; 1 packets, 46 bytes, avg flow rate 0.00 kbits/s; opposite direction 0 packets, 0 bytes; avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 119.130.132.28:59662 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN sent; 7 packets, 773 bytes, avg flow rate 0.38 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58156 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58156; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58157 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58157; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53352 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53354 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53353 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58637; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 61.161.186.78:50237 to x.x.x.x:80; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 61.161.186.78:50237; first packet
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 61.161.186.78:50493 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 61.161.186.78:50493; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53355 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:35408 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:35408; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 118.122.119.107:54012 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:34231 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:34231; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8393 to x.x.x.x:80; FIN sent; 5 packets, 2259 bytes, avg flow rate 1.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8393; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8399 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8399; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42603; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42604; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42605; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8400 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8400; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:55989 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:55989; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 48 bytes; from 61.180.202.194:3259 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 120.193.200.69:2783 to x.x.x.x:80; FIN sent; 17 packets, 10158 bytes, avg flow rate 2.70 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 120.193.200.69:2783; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58640; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53356 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 58.59.49.163:44735 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 58.59.49.163:44735; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.202.142.141:58637 to x.x.x.x:80; Connection reset; 1 packets, 52 bytes, avg flow rate 0.00 kbits/s; opposite direction 1 packets, 52 bytes; avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.246.193.138:65128 to x.x.x.x:80; FIN sent; 5 packets, 720 bytes, avg flow rate 0.22 kbits/s
4820 次点击
所在节点    云计算
25 条回复
tempdban
2016-06-11 09:41:30 +08:00
@openbaby 兄弟 syn flood 和你跑什么业务没关系
openbaby
2016-06-12 14:55:38 +08:00
@tempdban
@luckykong
@Bardon
@shiny alpharacks 。。。
doyel
2016-06-13 16:02:57 +08:00
@openbaby 这样的运营商直接拉黑,把应用和数据迁移掉吧。。。
jq8778
2016-06-21 11:54:25 +08:00
直接 paypal 争议
michael2016
2016-07-01 12:00:00 +08:00
1.站在 CSP 角度考虑:
云业务里面带宽成本是极高的,作为一家 CSP ,这样的行为也是可以理解的,所以想玩云,要有足够的钱来烧,从侧面也看出了一家 CSP 的实力;
2.站在租户的角度考虑;
作为任何一个上云,把业务放在云上的最终使用用户来说,在关注云上的业务安全是必要的,安全本质上跟环境没有任何关系,所以,要是要从各个方面去考虑好业务安全的问题,建好房子也好买一把好锁。安好防盗网啥的。
同时提醒:未知攻焉知防?
楼主加油!

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/284778

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX