V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Recommended Services
Amazon Web Services
LeanCloud
New Relic
ClearDB
openbaby
V2EX  ›  云计算

服务器商说是有攻击把服务器给停了,并发来了日志,请帮忙看一下。

  •  
  •   openbaby · 2016-06-10 16:17:26 +08:00 · 4802 次点击
    这是一个创建于 3097 天前的主题,其中的信息可能已经有所发展或是发生改变。
    x.x.x.x 是服务器地址,但是服务器流量并不大,也就 5MB/s ,这该怎么破?

    Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from 182.36.165.220:57214 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 182.36.165.220:57214; first packet (SYN)
    Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN sent; 5 packets, 648 bytes, avg flow rate 0.33 kbits/s
    Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 118.122.119.107:54012; FIN sent; 5 packets, 248 bytes, avg flow rate 0.08 kbits/s
    Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 58.56.141.90:62721 to x.x.x.x:80; first packet
    Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 222.211.174.138:35154 to x.x.x.x:80; FIN acknowleged
    Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 183.136.216.66:55628 to x.x.x.x:80; Connection reset; 1 packets, 46 bytes, avg flow rate 0.00 kbits/s; opposite direction 0 packets, 0 bytes; avg flow rate 0.00 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 119.130.132.28:59662 to x.x.x.x:80; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN sent; 7 packets, 773 bytes, avg flow rate 0.38 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58156 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58156; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58157 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58157; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53352 to x.x.x.x:443; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53354 to x.x.x.x:443; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53353 to x.x.x.x:443; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58637; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 61.161.186.78:50237 to x.x.x.x:80; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 61.161.186.78:50237; first packet
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 61.161.186.78:50493 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 61.161.186.78:50493; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53355 to x.x.x.x:443; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:35408 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:35408; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 118.122.119.107:54012 to x.x.x.x:80; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:34231 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:34231; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8393 to x.x.x.x:80; FIN sent; 5 packets, 2259 bytes, avg flow rate 1.06 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8393; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8399 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8399; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42603; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42604; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42605; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8400 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8400; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:55989 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:55989; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 48 bytes; from 61.180.202.194:3259 to x.x.x.x:443; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 120.193.200.69:2783 to x.x.x.x:80; FIN sent; 17 packets, 10158 bytes, avg flow rate 2.70 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 120.193.200.69:2783; FIN acknowleged
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58640; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53356 to x.x.x.x:443; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 58.59.49.163:44735 to x.x.x.x:80; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 58.59.49.163:44735; first packet (SYN)
    Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.202.142.141:58637 to x.x.x.x:80; Connection reset; 1 packets, 52 bytes, avg flow rate 0.00 kbits/s; opposite direction 1 packets, 52 bytes; avg flow rate 0.00 kbits/s
    Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.246.193.138:65128 to x.x.x.x:80; FIN sent; 5 packets, 720 bytes, avg flow rate 0.22 kbits/s
    25 条回复    2016-07-01 12:00:00 +08:00
    donghouhe
        1
    donghouhe  
       2016-06-10 16:27:59 +08:00
    这是被 d 的意思吗
    Bryan0Z
        2
    Bryan0Z  
       2016-06-10 16:28:44 +08:00 via Android
    5 mb/s 也停?
    Andy1999
        3
    Andy1999  
       2016-06-10 16:30:17 +08:00 via iPhone
    哥们改换家托管了
    openbaby
        4
    openbaby  
    OP
       2016-06-10 16:37:37 +08:00
    @donghouhe
    @Bryan0Z
    @Andy1999 我不认为是被 D ,都是正常的访问,他们就说被 SYN 攻击,还说违反了他们的多项条例。
    xupefei
        5
    xupefei  
       2016-06-10 16:40:51 +08:00
    怎么会是正常访问呢, 01:12:00 一秒钟里一堆 IP 来发 SYN ,而且只发 SYN ,没有后续动作。
    5MB/s 是挺小,但是仍旧是 SYN flood 攻击。
    openbaby
        6
    openbaby  
    OP
       2016-06-10 16:48:03 +08:00
    @xupefei 这台服务器的用途比较特殊,就是只做 301 跳转,没有具体的网站内容,任何访问都通过 301 重定向到另一台服务器去。
    lslqtz
        7
    lslqtz  
       2016-06-10 17:10:54 +08:00 via iPhone
    该换家服务商了。
    realpg
        8
    realpg  
       2016-06-10 17:20:07 +08:00 via Android
    SYN FLOOD 都没法解决的机房?
    而且 SYNFLOOD 是吃服务器资源的而不是吃流量的,你确定这不是个超售二十倍的 VPS 么
    lightforce
        9
    lightforce  
       2016-06-10 17:23:14 +08:00
    syn flood 很好防啊,最难防的是混合
    webjin1
        10
    webjin1  
       2016-06-10 17:37:41 +08:00 via Android
    Tos 有写吗?
    webjin1
        11
    webjin1  
       2016-06-10 17:38:22 +08:00 via Android
    看样子像板瓦工
    jasontse
        12
    jasontse  
       2016-06-10 17:39:54 +08:00 via iPad
    才 80Kpps 不到就停机啊,搬家吧
    openbaby
        13
    openbaby  
    OP
       2016-06-10 19:19:10 +08:00
    @lightforce
    @realpg
    @jasontse
    @lslqtz 我不知道设置下 iptables 会不会有效果,或是这 SYN 包还没进服务器就被服务商认为是攻击而拔线了?
    gamexg
        14
    gamexg  
       2016-06-10 20:13:46 +08:00   ❤️ 1
    @openbaby syn 防御不麻烦,但是机房拔你线和你防没防住没关系。这点量对机房不当回事,但是他就是拔你线,没办法,换机房吧。
    adrianzhang
        15
    adrianzhang  
       2016-06-10 20:34:06 +08:00   ❤️ 1
    jasontse
        16
    jasontse  
       2016-06-10 21:13:51 +08:00 via iPad
    @openbaby
    你这样只是保护服务器,现在是机房要赶你
    openbaby
        17
    openbaby  
    OP
       2016-06-10 21:18:08 +08:00
    @jasontse 这破 JB 服务商这会工单也不回复了,直接把状态改为“滥用”,坑了。。
    @gamexg
    shiny
        18
    shiny  
       2016-06-10 21:20:41 +08:00
    哪个服务商
    Bardon
        19
    Bardon  
       2016-06-10 22:43:52 +08:00
    曝光下吧,让大家少点坑
    luckykong
        20
    luckykong  
       2016-06-10 22:44:12 +08:00 via Android
    什么服务商?说下名字吧,免得大家以后进坑
    tempdban
        21
    tempdban  
       2016-06-11 09:41:30 +08:00 via Android
    @openbaby 兄弟 syn flood 和你跑什么业务没关系
    openbaby
        22
    openbaby  
    OP
       2016-06-12 14:55:38 +08:00
    @tempdban
    @luckykong
    @Bardon
    @shiny alpharacks 。。。
    doyel
        23
    doyel  
       2016-06-13 16:02:57 +08:00
    @openbaby 这样的运营商直接拉黑,把应用和数据迁移掉吧。。。
    jq8778
        24
    jq8778  
       2016-06-21 11:54:25 +08:00 via iPhone
    直接 paypal 争议
    michael2016
        25
    michael2016  
       2016-07-01 12:00:00 +08:00   ❤️ 1
    1.站在 CSP 角度考虑:
    云业务里面带宽成本是极高的,作为一家 CSP ,这样的行为也是可以理解的,所以想玩云,要有足够的钱来烧,从侧面也看出了一家 CSP 的实力;
    2.站在租户的角度考虑;
    作为任何一个上云,把业务放在云上的最终使用用户来说,在关注云上的业务安全是必要的,安全本质上跟环境没有任何关系,所以,要是要从各个方面去考虑好业务安全的问题,建好房子也好买一把好锁。安好防盗网啥的。
    同时提醒:未知攻焉知防?
    楼主加油!
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   4608 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 04:04 · PVG 12:04 · LAX 20:04 · JFK 23:04
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.