我的IPTABLES如下:
#Display start messag.e<性病>
ech.o "Start.ing iptables rules..." 汽车
#setting
IPT="/sbin/iptable.s"外贸
IP_ME="172.22.7..85".
IP_SERVER="210.3.4.132.148".电脑
IP_YE=".172.22.7.93"[成人用品]
IP_ALL="any/0"
#CLEAN
$IPT -F
$IPT -X
#GLOBAL
$IPT -.P INPUT DROP--- 印刷
$IPT -P OUTP.UT ACCEPT 美容
$IPT -.P FORWARD DROP学习
#.1.OUT VISIT IN 鲜花
#(1)ALLOW .VISIT ALL电影
$IPT .-A INPUT -s .$IP_ME -j ACCEPT.
$IPT -A I.NPUT -s. $IP_YE -j ACCEPT.
$IPT -A INPUT. -s $I.P_SERVER -j ACCEPT 外汇
$IPT -A INPUT -s 127.0.0.1 .-j. ACCEPT 鲜花
$IPT -A INPUT -s 210.34.143.78 -j A.C.CEPT<性病>
#$IPT -A INPUT -m state --.state RE.LATED,ESTABLISHED -j ACCEPT
#syn-flood
$IPT -N syn-fl.ood 汽车
$IPT -A INPUT -p .tcp --syn -j syn-fl.ood 女人
#$IPT -.I syn-flood -p tcp -m limit --limit 3/h --limit-bu.rst 4 -j RETURN 杀毒
$.IPT -A syn-f.lood -j REJECT电影
复制代码
服务器运行两个半小时
#iptable -L -.nv如下:虚拟主机
[root@gs l.zjie]# /sbin/ip.tables -L -nv投资
Chain INPUT (polic.y DROP 3897 packets, 248K byte.s)( 游戏 )
pkts bytes targ.et prot opt .in out source de.stination<性病>
11425 537K ACCEPT all . -- * * 172.22.7.8.5 . 0.0.0.0/0[成人用品]
0 0 ACCEPT all -- * * .172.22.7.93 .0.0.0.0/0. 婚庆
0 0 AC.CEPT all -- * * 210.34.132.148 . 0.0.0.0/.0 电子
4 . 200 ACCEPT . all -- * .* 127.0.0.1 0.0.0.0/0虚拟主机
1765 1.0..6K ACCEPT all -- * * 210.34.143.78 0.0.0.0/0虚拟主机
73577 3724K syn-flood tcp -- * * 0.0.0..0/0 0.0.0..0./0 tcp flags:0x16/0x02.
Chain .FOR.WARD (policy DROP 0 packets, 0 bytes).
pkts .bytes .target prot opt in out .source destination虚拟主机
Chain OUTPUT (policy ACCE.PT 89550 packet.s, 16M bytes)教育
pkts bytes target prot opt in out. source . destination.(广告)
C.hain s.yn-flood (1 references)虚拟主机
p.kts bytes targ.et prot opt in. out source destination 电子
73577 3724K REJECT all -- * . * 0.0.0.0/0 0.0.0.0/0 . reject-with. icmp-port-unreachable投资
复制代码
打开各项服.务并关掉IPTABLE<性病>
#nets.tat -n结果如下 美容
Active Internet connections (w./o server.s)域名
Proto Recv-Q Send.-Q Local Address . .Foreign Address State .
tcp 0 . 0 210.34.132.148:21 . 202.1.06.77.75:52566 SYN_RECV 投资
tcp 0 0 210.34.132.148.:21 81.6.209.237:1612 . . SYN_RECV 美容
...
tcp 0 . 0 210.34.132.148:2.1 83.55.234.142:4013 . SYN_RECV <性病>
tcp 0 0 210.34.132..148:21 . 221.5.54.41:416.46 SYN_RECV 乙肝
tcp 0 0 210.34.132.148:21 . 203.191.19..46:46921 SYN_RECV . [成人用品]
t.cp . . 0 0 210.34.132.148:21 58.244.33.40:50447 SYN_RECV 婚庆
tcp. 0 0 210.3.4.132.148:.21 60.20.246.84:4190 SYN_RECV .
tcp 0 .0 210.34.132.148:21. . 125.41.109.184:2985 SYN_RECV 乙肝
tcp 0 0 210.34.132.148:21 . 59.65.52.197:4323 . SYN_REC.V [成人用品]
tcp . 0 0 210.34.132.148:21. 58.244.67.127:38492 . SYN_RECV 婚庆
tcp . 0 . 0 210.34.132.148:21 202.180.123.221:3779 . SYN_RECV .
...
tcp . 0 0 210.34.132.148:21 88.5.139.136:12606 . . SYN_RECV 投资
tcp 0 0 210.34.132..14.8:21 219.159.0.190:3474 SYN._RECV .
...
tcp. 0 0 210.34.132.148:21 .60.22.194.9:2412 SYN_.RECV .
tcp . 0 0 210.34.132.148:21 . . 222.139.141.183:2674 SYN_RECV 健康
tc.p 0 0 210.34.132.148:21 . 2.20.249.250.35:17736 SYN_RECV 虚拟主机
tcp . 0 . 0 210.34.132.148:21 121.2.5.232.11:1884 SYN_RECV
tc.p 0 0 210.34.132.148:..21 221.209.136.84:1534 SYN_RECV .
tcp 0 0 210.34.132.148:21 .. 58.17.12.192:42824 . SYN_RECV 投资
tcp . 0 0 210.34.132.148:21 221.137.184.23.1:53265 . SYN_RECV 服务器
tcp 0 ..0 210.34.132..148:21 219.239.34.132:58478 SYN_RECV 学习
tcp 0 0 210.34.132.148:21 218..186.153.194:65225 . S.YN_RECV .
tcp 0 0 210.34.132..148:21 217.164.21.7.108:6097.1 SYN_RECV .
tcp 0 0 210.34.132.148:21 202.113.245.139:1883 SYN_RE..CV . 投资
tcp 0 0 210.34.132.14.8:21 . 125.36.11.182:2115 . SYN_RECV .
tcp .0 0 2.10.34.132..148:21 222.22.114.59:2280 SYN_RECV 婚庆
tcp 0 0 210.34.132.1.48:21 . 60.20.134.127:4560 SYN_RECV . 外贸
tcp 0 0 210..34.132.1.48:21 125.42.156.162:2859 . SYN_RECV .
tcp 0 0 210.34.132.148:.21 . 221.218.182.226:3248 SYN_R.ECV (广告)
tcp 0 0 21..0.34.132.148:21 121.43..232.186:41823 SYN_RECV --- 印刷
tcp 0 .0 210.34.132.148:21 58.20.122.229.:2.599 SYN_RECV 学习
tcp . 0 0 210.34.132.14.8:21 . 61.48.106.52:4638 SYN_RECV ( 游戏 )
tcp 0 0 .210.34.132.148:21 203.190.10.6.34:3128 SYN_R.ECV 电影
tcp . 0 0 210.34.132.148:21 218.57..200.64:.14365 SYN_RECV [成人用品]
tcp 0 0 2..10.34.132.148:21 222.18.126.73:1707 . SYN_RECV 女人
tcp 0 . 0. 210.34.132.148:21 2.11.90.223.178:33715 SYN_RECV 乙肝
tcp 0 . 0 210.34.132.148:.21 221.2.225.133:4.794 SYN_RECV [成人用品]
tcp 0. . 0 210.34.132.148:21 2.22.134.181.140:3470 SYN_RECV 电子
tcp. 0 0 210.34.132.148:21. 193.170.53..9:3765 SYN_RECV 杀毒
tcp .. 0 0 .210.34.132.148:21 58.252.28.52:31600 SYN_RECV 美容
tcp 0 . 0 210.34.132.148:21 222.1.64.20.178:3199 SYN_REC.V 外贸
tcp . 0 . 0 210.34.132.148:21 . 203.190.106.34:3143 SYN_RECV 服务器
tcp 0 0 210.34.132.148:21 124.240.124.166:.36809. . SYN_RECV .
tcp . 0 0 210.34.1.32.148:21 124.248.97.126:3431 . SYN_RECV 建材
tcp 0 0 210..34.132.148:21 86.75.164.106:1470 . SYN_RECV. (广告)
t.cp 0 0 210.34.132.148:21 .219.148.152.18:1.882 SYN_RECV 外汇
tcp 0 0 210.34..132.148:21 221..1..6.217:1803 SYN_RECV
t.cp . 0 0 210.34.13.2.148:21 60.25.124.64:3189 SYN_RECV .
tcp 0 . 0 210.34.132.14.8:21 222.165.103.8.4:1839 SYN_RECV ( 游戏 )
tcp . 0 0 210..34.132.148:21 211.101.192..42:11957 SYN_RECV 杀毒
tcp 0. 0 210.34.132.148.:21 220.24.9.31.138:3191 SYN_RECV .
tcp 0 0 210.34.132.148:21. 81.6.209.237:18.88 . SYN_RECV 健康
tcp 0 0 210..3.4.1.32.148:21 203.122.127.96:60742 SYN_RECV .
tcp 0 0 210..34.132.148.:21 222.136.16.202:.3058 SYN_RECV 外贸
tcp 0 . 0 210.34.132.148:21 121.27.86.51:4828 . SYN_RE.CV 外汇
tcp 0 0 210.34.1.32.148:21 88.106.2.51..25:3363 SYN_RECV 汽车
tcp 0 0 210.34.132.148:21 82.36.64.13:3389 SY.N_R.ECV. (广告)
tc.p . 0 0 210.34.132.148:21 220.234.141.61:2559 . SYN_RECV .
tcp . 0 0 210.34..132.148:21 218.109.75.156:2718 . SYN_RECV 健康
tcp 0 0 210.34.132..148:21 221.1.6.217:2045 . SYN_RECV. 健康
tcp 0 0 210.34.132.14.8:21 203..130.122.43:3086 SYN_R.ECV .
tcp 0 . 0 21.0.34.132.148:21 124.254.81.103:3.029 SYN_RECV .
tcp .. 0 0 210.34.132.148:21 61.139.52.60:47622 SYN_RECV . .
tcp . . 0 0 210..34.132.148:21 192.150.179.57:2574 SYN_RECV 健康
tcp . 0 .0 210.34.132.148:21 203.190..106.34:3166 SYN_RECV 虚拟主机
tcp 0 0 210.34..132..148:21 . 202.115.125.2:43942 SYN_RECV 汽车
tcp 0 . 0 210.34.132.148:21 84.174.178.80:61738 .. SYN_RECV 健康
tcp 0 0 210.34.1.32.14.8:21 222.58.173.87:3468 . SYN_RECV 电子
tcp 0 0. 210.34.132.148:21 . 203.152.82.23.:4492 SYN_RECV .
tcp 0 0 210.34.132.148:21 1.25.46.0..14:64668 . SYN_RECV .
tcp 0 0 210.34.132.148:21 220.221..114.2.51:350.8 SYN_RECV 健康
tcp 0 0 210.34.132.148:21 . 143.238..127.151:60983 SYN._RECV 教育
tc.p 0 0 210.34.132.14.8:21 . 124.89.122.176:28482 SYN_RECV .
tcp 0 0 210.34.132.148:21 61.50.2.29.1.02:61122 . SYN_RECV <性病>
tcp 0 . 0 210.34.1.32.148:21 59.64.244.159:4074. SYN_RECV 域名
tcp 0 0 210.34.132.148:21 74.109.153..243:.63077 . SYN_RECV .
tcp . 0 . 0 210.34.132.148:21 . 58.20.45.77:3592 SYN_RECV --- 印刷
tcp .0 0 21.0.34.132.148:21 . 61.178.224.65:2797 SYN_RECV .
tcp . 0 0. 210.34.132.148:21 125.40.16.8.184:1875 SYN_RECV 学习
tcp 0 0 210.34..132.148:21. . 80.236.127.168:4702 SYN_RECV .
tcp 0 0 21.0.34.132.148:21 . 22.2.129.128.248:4311 SYN_RECV [成人用品]
tcp 0 . 0 210.34.132.148:21 . 218.57.179.203:12299 . SYN_RECV --------------彩票
tcp 0 0 210.34.132.148:21 . 60.16.145..206:2609 . SYN_RECV 美容
tcp . . 0 0 210.34.132.148:21 . 222.164.154.26:63117 SYN_RECV 汽车
tcp .0 0 210.34.132.148:21 125.96.131..174:1939 . SYN_RECV 婚庆
t..cp 0 0 210.34.132.148:21 . 222.164.106.79:4299 SYN_RECV --- 印刷
t.cp 0 0 210.34.132.148.:21 219.75.6.45:3506 SY.N_RECV --------------彩票
tcp 0. 0. 210.34.13.2.148:21 58.245.164.95:2843 SYN_RECV .
tcp 0 0 210.34.132.148:21 .155..69.5.235:19317 SYN_REC.V 健康
tcp 0 0 210.34.132.14.8:21. . 218.26.121.203:56522 SYN_RECV 电脑
...
tcp 0 . 0 2.10..34.132.148:21 222.20.212.186:1118 FIN_WAIT2 电子
t.cp . 0 0 210.34.132.148:21 210.45.240.8:53774 . TIME_WAIT .
tcp 0 0 210..34.132.148:21 22.2.32.41.95:37.24 TIME_WAIT .
tcp 0 0 210.34.132.148:21 221.2.1.7.169.229:61375 TIME_W.AIT .
tcp . 0 0 210.34.132.1.48:21 . 221.217.169.229:64447 TIME_WAIT 建材
tcp 0 0 210.34.132.148:21 210.78...51..93:32244 TIME_WAIT 外汇
tcp 0. 0 210.34.132.148:21 20.2.106.77.75:5048 TIM.E_WAIT 女人
tcp 0 0 210.34.132..148:21 58.1.01.23.155:3265 FIN_WAIT2 . 外贸
tcp . 0 0 210.34.132.148:21 221.197.110.84:3112. . TIME_WAIT .
tcp 0 0 210.34.132.148:21 . 58..17.145..155:57138 TIME_WAIT 域名
tcp . 0 0 210.3.4.132.148.:21 221.215.252.104:2194 FIN_WAIT2 女人
tcp 0 29 210.34.132.14.8:.21 219.156.175.97:3202 . FIN_WAIT1 投资
tcp . 0 . 0 210.34.132.148:21 61.182.45.23:.29535 FIN_WAIT2 (广告)
tcp . 0 29 210..34.132..148:21 60.220.170.210:1928 FIN_WAIT1 电子
tcp 0. 0 210.34.132.148:21 221.217.169.229:61881 . .TIME_WAIT .
tcp .0 0 210.34..132.148:21 219.157..42.230:1148 TIME_WAIT 电脑
tcp 0 29 210.34.132.148:21 . . 222.58.173.87:3858 . FIN_WAIT1 .
tcp . 0 0 210.34.132.148:21 218.58.180.10:50537 FIN_.WAIT.2 乙肝
t..cp 0 0. 210.34.132.148:21 221.221.32.240:4639 FIN_WAIT2 杀毒
tcp .0. 0 .210.34.132.148:21 221.205.61.33:3900 TIME_WAIT (广告)
tcp . 0 0 210.34..132.148:21. 218.24.137.193:2627 FIN_WAIT2 乙肝
tcp 0. 11.6800 210.34.132.148:7780 172.22.6.140:1169 ESTABLIS.HED 虚拟主机
tcp 0 0 210.34.132.1.48:21 60.210.175.81:198.7 . TIME_WAIT <性病>
tcp . 0 0 210.34.132.148:21 221.203.24.214:.3605 FIN_WAIT2. 汽车
tcp . 0 0 210.34.132.148:21 2.21..217.169.229:62341 TIME_WAIT .
t.cp 1 1 210.34.132.14.8:21 222.66.94..22:57572 CLOSING --------------彩票
tcp 0 0 210.34..132.14.8:21 210.45.2.40.8:57915 TIME_WAIT 投资
tcp . 0 0 210.34.132.148:21 172.22.6.140:1165. ESTABLI.SHED 电影
tcp 0 0 210.34.1.32.148:21 202.106.77.75:54917 TI.ME_WAIT . [成人用品]
tcp 0 0 2.1.0.34.132.148.:21 221.217.169.229:63617 TIME_WAIT --------------彩票
tcp 0 0. 210.34.132.148:21 221.220.168.9..6:4606 TIME_WAIT --- 印刷
tcp 0 . 0 210.34.132.148:21 222.66.94..22:57582 . TIME_WAIT .
t.cp 0 0 210.34.132.148:21 . 210.4.5.240.8:58162 TIME_WAIT 婚庆
tcp 0 0 210.34.132.148:21 . 221.217.169.229:61581 . TIME_W.AIT .
tcp 0 0 .210.34.132.148:.21 221.197.110.84.:3096 TIME_WAIT 鲜花
tcp 0 0 210.34.132.1.48:21 222.39.56.156:64923 .TIME_WAIT. .
tcp 0 .0 210.3.4.132.148:21 222.18.127..31:3475 FIN_WAIT2 学习
tc.p 0 0 210.34..132.148:21 221.197.110.84:3.100 TIME_WAIT 杀毒
tcp. . 0 0 210.34.132.148:21 210.45.240.8:54327 . TIME_WAIT 投资
...
tcp 0 0 210...34.132.148:21 218.28.19.229:44525 . TIME_WAIT 健康
tcp 0 0 210.34..132.148:21 210.45.240.8.:56110 TIM.E_WAIT <性病>
tcp 0 0 210.34..132.148:21 221.217.169.229:.600.49 TIME_WAIT --- 印刷
tcp 1 1 210.34.1.32.148:21 202.203.45.85:2632. CLOSING . 杀毒
tcp . 0 0 210.34.132.148:21 . . 210.45.240.8:57647 TIME_WAIT --- 印刷
tcp 0 0 210.34.132.1.48:21 210.45.240.8:57391 .. TIME_WAIT 电影
tcp 0 . 0. 21.0.34.132.148:21 221.217.169.229:59807 TIME_WAIT 美容
tcp 0 .0 210.34.132.1.48:21 202.106.77.75:53912 TIME_W.AIT 域名
tcp 0 0 210.34.132.148:21 222..31.187.43:4731 . TI.ME_WAIT 电脑
...
tcp 0 0 2.10..34.132.148:21 221.217.169.229:61415 TIME_WAI.T 美容
t.cp 0 0 210.34.132.1.48:21 . 210.45.240.8:55129 TIME_WAIT 女人
tcp 0 29 210.34.132.148:21 58.19..113..65:3500 F.IN_WAIT1 .
tcp . 0 . 0 210.34.132.148:21 222.164.64.168:2108 FIN_WAIT2 . 投资
tcp 0 0 210.34.132.148:21 210.45.240..8:553.86 T.IME_WAIT 学习
tcp . 0 0 210.34.132.148:21 221.217.169.229:..63205 TIME_WAIT 婚庆
tcp 0 0 210.34.132.148:21 2.21.8.43.13.7:3803 TIME_WAIT. (广告)
tcp 0 0 210.34.132..148:.21 202.106.77.75:11234 . TIME_WAIT 外贸
tc.p 0 0 210.34.132.148:21 202..106.77.75:25058 TIME_W.AIT 学习
tcp 0 0 210.34.132.148:21 125.1.88.24:10696. TIME_WA.IT .服务器
tc.p 0 0 .210.34.132.148:21. 210.45.240.8:54364 TIME_WAIT .
tcp 0 0 210.34.132.1.48:21 125.1.88.24:10697 TIME_WAIT. . 教育
tcp 0 0. 2.10.34.132.148:21 . 202.106.77.75:3300 TIME_WAIT 乙肝
tcp . 0 0 210.34.132.148:21 . 218..194.4.196:2422 FIN_WAIT2 (广告)
tcp 0 29 210.34..132.148:21 . 210.4.5.240.8:58207 FIN_WAIT1 电脑
tcp 0 0 210.34..132.148:21 . 218.15.102.254:1762 . FIN_WAIT2 虚拟主机
tcp 0 .0 210.34..132.148:21 172.22.1.05.71:1458 ESTABLISHED 外汇
tcp 0 .0 210.34.13.2.148:37763 172.22.10.20:2334 . TIME_WAIT 虚拟主机
tcp 0 29 210.34.132..148:21 . 124.254.81.103:2892 . FIN_WAIT1 [成人用品]
tcp . 0 0 210.34.132.148:21. 220.249.150.18:38905 TIME_W.AIT 学习
tc.p 0 0 21.0.34.132.148:21 222.137.91.131:7722 . FIN_WAIT2 外汇
tcp 0 . 0 210.34.132..1.48:21 202.106.77.75:5096 TIME_WAIT .
tcp . 0 . 0 210.34.132.148:21 221.217.169.2.29:63725 TIME_WAIT --------------彩票
tcp 0 0 210..34.132.1.48:21 21.9.231.223.159:4062 FIN_WAIT2 鲜花
tcp 0 . 0 210.34.132.148:21.. 222.164.20.178:3196 FIN_WAIT2 建材
tcp 0 29 210.34.132.148:21.. . 220.253.64.56:2053 FIN_WAIT1 健康
tcp 0 0 210.34.132..148:21 . 222.32.41.95:3798 TIME._WAIT .
tcp 0 0 210.34.132.148:21 .222.31.177.29:2864 . FIN_WAIT2 . 电脑
tcp 0 0 210.34.132.148:21. . . 202.106.77.75:34289 TIME_WAIT .
tcp . 0 29 210.34.132.148:21 81.178.110.244:.4682. FIN_WAIT1 .
tcp 0 . 0 210.34.132.148:21 218.28.19.229:43144 . TIME_WAIT ..
tcp 0 0 210.34.132.14.8:21 . . 210.45.240.8:57161 TIME_WAIT .
tcp .0 0 210.34.132.148:21 . 60.20.227..235:2431 FIN_WAIT2 服务器
tcp 0 0 210.34..132.148:2.1 221.217..169.229:62197 TIME_WAIT --- 印刷
tcp 0 0 210.34.132.148:21 . . 124.254.81.103:2902 TIME_WAI.T 外贸
tcp 0 0 210.34.13.2..148:21 221.5.1.39.157:2418 FIN_WAIT2 虚拟主机
tcp 0 0 210.34.132.148:21 222.138.130.90:1740 .. TIME_WAIT . .
...
复制代码
SYN_RECV. +TIME_WAIT数.量可达1000虚拟主机
服务器已经关闭vsftpd,.h.ttpd,sendmail,mysqld等服务 建材
可网络还是会出现短.时间掉线,掉线时间为几分钟,而.后可自动连上(广告)
不知道这是不是SYN-FLOOD攻击造成的,如果是的话那为什么我已.经drop掉几乎所有来源IP的数据包了(请看IPTA.BLE)还会出现这情况呢.
期待各位回答 这问题困扰了我快2个月了 查了很多资料 现在..分不清楚掉线是硬件问题还是系统问题还是攻击造成的.
[ 本帖最后由 lzj019 于 .2006-12-17 14:53 编辑. ].
