『漫游』酷论坛>『漫游水世界』>請問路由器出現TCP SYN ..
請問路由器出現TCP SYN Flooding怎麼解決??
clown@2010-11-07 19:54
Log File
2010/11/07 05:48:51 : **TCP SYN Flooding** from 123.0.215.159
2010/11/07 05:48:50 : **TCP SYN Flooding** from 203.217.101.106
2010/11/07 05:48:49 : **TCP SYN Flooding** from 221.223.135.40
2010/11/07 05:48:48 : **TCP SYN Flooding** from 183.6.255.121
2010/11/07 05:48:46 : **TCP SYN Flooding** from 125.231.212.3
2010/11/07 05:48:45 : **TCP SYN Flooding** from 58.99.68.165
2010/11/07 05:48:44 : **TCP SYN Flooding** from 183.33.239.187
2010/11/07 05:48:43 : **TCP SYN Flooding** from 112.118.207.164
2010/11/07 05:48:42 : **TCP SYN Flooding** from 124.212.223.203
2010/11/07 05:48:40 : **TCP SYN Flooding** from 219.69.107.135
2010/11/07 05:48:39 : **TCP SYN Flooding** from 117.79.83.163
2010/11/07 05:48:38 : **TCP SYN Flooding** from 61.57.144.123
2010/11/07 05:48:37 : **TCP SYN Flooding** from 210.6.95.38
2010/11/07 05:48:36 : **TCP SYN Flooding** from 119.246.161.239
2010/11/07 05:47:32 : **TCP SYN Flooding** from 119.247.74.49
2010/11/07 05:47:29 : **TCP SYN Flooding** from 61.20.171.108
2010/11/07 05:47:28 : **TCP SYN Flooding** from 60.5.78.140
2010/11/07 05:47:27 : **TCP SYN Flooding** from 112.105.90.198
2010/11/07 05:47:26 : **TCP SYN Flooding** from 61.228.158.102
2010/11/07 05:47:25 : **TCP SYN Flooding** from 222.76.38.119
2010/11/07 05:47:23 : **TCP SYN Flooding** from 211.20.65.188
2010/11/07 05:47:22 : **TCP SYN Flooding** from 219.84.2.130
2010/11/07 05:47:21 : **TCP SYN Flooding** from 125.203.228.118
2010/11/07 05:47:20 : **TCP SYN Flooding** from 183.14.55.115
2010/11/07 05:47:19 : **TCP SYN Flooding** from 183.6.255.121
2010/11/07 05:47:18 : **TCP SYN Flooding** from 119.246.161.239
2010/11/07 05:47:17 : **TCP SYN Flooding** from 114.32.84.229
2010/11/07 05:47:16 : **TCP SYN Flooding** from 180.9.17.103
2010/11/07 05:47:15 : **TCP SYN Flooding** from 183.179.243.119
2010/11/07 05:47:14 : **TCP SYN Flooding** from 219.77.167.142
2010/11/07 05:47:12 : **TCP SYN Flooding** from 114.136.245.143
2010/11/07 05:47:11 : **TCP SYN Flooding** from 221.225.84.247
2010/11/07 05:47:10 : **TCP SYN Flooding** from 113.253.201.27
2010/11/07 05:47:09 : **TCP SYN Flooding** from 119.246.161.239
2010/11/07 05:45:41 : **TCP SYN Flooding** from 122.73.49.159
2010/11/07 05:45:40 : **TCP SYN Flooding** from 125.203.228.118
2010/11/07 05:45:39 : **TCP SYN Flooding** from 119.14.199.240
2010/11/07 05:45:38 : **TCP SYN Flooding** from 220.142.162.172
2010/11/07 05:45:37 : **TCP SYN Flooding** from 58.114.209.79
2010/11/07 05:45:36 : **TCP SYN Flooding** from 203.80.68.62
2010/11/07 05:45:35 : **TCP SYN Flooding** from 123.202.182.56
2010/11/07 05:45:34 : **TCP SYN Flooding** from 125.230.64.87
請大大幫忙...
謝謝~:(
protosszerlot@2010-11-07 19:58
没啥办法。。。你路由器被DOS攻击了 。。。。。。。 。
atkio@2010-11-07 19:59
There is, as yet, no generally accepted solution to this problem with the current IP protocol technology. However, proper router configuration can reduce the likelihood that your site will be the source of one of these attacks.
Appendix A contains details about how to filter packets to reduce the number of IP-spoofed packets entering and exiting your network. It also contains a list of vendors that have reported support for this type of filtering.
NOTE to Internet Service Providers:
We STRONGLY urge you to install these filters in your routers to protect your customers against this type of an attack. Although these filters do not directly protect your customers from attack, the filters do prevent attacks from originating at the sites of any of your customers. We are aware of the ramifications of these filters on some current Mobile IP schemes and are seeking a position statement from the appropriate organizations.
NOTE to customers of Internet service providers:
We STRONGLY recommend that you contact your service provider to verify that the necessary filters are in place to protect your network.
Many networking experts are working together to devise improvements to existing IP implementations to "harden" kernels to this type of attack. When these improvements become available, we suggest that you install them on all your systems as soon as possible. This advisory will be updated to reflect changes made by the vendor
-----------------------------------
真的有问题就封ip吧
wking@2010-11-07 20:08
这是你公司还是家里还是机房?
这种频率的攻击,无视吧。没任何影响
卿卿雅儿@2010-11-07 20:21
引用
最初由 atkio 发布
There is, as yet, no generally accepted solution to this problem with the current IP protocol technology. However, proper router configuration can reduce the likelihood that your site will be the source of one of these attacks.
Appendix A contains details about how to filter packets to reduce the number of IP-spoofed packets entering and exiting your network. It also contains a list of vendors that have reported support for this type of filtering.
NOTE to Internet Service Providers:
We STRONGLY urge you to install these filters in your routers to protect your customers against this type of an attack. Although these filters do not directly protect your customers from attack, the filters do prevent attacks from originating at the sites of any of your customers. We are aware of the ramifications of these filters on some current Mobile IP schemes and are seeking a position statement from the appropriate organizations.
NOTE to customers of Internet service providers:
We STRONGLY recommend that you contact your service provider to verify that the necessary filters are in place to protect your network.
Many networking experts are working together to devise improvements to existing IP implementations to "harden" kernels to this type of attack. When these improvements become available, we suggest that you install them on all your systems as soon as possible. This advisory will be updated to reflect changes made by the vendor
-----------------------------------
真的有问题就封ip吧
这年头不会有人用固定IP做SYN Flooding攻击吧
如果路由器不带防御功能,这类攻击基本就没法防御
sylphsigh@2010-11-07 20:32
ddos没办法解决……- -基本上。而且封的IP会影响正常用户……
sharptime@2010-11-07 22:06
1pps的攻击…………这也能算攻击?
无视之就可以了
100Kpps以上的才算比较有力的攻击
clown@2010-11-08 20:25
這情況會常常掉線...
下載又有阻礙...
wking@2010-11-08 20:35
那有可能是局域网里的迅雷、P2P等程序造成的
| TOP