搜索 社区服务 统计排行 帮助
  • 862阅读
  • 8回复

請問路由器出現TCP SYN Flooding怎麼解決??

楼层直达
级别: 圣骑士
注册时间:
2001-11-21
在线时间:
7小时
发帖:
1952
— 本帖被 sakuraahn 执行锁定操作(2012-07-07) —
Log File

2010/11/07 05:48:51 : **TCP SYN Flooding** from 123.0.215.159
2010/11/07 05:48:50 : **TCP SYN Flooding** from 203.217.101.106
2010/11/07 05:48:49 : **TCP SYN Flooding** from 221.223.135.40
2010/11/07 05:48:48 : **TCP SYN Flooding** from 183.6.255.121
2010/11/07 05:48:46 : **TCP SYN Flooding** from 125.231.212.3
2010/11/07 05:48:45 : **TCP SYN Flooding** from 58.99.68.165
2010/11/07 05:48:44 : **TCP SYN Flooding** from 183.33.239.187
2010/11/07 05:48:43 : **TCP SYN Flooding** from 112.118.207.164
2010/11/07 05:48:42 : **TCP SYN Flooding** from 124.212.223.203
2010/11/07 05:48:40 : **TCP SYN Flooding** from 219.69.107.135
2010/11/07 05:48:39 : **TCP SYN Flooding** from 117.79.83.163
2010/11/07 05:48:38 : **TCP SYN Flooding** from 61.57.144.123
2010/11/07 05:48:37 : **TCP SYN Flooding** from 210.6.95.38
2010/11/07 05:48:36 : **TCP SYN Flooding** from 119.246.161.239
2010/11/07 05:47:32 : **TCP SYN Flooding** from 119.247.74.49
2010/11/07 05:47:29 : **TCP SYN Flooding** from 61.20.171.108
2010/11/07 05:47:28 : **TCP SYN Flooding** from 60.5.78.140
2010/11/07 05:47:27 : **TCP SYN Flooding** from 112.105.90.198
2010/11/07 05:47:26 : **TCP SYN Flooding** from 61.228.158.102
2010/11/07 05:47:25 : **TCP SYN Flooding** from 222.76.38.119
2010/11/07 05:47:23 : **TCP SYN Flooding** from 211.20.65.188
2010/11/07 05:47:22 : **TCP SYN Flooding** from 219.84.2.130
2010/11/07 05:47:21 : **TCP SYN Flooding** from 125.203.228.118
2010/11/07 05:47:20 : **TCP SYN Flooding** from 183.14.55.115
2010/11/07 05:47:19 : **TCP SYN Flooding** from 183.6.255.121
2010/11/07 05:47:18 : **TCP SYN Flooding** from 119.246.161.239
2010/11/07 05:47:17 : **TCP SYN Flooding** from 114.32.84.229
2010/11/07 05:47:16 : **TCP SYN Flooding** from 180.9.17.103
2010/11/07 05:47:15 : **TCP SYN Flooding** from 183.179.243.119
2010/11/07 05:47:14 : **TCP SYN Flooding** from 219.77.167.142
2010/11/07 05:47:12 : **TCP SYN Flooding** from 114.136.245.143
2010/11/07 05:47:11 : **TCP SYN Flooding** from 221.225.84.247
2010/11/07 05:47:10 : **TCP SYN Flooding** from 113.253.201.27
2010/11/07 05:47:09 : **TCP SYN Flooding** from 119.246.161.239
2010/11/07 05:45:41 : **TCP SYN Flooding** from 122.73.49.159
2010/11/07 05:45:40 : **TCP SYN Flooding** from 125.203.228.118
2010/11/07 05:45:39 : **TCP SYN Flooding** from 119.14.199.240
2010/11/07 05:45:38 : **TCP SYN Flooding** from 220.142.162.172
2010/11/07 05:45:37 : **TCP SYN Flooding** from 58.114.209.79
2010/11/07 05:45:36 : **TCP SYN Flooding** from 203.80.68.62
2010/11/07 05:45:35 : **TCP SYN Flooding** from 123.202.182.56
2010/11/07 05:45:34 : **TCP SYN Flooding** from 125.230.64.87

請大大幫忙...
謝謝~:(
级别: 工作组
注册时间:
2006-06-01
在线时间:
128小时
发帖:
4451
只看该作者 8楼 发表于: 2010-11-08
那有可能是局域网里的迅雷、P2P等程序造成的
级别: 圣骑士
注册时间:
2001-11-21
在线时间:
7小时
发帖:
1952
只看该作者 7楼 发表于: 2010-11-08
這情況會常常掉線...
下載又有阻礙...
级别: 小朋友
注册时间:
2002-08-10
在线时间:
0小时
发帖:
30447
只看该作者 6楼 发表于: 2010-11-07
1pps的攻击…………这也能算攻击?

无视之就可以了

100Kpps以上的才算比较有力的攻击

级别: 风云使者
注册时间:
2003-04-03
在线时间:
21小时
发帖:
8173
只看该作者 5楼 发表于: 2010-11-07
ddos没办法解决……- -基本上。而且封的IP会影响正常用户……

级别: 精灵王
注册时间:
2004-11-11
在线时间:
66小时
发帖:
2722
只看该作者 4楼 发表于: 2010-11-07
引用
最初由 atkio 发布
There is, as yet, no generally accepted solution to this problem with the current IP protocol technology. However, proper router configuration can reduce the likelihood that your site will be the source of one of these attacks.

Appendix A contains details about how to filter packets to reduce the number of IP-spoofed packets entering and exiting your network. It also contains a list of vendors that have reported support for this type of filtering.

NOTE to Internet Service Providers:

We STRONGLY urge you to install these filters in your routers to protect your customers against this type of an attack. Although these filters do not directly protect your customers from attack, the filters do prevent attacks from originating at the sites of any of your customers. We are aware of the ramifications of these filters on some current Mobile IP schemes and are seeking a position statement from the appropriate organizations.

NOTE to customers of Internet service providers:

We STRONGLY recommend that you contact your service provider to verify that the necessary filters are in place to protect your network.

Many networking experts are working together to devise improvements to existing IP implementations to "harden" kernels to this type of attack. When these improvements become available, we suggest that you install them on all your systems as soon as possible. This advisory will be updated to reflect changes made by the vendor
-----------------------------------
真的有问题就封ip吧


这年头不会有人用固定IP做SYN Flooding攻击吧

如果路由器不带防御功能,这类攻击基本就没法防御

级别: 工作组
注册时间:
2006-06-01
在线时间:
128小时
发帖:
4451
只看该作者 3楼 发表于: 2010-11-07
这是你公司还是家里还是机房?

这种频率的攻击,无视吧。没任何影响
级别: 天使
注册时间:
2002-06-28
在线时间:
3402小时
发帖:
36494
只看该作者 2楼 发表于: 2010-11-07
There is, as yet, no generally accepted solution to this problem with the current IP protocol technology. However, proper router configuration can reduce the likelihood that your site will be the source of one of these attacks.

Appendix A contains details about how to filter packets to reduce the number of IP-spoofed packets entering and exiting your network. It also contains a list of vendors that have reported support for this type of filtering.

NOTE to Internet Service Providers:

We STRONGLY urge you to install these filters in your routers to protect your customers against this type of an attack. Although these filters do not directly protect your customers from attack, the filters do prevent attacks from originating at the sites of any of your customers. We are aware of the ramifications of these filters on some current Mobile IP schemes and are seeking a position statement from the appropriate organizations.

NOTE to customers of Internet service providers:

We STRONGLY recommend that you contact your service provider to verify that the necessary filters are in place to protect your network.

Many networking experts are working together to devise improvements to existing IP implementations to "harden" kernels to this type of attack. When these improvements become available, we suggest that you install them on all your systems as soon as possible. This advisory will be updated to reflect changes made by the vendor
-----------------------------------
真的有问题就封ip吧

级别: 侠客
注册时间:
2005-01-04
在线时间:
25小时
发帖:
528
只看该作者 1楼 发表于: 2010-11-07
没啥办法。。。你路由器被DOS攻击了 。。。。。。。 。