服务器商说是有攻击把服务器给停了，并发来了日志，请帮忙看一下。

Recommended Services

› ClearDB

This topic created in 3631 days ago, the information mentioned may be changed or developed.

x.x.x.x 是服务器地址，但是服务器流量并不大，也就 5MB/s ，这该怎么破？

Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from 182.36.165.220:57214 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:11:59 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 182.36.165.220:57214; first packet (SYN)
Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN sent; 5 packets, 648 bytes, avg flow rate 0.33 kbits/s
Thu Jun 2 01:11:59 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 118.122.119.107:54012; FIN sent; 5 packets, 248 bytes, avg flow rate 0.08 kbits/s
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 58.56.141.90:62721 to x.x.x.x:80; first packet
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 222.211.174.138:35154 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:11:59 2016; TCP; eth1; 46 bytes; from 183.136.216.66:55628 to x.x.x.x:80; Connection reset; 1 packets, 46 bytes, avg flow rate 0.00 kbits/s; opposite direction 0 packets, 0 bytes; avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 119.130.132.28:59662 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.213.111.46:10316 to x.x.x.x:80; FIN sent; 7 packets, 773 bytes, avg flow rate 0.38 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 58.213.111.46:10316; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58156 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58156; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 123.7.82.195:58157 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 123.7.82.195:58157; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53352 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53354 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53353 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58637; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 61.161.186.78:50237 to x.x.x.x:80; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 61.161.186.78:50237; first packet
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 61.161.186.78:50493 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 61.161.186.78:50493; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53355 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:35408 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:35408; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 118.122.119.107:54012 to x.x.x.x:80; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:34231 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:34231; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8393 to x.x.x.x:80; FIN sent; 5 packets, 2259 bytes, avg flow rate 1.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8393; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8399 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8399; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42603; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42604; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 175.161.27.67:42605; FIN sent; 2 packets, 92 bytes, avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 119.253.58.170:8400 to x.x.x.x:80; FIN sent; 4 packets, 190 bytes, avg flow rate 0.06 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 40 bytes; from x.x.x.x:80 to 119.253.58.170:8400; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from 123.7.82.128:55989 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 60 bytes; from x.x.x.x:80 to 123.7.82.128:55989; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 48 bytes; from 61.180.202.194:3259 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 120.193.200.69:2783 to x.x.x.x:80; FIN sent; 17 packets, 10158 bytes, avg flow rate 2.70 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 120.193.200.69:2783; FIN acknowleged
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 218.202.142.141:58640; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.21.219.67:53356 to x.x.x.x:443; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 58.59.49.163:44735 to x.x.x.x:80; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from x.x.x.x:80 to 58.59.49.163:44735; first packet (SYN)
Thu Jun 2 01:12:00 2016; TCP; eth1; 52 bytes; from 218.202.142.141:58637 to x.x.x.x:80; Connection reset; 1 packets, 52 bytes, avg flow rate 0.00 kbits/s; opposite direction 1 packets, 52 bytes; avg flow rate 0.00 kbits/s
Thu Jun 2 01:12:00 2016; TCP; eth1; 46 bytes; from 58.246.193.138:65128 to x.x.x.x:80; FIN sent; 5 packets, 720 bytes, avg flow rate 0.22 kbits/s

25 replies • 2016-07-01 12:00:00 +08:00

donghouhe

Jun 10, 2016

这是被 d 的意思吗

Bryan0Z

Jun 10, 2016 via Android

5 mb/s 也停？

Andy1999

Jun 10, 2016 via iPhone

哥们改换家托管了

openbaby

Jun 10, 2016

@donghouhe
@Bryan0Z
@Andy1999 我不认为是被 D ，都是正常的访问，他们就说被 SYN 攻击，还说违反了他们的多项条例。

xupefei

Jun 10, 2016

怎么会是正常访问呢， 01:12:00 一秒钟里一堆 IP 来发 SYN ，而且只发 SYN ，没有后续动作。
5MB/s 是挺小，但是仍旧是 SYN flood 攻击。

openbaby

Jun 10, 2016

@xupefei 这台服务器的用途比较特殊，就是只做 301 跳转，没有具体的网站内容，任何访问都通过 301 重定向到另一台服务器去。

lslqtz

Jun 10, 2016 via iPhone

该换家服务商了。

realpg

PRO

Jun 10, 2016 via Android

SYN FLOOD 都没法解决的机房？
而且 SYNFLOOD 是吃服务器资源的而不是吃流量的，你确定这不是个超售二十倍的 VPS 么

lightforce

Jun 10, 2016

syn flood 很好防啊，最难防的是混合

webjin1

Jun 10, 2016 via Android

Tos 有写吗？

webjin1

Jun 10, 2016 via Android

看样子像板瓦工

jasontse

Jun 10, 2016 via iPad

才 80Kpps 不到就停机啊，搬家吧

openbaby

Jun 10, 2016

@lightforce
@realpg
@jasontse
@lslqtz 我不知道设置下 iptables 会不会有效果，或是这 SYN 包还没进服务器就被服务商认为是攻击而拔线了？

gamexg

Jun 10, 2016

@openbaby syn 防御不麻烦，但是机房拔你线和你防没防住没关系。这点量对机房不当回事，但是他就是拔你线，没办法，换机房吧。

adrianzhang

Jun 10, 2016

plz refer to https://hakin9.org/syn-flood-attacks-how-to-protect-article/

jasontse

Jun 10, 2016 via iPad

@openbaby
你这样只是保护服务器，现在是机房要赶你

openbaby

Jun 10, 2016

@jasontse 这破 JB 服务商这会工单也不回复了，直接把状态改为“滥用”，坑了。。
@gamexg

shiny

PRO

Jun 10, 2016

哪个服务商

xmgit

Jun 10, 2016

曝光下吧，让大家少点坑

5GA

Jun 10, 2016 via Android

什么服务商？说下名字吧，免得大家以后进坑

tempdban

Jun 11, 2016 via Android

@openbaby 兄弟 syn flood 和你跑什么业务没关系

openbaby

Jun 12, 2016

@tempdban
@luckykong
@Bardon
@shiny alpharacks 。。。

doyel

Jun 13, 2016

@openbaby 这样的运营商直接拉黑，把应用和数据迁移掉吧。。。

jq8778

Jun 21, 2016 via iPhone

直接 paypal 争议

michael2016

Jul 1, 2016

1.站在 CSP 角度考虑：
云业务里面带宽成本是极高的，作为一家 CSP ，这样的行为也是可以理解的，所以想玩云，要有足够的钱来烧，从侧面也看出了一家 CSP 的实力；
2.站在租户的角度考虑；
作为任何一个上云，把业务放在云上的最终使用用户来说，在关注云上的业务安全是必要的，安全本质上跟环境没有任何关系，所以，要是要从各个方面去考虑好业务安全的问题，建好房子也好买一把好锁。安好防盗网啥的。
同时提醒：未知攻焉知防？
楼主加油！