主路由刷了 tomato 固件,开启了 dnscrypt-proxy firewall 开启了 Respond to ICMP ping
副路由是 r7000,官方原版固件 最近老是出现 DoS attack: Smurf 和 Self2WAN ICMP type b Detected!
帖上部分日志
[DoS attack: Smurf] attack packets in last 20 sec from ip [27.187.118.255],Saturday, Oct 22,2016 14:57:33
[DoS attack: Smurf] attack packets in last 20 sec from ip [27.187.118.255],Saturday, Oct 22,2016 14:57:12
[DoS attack: Smurf] attack packets in last 20 sec from ip [218.88.26.255], Saturday,Oct 22,2016 14:56:11
[DoS attack: Smurf] attack packets in last 20 sec from ip [218.88.26.255], Saturday,Oct 22,2016 14:55:50
[DoS attack: Smurf] attack packets in last 20 sec from ip [218.88.26.255], Saturday,Oct 22,2016 14:53:32
[DoS attack: Smurf] attack packets in last 20 sec from ip [218.88.26.255], Saturday,Oct 22,2016 14:53:10
[DoS attack: Smurf] attack packets in last 20 sec from ip [218.88.26.255], Saturday,Oct 22,2016 14:51:29
[DoS attack: Smurf] attack packets in last 20 sec from ip [218.88.26.255], Saturday,Oct 22,2016 14:51:08
Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Saturday, Oct 22,2016 14:16:56
[DoS attack: Smurf] attack packets in last 20 sec from ip [61.167.151.255],Saturday, Oct 22,2016 13:55:03
[DoS attack: Smurf] attack packets in last 20 sec from ip [61.167.151.255],Saturday, Oct 22,2016 13:54:42
1
testsb 2016-10-30 14:44:25 +08:00
|
2
iry232 OP 应该是 r7000 的防火墙拒绝了
|
3
ericgui 2016-10-31 12:39:03 +08:00
我来献丑了,刚学的。这是 smurf 攻击,对你整个 network 进行 directed broadcast ,假设你的 IP 是 C 类 IP 地址, 218.88.26.X ,就对这个 IP : 218.88.26.255 发送 broadcast ,然后整个 network 里所有主机都会收到这个广播了。因此路由器由于安全原因是默认 drop this type of broadcast traffic 。
这是 DDoS 攻击的一种。 刚在看 CCNA 的教程,如果有错,请指正! |