http 劫持请教

This topic created in 2696 days ago, the information mentioned may be changed or developed.

昨晚，公司的好几个服务发现用 http 访问的时候，全部访问不了的，公司的 ip 我以 123.123.123.123 ，域名以 www.test.com 代替，说下过程。昨晚开发突然过来反馈说他们业务故障了，说了因为 www.test.com 打开不了，测试了一下，打开显示是找不到网页，线路是电信，用 https 访问居然正常，挂美国的 vps 访问也是正常的，联通 4G 访问也是正常，现象为移动，和电信的线路无法访问 123.123.123.123 的 web 服务。在服务器上用 curl 访问如下

20190103_19:19:11[root@Tantu_wg_api ~]# curl  123.123.123.123 
20190103_19:19:11curl: (56) Failure when receiving data from the peer
20190103_19:19:31[root@Tantu_wg_api ~]# curl  -Hhost:www.test.com  192.168.10.1
20190103_19:19:37{"status":200,"code":0,"msg":"OK, is api }
[root@Tantu_wg_api ~]#
20190103_19:19:41[root@Tantu_wg_api ~]# curl  -Hhost:api.tantu.
20190103_19:19:51[root@Tantu_wg_api ~]# curl https://www.test.com -I
20190103_19:19:51HTTP/1.1 200 OK

走内网和 https 都没问题，走外网出去就报 56 的错误，服务器上开启日志，发现移动和电信的访问根本没进来，抓包后发现 3 次握手后连接就被重置了

20190103_19:15:0319:15:04.394756 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [S], seq 3917553324, win 14600, options [mss 1460,sackOK,TS val 2842031732 ecr 0,nop,wscale 7], length 0
20190103_19:15:0319:15:04.401524 IP 123.123.123.123.http > 192.168.64.130.33257: Flags [S.], seq 3931168778, ack 3917553325, win 14480, options [mss 1460,sackOK,TS val 1009545965 ecr 2842031732,nop,wscale 7], length 0
20190103_19:15:0319:15:04.401552 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842031739 ecr 1009545965], length 0
20190103_19:15:0319:15:04.401625 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [P.], seq 1:167, ack 1, win 115, options [nop,nop,TS val 2842031739 ecr 1009545965], length 166
20190103_19:15:0319:15:04.408249 IP 123.123.123.123.http > 192.168.64.130.33257: Flags [R], seq 3931168779, win 0, length 0
20190103_19:15:0419:15:05.452281 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [S], seq 3591611786, win 14600, options [mss 1460,sackOK,TS val 2842032790 ecr 0,nop,wscale 7], length 0
20190103_19:15:0419:15:05.459026 IP 123.123.123.123.http > 192.168.64.130.33317: Flags [S.], seq 1471399763, ack 3591611787, win 14480, options [mss 1460,sackOK,TS val 1009547023 ecr 2842032790,nop,wscale 7], length 0
20190103_19:15:0419:15:05.459031 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842032797 ecr 1009547023], length 0
20190103_19:15:0419:15:05.459129 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [P.], seq 1:703, ack 1, win 115, options [nop,nop,TS val 2842032797 ecr 1009547023], length 702
20190103_19:15:0419:15:05.465569 IP 123.123.123.123.http > 192.168.64.130.33317: Flags [R], seq 1471399764, win 0, length 0
20190103_19:15:0519:15:06.700367 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [S], seq 99677139, win 14600, options [mss 1460,sackOK,TS val 2842034038 ecr 0,nop,wscale 7], length 0
20190103_19:15:0519:15:06.707523 IP 123.123.123.123.http > 192.168.64.130.33478: Flags [S.], seq 3754760549, ack 99677140, win 14480, options [mss 1460,sackOK,TS val 1009548272 ecr 2842034038,nop,wscale 7], length 0
20190103_19:15:0519:15:06.707529 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842034045 ecr 1009548272], length 0
20190103_19:15:0519:15:06.707607 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [P.], seq 1:226, ack 1, win 115, options [nop,nop,TS val 2842034045 ecr 1009548272], length 225
20190103_19:15:0519:15:06.714797 IP 123.123.123.123.http > 192.168.64.130.33478: Flags [R], seq 3754760550, win 0, length 0
20190103_19:15:10

这种是不是就是 http 劫持呀？这种是怎么做到的，而且过了不到一个小时就自己好了，是运营商网络问题导致的，移动和电信发给 123.123.123.123 的包没有到达?

No Comments Yet

123.123.123.123 192.168.64.130 nop length