OT:SYN FLOODING
Ing. Pavel PaJaSoft Janousek
janousek na fonet.cz
Čtvrtek Prosinec 7 14:18:47 CET 2000
> Zdravim,
> nevim jestli to souvisi s tematem teto konference, takze se predme
> radsi omlouvam tem, kteri toto povazuji za OT.
Rovnez se omlouvam, pokud to nekomu pomuze ze neni ve osahavani klik
sam, muze mu pomoci toto...:
Jen dodavam, ze vypis je z pomerne slusneho firewallu (zacinam tomu i
verit:)), kde vse, co neni povoleno je REJECT a zaroven se LOGuje...
Pokud bych se mel quli 'klikam' rozcilovat nebo psat na ISP ze pres ne
nejaky looser dela to a to, pak to delam kazdy den, ma to skutcne smysl?
Dec 3 08:37:13 gw-gin kernel: Packet log: 133_in REJECT eth1 PROTO=6
63.69.10.2
42:3154 212.71.138.133:53 L=60 S=0x00 I=20013 F=0x4000 T=45 SYN (#7)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3967 212.71.176.176:53 L=60 S=0x00 I=28836 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3971 212.71.176.178:53 L=60 S=0x00 I=28838 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3973 212.71.176.180:53 L=60 S=0x00 I=28840 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3972 212.71.176.179:53 L=60 S=0x00 I=28839 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3968 212.71.176.177:53 L=60 S=0x00 I=28837 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3975 212.71.176.182:53 L=60 S=0x00 I=28842 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3974 212.71.176.181:53 L=60 S=0x00 I=28841 F=0x4000 T=45 SYN (#5)
Dec 3 08:52:03 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=6
63.69.10.2
42:3976 212.71.176.183:53 L=60 S=0x00 I=28843 F=0x4000 T=45 SYN (#5)
Nekdo hleda BINDy < 8.2.2. P5 ?;-)
ec 3 07:41:20 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=17
212.251.7
7.242:137 212.71.176.184:137 L=78 S=0x00 I=65286 F=0x0000 T=112 (#5)
Dec 3 07:41:22 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=17
212.251.7
7.242:137 212.71.176.184:137 L=78 S=0x00 I=7 F=0x0000 T=112 (#5)
Dec 3 07:41:23 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=17
212.251.7
7.242:137 212.71.176.184:137 L=78 S=0x00 I=263 F=0x0000 T=112 (#5)
Dec 3 08:24:12 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=17
211.108.1
08.34:137 212.71.176.183:137 L=78 S=0x00 I=64521 F=0x0000 T=106 (#5)
Dec 3 08:24:14 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=17
211.108.1
08.34:137 212.71.176.183:137 L=78 S=0x00 I=65033 F=0x0000 T=106 (#5)
Dec 3 08:24:15 gw-gin kernel: Packet log: 160_in REJECT eth1 PROTO=17
211.108.1
08.34:137 212.71.176.183:137 L=78 S=0x00 I=266 F=0x0000 T=106 (#5)
Nekdo zkousi netbios.
Nastesti v tomto pripade si u nas vylamal zuby... - tracerouty na
zdroje mi zrovna moc nerekly..:
[fonet na www fonet]$ traceroute 152.101.14.237
traceroute to 152.101.14.237 (152.101.14.237), 30 hops max, 38 byte
packets
1 prah6.net.euroweb.cz (194.213.226.193) 1.345 ms 0.950 ms 4.867 ms
2 frankfurt5.de.eqip.net (195.90.65.137) 38.423 ms 24.962 ms
frankfurt5.de.e
qip.net (195.90.65.141) 29.861 ms
3 frankfurt50.de.eqip.net (195.206.65.149) 59.029 ms 86.872 ms
117.859 ms
4 newyork50.us.eqip.net (195.90.64.190) 171.343 ms 122.837 ms
173.901 ms
5 newyork5.us.eqip.net (63.250.128.13) 204.265 ms 354.072 ms
356.475 ms
6 12.124.195.21 (12.124.195.21) 415.331 ms 326.494 ms 308.726 ms
7 gbr2-p54.n54ny.ip.att.net (12.123.192.122) 235.224 ms 229.720 ms
220.091
ms
8 gr1-p3100.n54ny.ip.att.net (12.123.1.49) 327.666 ms 412.110 ms
436.237 ms
9 att-gw.ny.psi.net (192.205.31.221) 250.763 ms 261.602 ms 219.450
ms
10 38.1.10.28 (38.1.10.28) 357.958 ms 343.464 ms 375.347 ms
11 204.6.140.214 (204.6.140.214) 546.455 ms 671.517 ms 621.979 ms
12 f00.wc-ovr3.hk.linkage.net (210.184.18.139) 656.311 ms 579.294 ms
520.596
ms
13 202.76.44.219 (202.76.44.219) 724.006 ms 646.747 ms 693.841 ms
14 152.101.14.237 (152.101.14.237) 677.193 ms 655.681 ms 730.269 ms
[fonet na www fonet]$
[fonet na www fonet]$ traceroute 212.251.77.242
traceroute to 212.251.77.242 (212.251.77.242), 30 hops max, 38 byte
packets
1 prah6.net.euroweb.cz (194.213.226.193) 1.513 ms 17.040 ms 1.644
ms
2 frankfurt5.de.eqip.net (195.90.65.141) 167.954 ms 116.792 ms
frankfurt5.de
.eqip.net (195.90.65.137) 190.936 ms
3 frankfurt50.de.eqip.net (195.206.65.149) 84.283 ms 37.066 ms
144.142 ms
4 amsterdam50.nl.eqip.net (195.206.67.145) 92.536 ms 97.096 ms
82.757 ms
5 amsterdam51.nl.eqip.net (195.90.64.230) 38.234 ms 58.834 ms
65.365 ms
6 amsterdam11.nl.eqip.net (195.90.65.126) 49.771 ms 61.298 ms
33.670 ms
7 195.206.66.246 (195.206.66.246) 61.153 ms 74.405 ms 34.481 ms
8 P1-0-0.AMSAR1.Amsterdam.opentransit.net (193.251.151.242) 23.776
ms 38.120
ms 28.550 ms
9 193.251.128.217 (193.251.128.217) 103.527 ms 80.815 ms 60.402 ms
10 P1-0.BAGBB1.Bagnolet.opentransit.net (193.251.128.141) 110.593 ms
57.047 m
s 41.041 ms
11 P2-0.PASBB1.Paris.opentransit.net (193.251.128.46) 53.732 ms
86.984 ms 51
.194 ms
12 P6-0-0.PENAR1.Pennsauken.opentransit.net (193.251.128.126) 144.246
ms 130.
367 ms 117.162 ms
13 193.251.132.244 (193.251.132.244) 188.676 ms 183.811 ms 196.276
ms
14 193.251.132.206 (193.251.132.206) 196.042 ms 255.443 ms 224.376
ms
15 gip-rasp-fr-bar-1-a1-0-0-635-aal5.gip.net (204.59.138.38) 170.179
ms 188.5
34 ms 156.083 ms
16 gip-rasp-fr-bar-2-fe1-0-0.gip.net (204.59.18.210) 257.870 ms
138.058 ms 1
59.354 ms
17 gip-athe-gr-bar-1-a1-0-0-533-aal5.gip.net (204.59.19.18) 341.560
ms 343.25
1 ms 340.022 ms
18 gip-athens-car-FastEthernet000.globalone.gr (195.119.128.18)
330.561 ms 33
4.118 ms 296.670 ms
19 195.119.130.230 (195.119.130.230) 642.586 ms 705.255 ms 735.024
ms
20 titan-fa511.forthnet.gr (194.219.227.97) 741.474 ms 710.207 ms
1088.269 m
s
21 atlantiss1.forthnet.gr (194.219.199.57) 758.995 ms 732.942 ms
735.263 ms
22 lasea.forthnet.gr (194.219.235.2) 682.677 ms 609.144 ms 616.405
ms
23 lasea.forthnet.gr (194.219.235.2) 606.502 ms !X 576.072 ms !X
615.884 ms
!X
[fonet na www fonet]$
[fonet na www fonet]$ traceroute 63.69.10.242
traceroute to 63.69.10.242 (63.69.10.242), 30 hops max, 38 byte packets
1 prah6.net.euroweb.cz (194.213.226.193) 1.227 ms 0.924 ms 0.817 ms
2 frankfurt5.de.eqip.net (195.90.65.141) 30.668 ms
frankfurt5.de.eqip.net (19
5.90.65.137) 91.149 ms 67.012 ms
3 frankfurt50.de.eqip.net (195.206.65.149) 55.715 ms 81.042 ms
61.322 ms
4 newyork50.us.eqip.net (195.90.64.190) 162.131 ms 199.492 ms
146.637 ms
5 newyork2.us.eqip.net (63.250.128.5) 107.805 ms 191.230 ms 96.493
ms
6 500.Serial1-9.GW6.NYC4.ALTER.NET (157.130.22.241) 164.995 ms
156.440 ms 1
36.951 ms
7 140.ATM4-0.XR1.NYC4.ALTER.NET (146.188.179.146) 168.719 ms 156.801
ms 160
.980 ms
8 289.ATM7-0.XR1.EWR1.ALTER.NET (146.188.178.62) 257.689 ms 220.136
ms 297.
679 ms
9 193.ATM8-0-0.GW2.EWR1.ALTER.NET (146.188.178.5) 216.779 ms 220.687
ms 291
.180 ms
10 router.atransgroup.com (63.69.10.241) 219.885 ms 305.794 ms
307.495 ms
11 63.69.10.242 (63.69.10.242) 275.447 ms 169.496 ms 208.797 ms
[fonet na www fonet]$
-----------------------------------------------------------------------
Ing. Pavel Janousek (PaJaSoft) FoNet, spol. s r. o.
Vyvoj software, Intranet / Internet Anenska 11, 602 00 Brno
E-mail: mailto:Janousek na FoNet.Cz Tel.: +420 5 4324 4749
SMS: mailto:P.Janousek na SMS.Paegas.Cz Fax.: +420 5 4324 4751
WWW: http://WWW.FoNet.Cz/ E-mail: mailto:Info na FoNet.Cz
-----------------------------------------------------------------------
Další informace o konferenci Linux