千家论坛_智能建筑与智能家居技术交流社区

标题: 求助！服务器已停止好几天了。 [打印本页]

---

作者: 小灰狼    时间: 2004-1-16 09:14
标题: 求助！服务器已停止好几天了。
系统是win2003 呀！　公司的几台服务器。。现受Ddos 攻击 已停止好几天了。一起到就相当于down 机。 请高手给点解决方案。。可以？　下面是我在服务器上用netstat -an 抓下来的连接。 TCP 218.24.233.11:21 0.0.0.0:0 LISTENING TCP 218.24.233.11:80 0.1.189.148:32899 SYN_RECEIVED TCP 218.24.233.11:80 0.16.0.132:40716 SYN_RECEIVED TCP 218.24.233.11:80 0.16.174.177:32698 SYN_RECEIVED TCP 218.24.233.11:80 0.52.97.75:35633 SYN_RECEIVED TCP 218.24.233.11:80 0.79.148.218:12635 SYN_RECEIVED TCP 218.24.233.11:80 0.81.228.58:32965 SYN_RECEIVED TCP 218.24.233.11:80 0.97.33.147:44787 SYN_RECEIVED TCP 218.24.233.11:80 0.104.245.164:30743 SYN_RECEIVED TCP 218.24.233.11:80 0.118.212.214:46042 SYN_RECEIVED TCP 218.24.233.11:80 0.127.15.250:39046 SYN_RECEIVED TCP 218.24.233.11:80 0.140.216.153:39226 SYN_RECEIVED TCP 218.24.233.11:80 0.145.103.198:39901 SYN_RECEIVED TCP 218.24.233.11:80 0.158.74.152:36936 SYN_RECEIVED TCP 218.24.233.11:80 0.160.74.250:14075 SYN_RECEIVED TCP 218.24.233.11:80 0.163.53.66:13980 SYN_RECEIVED TCP 218.24.233.11:80 0.167.174.25:26435 SYN_RECEIVED TCP 218.24.233.11:80 0.173.23.2:3219 SYN_RECEIVED TCP 218.24.233.11:80 0.175.199.97:20291 SYN_RECEIVED TCP 218.24.233.11:80 0.187.25.48:61083 SYN_RECEIVED TCP 218.24.233.11:80 0.190.120.67:45250 SYN_RECEIVED TCP 218.24.233.11:80 0.191.51.65:12627 SYN_RECEIVED TCP 218.24.233.11:80 0.222.184.54:26392 SYN_RECEIVED TCP 218.24.233.11:80 0.242.38.125:10950 SYN_RECEIVED TCP 218.24.233.11:80 0.247.89.171:32496 SYN_RECEIVED TCP 218.24.233.11:80 0.250.107.112:29683 SYN_RECEIVED TCP 218.24.233.11:80 1.14.35.171:34478 SYN_RECEIVED TCP 218.24.233.11:80 1.15.210.130:43020 SYN_RECEIVED TCP 218.24.233.11:80 1.20.223.130:8790 SYN_RECEIVED TCP 218.24.233.11:80 1.26.68.200:18855 SYN_RECEIVED TCP 218.24.233.11:80 1.39.196.209:19561 SYN_RECEIVED TCP 218.24.233.11:80 1.40.28.233:25083 SYN_RECEIVED TCP 218.24.233.11:80 1.47.85.98:8323 SYN_RECEIVED TCP 218.24.233.11:80 1.67.1.182:64942 SYN_RECEIVED TCP 218.24.233.11:80 1.74.213.194:43128 SYN_RECEIVED TCP 218.24.233.11:80 1.77.232.111:31688 SYN_RECEIVED TCP 218.24.233.11:80 1.78.119.96:29877 SYN_RECEIVED TCP 218.24.233.11:80 1.84.65.189:8985 SYN_RECEIVED TCP 218.24.233.11:80 1.108.129.192:50169 SYN_RECEIVED TCP 218.24.233.11:80 1.122.83.228:36273 SYN_RECEIVED TCP 218.24.233.11:80 1.129.60.20:39990 SYN_RECEIVED TCP 218.24.233.11:80 1.134.50.214:46601 SYN_RECEIVED TCP 218.24.233.11:80 1.142.37.247:38378 SYN_RECEIVED TCP 218.24.233.11:80 1.146.205.193:26422 SYN_RECEIVED TCP 218.24.233.11:80 1.148.145.23:63767 SYN_RECEIVED TCP 218.24.233.11:80 1.169.97.158:32468 SYN_RECEIVED TCP 218.24.233.11:80 1.183.17.17:11301 SYN_RECEIVED TCP 218.24.233.11:80 1.188.69.142:42165 SYN_RECEIVED TCP 218.24.233.11:80 1.188.122.240:62522 SYN_RECEIVED TCP 218.24.233.11:80 1.191.184.104:40330 SYN_RECEIVED TCP 218.24.233.11:80 1.206.148.86:32348 SYN_RECEIVED TCP 218.24.233.11:80 1.247.220.40:29310 SYN_RECEIVED TCP 218.24.233.11:80 1.253.146.96:36885 SYN_RECEIVED TCP 218.24.233.11:80 1.253.209.66:47677 SYN_RECEIVED TCP 218.24.233.11:80 2.1.241.96:26900 SYN_RECEIVED TCP 218.24.233.11:80 2.2.178.166:13604 SYN_RECEIVED TCP 218.24.233.11:80 2.7.219.154:37658 SYN_RECEIVED TCP 218.24.233.11:80 2.21.2.60:43906 SYN_RECEIVED TCP 218.24.233.11:80 2.27.66.57:15014 SYN_RECEIVED TCP 218.24.233.11:80 2.31.40.120:43828 SYN_RECEIVED TCP 218.24.233.11:80 2.38.16.45:42197 SYN_RECEIVED TCP 218.24.233.11:80 2.44.89.22:32899 SYN_RECEIVED TCP 218.24.233.11:80 2.52.248.47:26876 SYN_RECEIVED TCP 218.24.233.11:80 2.53.240.72:17847 SYN_RECEIVED TCP 218.24.233.11:80 2.67.84.86:31279 SYN_RECEIVED TCP 218.24.233.11:80 2.88.183.55:42366 SYN_RECEIVED TCP 218.24.233.11:80 2.90.87.55:42482 SYN_RECEIVED TCP 218.24.233.11:80 2.94.140.235:32966 SYN_RECEIVED TCP 218.24.233.11:80 2.109.117.14:33116 SYN_RECEIVED TCP 218.24.233.11:80 2.113.164.181:15313 SYN_RECEIVED TCP 218.24.233.11:80 2.117.231.221:13174 SYN_RECEIVED TCP 218.24.233.11:80 2.124.56.14:39990 SYN_RECEIVED TCP 218.24.233.11:80 2.127.28.145:27215 SYN_RECEIVED TCP 218.24.233.11:80 2.141.6.65:32434 SYN_RECEIVED TCP 218.24.233.11:80 2.150.41.79:29776 SYN_RECEIVED TCP 218.24.233.11:80 2.150.144.254:52106 SYN_RECEIVED TCP 218.24.233.11:80 2.151.183.188:18895 SYN_RECEIVED TCP 218.24.233.11:80 2.155.204.27:60865 SYN_RECEIVED TCP 218.24.233.11:80 2.156.89.216:34416 SYN_RECEIVED TCP 218.24.233.11:80 2.156.240.1:26595 SYN_RECEIVED TCP 218.24.233.11:80 2.157.91.48:48020 SYN_RECEIVED TCP 218.24.233.11:80 2.165.76.96:55493 SYN_RECEIVED TCP 218.24.233.11:80 2.167.22.184:32916 SYN_RECEIVED TCP 218.24.233.11:80 2.188.224.30:29429 SYN_RECEIVED TCP 218.24.233.11:80 2.208.13.79:6803 SYN_RECEIVED TCP 218.24.233.11:80 2.208.63.182:32620 SYN_RECEIVED

---

作者: dengan    时间: 2004-1-16 09:25
把80端口暂时关掉试试。 装上防火墙

---

作者: 小灰狼    时间: 2004-1-16 09:35
关闭是只定行的。 软件防火强。就别想了。 现在除了硬件防火强。还有没有别的办法了。

---

作者: menghuantt    时间: 2004-1-16 11:36
13.DDoS(Distributed Denial of Service)的防范。 ! The TRINOO DDoS system Router(Config)# access-list 113 deny tcp any any eq 27665 log Router(Config)# access-list 113 deny udp any any eq 31335 log Router(Config)# access-list 113 deny udp any any eq 27444 log ! The Stacheldtraht DDoS system Router(Config)# access-list 113 deny tcp any any eq 16660 log Router(Config)# access-list 113 deny tcp any any eq 65000 log ! The TrinityV3 System Router(Config)# access-list 113 deny tcp any any eq 33270 log Router(Config)# access-list 113 deny tcp any any eq 39168 log ! The SubSeven DDoS system and some Variants Router(Config)# access-list 113 deny tcp any any range 6711 6712 log Router(Config)# access-list 113 deny tcp any any eq 6776 log Router(Config)# access-list 113 deny tcp any any eq 6669 log Router(Config)# access-list 113 deny tcp any any eq 2222 log Router(Config)# access-list 113 deny tcp any any eq 7000 log

---

作者: menghuantt    时间: 2004-1-16 11:38
要是没路由器，在服务器上把不用的端口全部关了，只开你用的几个！

---

欢迎光临 千家论坛_智能建筑与智能家居技术交流社区 (http://bbs.qianjia.com/)

Powered by Discuz! X3.2