Dos攻击案例
文档编号:85
浏览:8206 评分:21
最后更新于:2008-08-16
问题:
为什么在上网监控中发现大量的ICMP会话,全是上传为1,下载为0的?
192.168.0.101是网吧收费/公安监控服务器
第三个记录的外网IP我查了
128.0.7.244查询结果:美国
0.3.135.217 查询结果1、Internet保留地址;
查询结果2、IANA保留地址。
是什么在发这两个IP???
以下是三个记录
(一)
21:30:38 NAT exceeded 192.168.0.101
21:30:32 NAT exceeded 192.168.0.101
21:30:29 NAT exceeded 192.168.0.101
21:30:25 NAT exceeded 192.168.0.101
21:30:21 NAT exceeded 192.168.0.101
21:30:17 NAT exceeded 192.168.0.101
21:30:13 NAT exceeded 192.168.0.101
21:30:09 NAT exceeded 192.168.0.101
21:30:05 NAT exceeded 192.168.0.101
21:30:01 NAT exceeded 192.168.0.101
21:29:57 NAT exceeded 192.168.0.101
21:29:53 NAT exceeded 192.168.0.101
21:29:49 NAT exceeded 192.168.0.101
21:29:45 NAT exceeded 192.168.0.101
21:29:41 NAT exceeded 192.168.0.101
21:29:37 NAT exceeded 192.168.0.101
21:29:33 NAT exceeded 192.168.0.101
21:29:29 NAT exceeded 192.168.0.101
21:29:25 NAT exceeded 192.168.0.101
21:29:21 NAT exceeded 192.168.0.101
21:29:17 NAT exceeded 192.168.0.101
21:29:13 NAT exceeded 192.168.0.101
21:29:09 NAT exceeded 192.168.0.101
21:29:05 NAT exceeded 192.168.0.101
21:29:01 NAT exceeded 192.168.0.101
21:28:57 NAT exceeded 192.168.0.101
21:28:53 NAT exceeded 192.168.0.101
21:28:49 NAT exceeded 192.168.0.101
21:28:45 NAT exceeded 192.168.0.101
21:28:41 NAT exceeded 192.168.0.101
21:28:37 NAT exceeded 192.168.0.101
21:28:33 NAT exceeded 192.168.0
为什么在上网监控中发现大量的ICMP会话,全是上传为1,下载为0的?
192.168.0.101是网吧收费/公安监控服务器
第三个记录的外网IP我查了
128.0.7.244查询结果:美国
0.3.135.217 查询结果1、Internet保留地址;
查询结果2、IANA保留地址。
是什么在发这两个IP???
以下是三个记录
(一)
21:30:38 NAT exceeded 192.168.0.101
21:30:32 NAT exceeded 192.168.0.101
21:30:29 NAT exceeded 192.168.0.101
21:30:25 NAT exceeded 192.168.0.101
21:30:21 NAT exceeded 192.168.0.101
21:30:17 NAT exceeded 192.168.0.101
21:30:13 NAT exceeded 192.168.0.101
21:30:09 NAT exceeded 192.168.0.101
21:30:05 NAT exceeded 192.168.0.101
21:30:01 NAT exceeded 192.168.0.101
21:29:57 NAT exceeded 192.168.0.101
21:29:53 NAT exceeded 192.168.0.101
21:29:49 NAT exceeded 192.168.0.101
21:29:45 NAT exceeded 192.168.0.101
21:29:41 NAT exceeded 192.168.0.101
21:29:37 NAT exceeded 192.168.0.101
21:29:33 NAT exceeded 192.168.0.101
21:29:29 NAT exceeded 192.168.0.101
21:29:25 NAT exceeded 192.168.0.101
21:29:21 NAT exceeded 192.168.0.101
21:29:17 NAT exceeded 192.168.0.101
21:29:13 NAT exceeded 192.168.0.101
21:29:09 NAT exceeded 192.168.0.101
21:29:05 NAT exceeded 192.168.0.101
21:29:01 NAT exceeded 192.168.0.101
21:28:57 NAT exceeded 192.168.0.101
21:28:53 NAT exceeded 192.168.0.101
21:28:49 NAT exceeded 192.168.0.101
21:28:45 NAT exceeded 192.168.0.101
21:28:41 NAT exceeded 192.168.0.101
21:28:37 NAT exceeded 192.168.0.101
21:28:33 NAT exceeded 192.168.0
(二)
IP地址 当前连接数 超限次数
192.168.0.101 231 701976
192.168.0.110 87 198491
IP地址 当前连接数 超限次数
192.168.0.101 231 701976
192.168.0.110 87 198491
(三)
ID 内网地址 内网端口 协议 外网地址 外网端口 上传包 下载包 NAT地址 NAT端口
661 192.168.0.101 0 I 128.0.7.244 82 1 0 61.174.209.82 82
662 192.168.0.101 0 I 0.3.135.217 81 1 0 61.174.209.82 81
663 192.168.0.101 0 I 128.0.7.245 59 1 0 61.174.209.82 59
664 192.168.0.101 0 I 0.3.135.218 58 1 0 61.174.209.82 58
665 192.168.0.101 0 I 128.0.7.246 49 1 0 61.174.209.82 49
666 192.168.0.101 0 I 0.3.135.219 48 1 0 61.174.209.82 48
667 192.168.0.101 0 I 128.0.7.247 45 1 0 61.174.209.82 45
668 192.168.0.101 0 I 0.3.135.220 44 1 0 61.174.209.82 44
669 192.168.0.101 0 I 128.0.7.248 43 1 0 61.174.209.82 43
670 192.168.0.101 0 I 0.3.135.221 36 1 0 61.174.209.82 36
671 192.168.0.101 0 I 128.0.7.249 35 1 0 61.174.209.82 35
672 192.168.0.101 0 I 0.3.135.222 24 1 0 61.174.209.82 24
673 192.168.0.101 0 I 128.0.7.250 23 1 0 61.174.209.82 23
674 192.168.0.101 0 I 0.3.135.223 16 1 0 61.174.209.82 16
675 192.168.0.101 0 I 128.0.7.251 15 1 0 61.174.209.82 15
676 192.168.0.101 0 I 0.3.135.224 13 1 0 61.174.209.82 13
677 192.168.0.101 0 I 128.0.7.252 51544 1 0 61.174.209.82 51544
678 192.168.0.101 0 I 0.3.135.225 49268 1 0 61.174.209.82 49268
679 192.168.0.101 0 I 128.0.7.253 49267 1 0 61.174.209.82 49267
680 192.168.0.101 0 I 0.3.135.226 49266 1 0 61.174.209.82 49266
解答:
这些记录,所有协议都是ICMP(用大写的I代表),外部端口按顺序递增,会话的上传包为1,下载包为0,是典型的 “有去无回”的DOS攻击行为。
ID 内网地址 内网端口 协议 外网地址 外网端口 上传包 下载包 NAT地址 NAT端口
661 192.168.0.101 0 I 128.0.7.244 82 1 0 61.174.209.82 82
662 192.168.0.101 0 I 0.3.135.217 81 1 0 61.174.209.82 81
663 192.168.0.101 0 I 128.0.7.245 59 1 0 61.174.209.82 59
664 192.168.0.101 0 I 0.3.135.218 58 1 0 61.174.209.82 58
665 192.168.0.101 0 I 128.0.7.246 49 1 0 61.174.209.82 49
666 192.168.0.101 0 I 0.3.135.219 48 1 0 61.174.209.82 48
667 192.168.0.101 0 I 128.0.7.247 45 1 0 61.174.209.82 45
668 192.168.0.101 0 I 0.3.135.220 44 1 0 61.174.209.82 44
669 192.168.0.101 0 I 128.0.7.248 43 1 0 61.174.209.82 43
670 192.168.0.101 0 I 0.3.135.221 36 1 0 61.174.209.82 36
671 192.168.0.101 0 I 128.0.7.249 35 1 0 61.174.209.82 35
672 192.168.0.101 0 I 0.3.135.222 24 1 0 61.174.209.82 24
673 192.168.0.101 0 I 128.0.7.250 23 1 0 61.174.209.82 23
674 192.168.0.101 0 I 0.3.135.223 16 1 0 61.174.209.82 16
675 192.168.0.101 0 I 128.0.7.251 15 1 0 61.174.209.82 15
676 192.168.0.101 0 I 0.3.135.224 13 1 0 61.174.209.82 13
677 192.168.0.101 0 I 128.0.7.252 51544 1 0 61.174.209.82 51544
678 192.168.0.101 0 I 0.3.135.225 49268 1 0 61.174.209.82 49268
679 192.168.0.101 0 I 128.0.7.253 49267 1 0 61.174.209.82 49267
680 192.168.0.101 0 I 0.3.135.226 49266 1 0 61.174.209.82 49266
解答:
这些记录,所有协议都是ICMP(用大写的I代表),外部端口按顺序递增,会话的上传包为1,下载包为0,是典型的 “有去无回”的DOS攻击行为。
2024 ©上海艾泰科技有限公司 版权所有 沪ICP备05037453号-1
沪公网安备 31011702003579号