DDOS攻击如何抓住幕后攻击者IP 怎么防住ddos攻击的ip
DDoS deflate\u5982\u4f55\u5c4f\u853dDDOS\u653b\u51fb\u8005IPDDoS deflate\u662f\u4e00\u6b3e\u7528\u6765\u9632\u5fa1\u548c\u51cf\u8f7bDDoS\u653b\u51fb\u7684\u811a\u672c\u3002\u5b83\u901a\u8fc7netstat\u76d1\u6d4b\u8ddf\u8e2a\u521b\u5efa\u5927\u91cf\u7f51\u7edc\u8fde\u63a5\u7684IP\u5730\u5740\uff0c\u5728\u68c0\u6d4b\u5230\u67d0\u4e2a\u7ed3\u70b9\u8d85\u8fc7\u9884\u8bbe\u7684\u9650 \u5236\u65f6\uff0c\u8be5\u7a0b\u5e8f\u4f1a\u901a\u8fc7APF\u6216IPTABLES\u7981\u6b62\u6216\u963b\u6321\u8fd9\u4e9bIP.
\u65b9\u6cd5/\u6b65\u9aa4
1
\u5148\u68c0\u67e5\u4e86web\u670d\u52a1\u5668\u65e5\u5fd7\uff0c\u6ca1\u6709\u5f02\u5e38\u3002\u67e5\u770b\u9632\u706b\u5899\u65e5\u5fd7\u548c\u8def\u7531\u5668\u65e5\u5fd7\uff0c\u53d1\u73b0\u90e8\u5206\u53ef\u7591\u6d41\u91cf\uff0c\u8fdb\u800c\u53d1\u73b0\u653b\u51fb\u65f6\uff0c\u8def\u7531\u5668\u65e5\u5fd7\u91cc\u6709\u5927\u91cf64\u5b57\u8282\u7684\u6570\u636e\u5305\uff0c\u8fd8\u6709\u5927\u91cf\u7684\u201cUDP-other\u201d\u6570\u636e\u5305\uff0c\u800cweb\u670d\u52a1\u5668\u65e5\u5fd7\u8fd8\u662f\u6b63\u5e38\u3002
2
SYN\u6d2a\u6cdb\u5f0f\u653b\u51fb\uff0c\u5229\u7528tcp\u4e09\u6b21\u63e1\u624b\uff0c\u7531\u4f2a\u9020\u7684IP\u5730\u5740\u5411\u76ee\u6807\u7aef\u53d1\u9001\u8bf7\u6c42\u62a5\u6587\uff0c\u800c\u76ee\u6807\u7aef\u7684\u54cd\u5e94\u62a5\u6587\u6c38\u8fdc\u65e0\u6cd5\u53d1\u9001\uff0c\u5982\u679c\u6709\u6210\u5343\u4e0a\u4e07\u7684\u8fd9\u79cd\u8fde\u63a5\uff0c\u76ee\u6807\u7aef\u7b49\u5f85\u5173\u95ed\u8fde\u63a5\u7684\u8fc7\u7a0b\u4f1a\u6d88\u8017\u5927\u91cf\u7684\u4e3b\u673a\u8d44\u6e90
3
\u7981\u6b62\u6240\u6709\u53d1\u7ed9\u76ee\u6807IP\u7684UDP\u5305\uff0c\u8fd9\u79cd\u505a\u6cd5\u4f1a\u8ba9\u670d\u52a1\u5668\u4e27\u5931\u90e8\u5206\u529f\u80fd\uff0c\u5982\uff1aDNS.
\u597d\u5904\uff1a\u51cf\u8f7b\u4e86web\u670d\u52a1\u5668\u7684\u538b\u529b\uff0cweb\u53ef\u4ee5\u6b63\u5e38\u5de5\u4f5c
\u5f0a\u7aef\uff1a\u653b\u51fb\u4ecd\u7136\u53ef\u4ee5\u5230\u8fbeweb\uff0c\u5f71\u54cd\u7f51\u7edc\u6027\u80fd
4
\u8054\u7cfb\u4e0a\u6e38\u5e26\u5bbd\u63d0\u4f9b\u5546\uff0c\u6682\u65f6\u9650\u5236\u7f51\u7ad9\u7aef\u53e3\u7684UDP\u8fdb\u5165\u6d41\u91cf\uff0c\u964d\u4f4e\u7f51\u7edc\u5230\u670d\u52a1\u5668\u7684\u6d41\u91cf
5
\u7edf\u8ba1SYN_RECV\u7684\u72b6\u6001\uff0c\u53d1\u73b0\u6709\u5927\u91cf\u7684tcp\u540c\u6b65\u6570\u636e\u5305\uff0c\u4f46\u662f\u8fde\u63a5\u4e0a\u7684\u5374\u6ca1\u6709\u51e0\u4e2a
[root@xiaoya ~]# netstat -an|grep SYN_RECV|wc -l1522
\u6216\u8005\u67e5\u770b\u5f53\u524d\u6700\u5927\u8fde\u63a5\u6570
[root@xiaoya ~]# netstat -na|grep EST|awk '{print $5}'|cut -d":" -f1,3|sort|uniq -c|sort -n
1 192.168.150.10
2 192.168.150.20
\u2026 \u2026
1987 192.168.150.200
\u660e\u663e\u662f\u6536\u5230\u4e86dos\u653b\u51fb
END
\u89e3\u51b3\u7b56\u7565
\u5206\u6790web\u65e5\u5fd7
\u628a\u5355IP PV\u6570\u9ad8\u7684\u5c01\u6389\uff08\u53ef\u6309\u5929\u5b9a\u4e49PV=1000\u5373\u5c01\u6389\uff09
[root@xiaoya ~]# cat test#!/bin/bash while true do ####access.log\u4e3aweb\u65e5\u5fd7\u6587\u4ef6 awk '{print $1}' access.log | grep -v "^$" | sort | uniq -c > tmp.log exec > droplist.log fi done sleep 3 done
\u5206\u6790\u7f51\u7edc\u8fde\u63a5\u6570
netstat -an | grep EST\u67e5\u770b\u7f51\u7edc\u72b6\u6001\u5982\u4e0b\uff1a
tcp 0 0 192.168.40.125:46476 112.95.242.171:80 ESTABLISHEDtcp 0 74 192.168.40.125:57948 173.194.127.177:443 ESTABLISHEDtcp 0 0 192.168.40.125:52290 118.144.78.52:80 ESTABLISHEDtcp 0 0 192.168.40.125:42593 163.177.65.182:80 ESTABLISHEDtcp 0 0 192.168.40.125:49259 121.18.230.110:80 ESTABLISHEDtcp 0 0 192.168.40.125:52965 117.79.157.251:80 ESTABLISHED
\u811a\u672c\u5982\u4e0b
[root@xiaoya ~]# cat test#!/bin/bash while true do grep EST est.log | awk -F '[ :]+' '{print $6}' | sort | uniq -c > tmp.log ####netstat -an | grep EST | awk -F '[ :]+' '{print $6}' | sort | uniq -c exec > droplist.log fi done sleep 3 done
现在好多ddos在发起的时候已经使用伪造源地址攻击的办法了,一级一级的追跳板,对这样的攻击基本上没用。ddos就是因为不好防,不好查,所以才在网络上这么横行。
这种幕后操纵,想找真实的就查路由最选择正确。
我的意思是说他们是靠什么手段找到攻击者的啊, 理论上说DDOS攻击找到主谋很难,所以好奇
打110,网警叔叔免费帮你。
绛旓細Ddos鏀诲嚮鐮村潖浜嗕粈涔堬紝閽堝浼佷笟璧勬簮鏉ヨ繘琛屽垎鏋愶紝ddos鏀诲嚮姝e湪缁欎紒涓氭彁渚涗竴涓渶瑕佸強鏃跺簲瀵归珮鑳藉姏娑堣垂鐨勯棶棰樸傜劧鑰岋紝鏈夌櫨鍒嗕箣涓夊崄涓冪殑鍙楄鑰咃紝閫夋嫨鐨勬槸淇濇姢鎺柦鏉ュ強鏃朵互搴斿ddos濞佽儊锛屼笉绠℃槸鍝绫诲瀷鐨勪紒涓氶兘搴旇鍙婃椂瀵筪dos杩涜瀹夊叏闃插尽锛岃繖鎵嶆槸棣栬浠诲姟锛屾暣鍚堝畨鍏ㄦ湁绛栫暐鐨刣dos瑙e喅鏂规锛屽叾瀹炲氨鏄湪鏁村悎棰嗗厛瀹夊叏...
绛旓細杩欐椂鍊欏垎甯冨紡鐨勬嫆缁濇湇鍔℃敾鍑绘墜娈碉紙DDoS锛夊氨搴旇繍鑰岀敓浜嗐備綘鐞嗚В浜DoS鏀诲嚮鐨勮瘽锛屽畠鐨勫師鐞嗗氨寰堢畝鍗曘傚鏋滆璁$畻鏈轰笌缃戠粶鐨勫鐞嗚兘鍔涘姞澶т簡10鍊嶏紝鐢ㄤ竴鍙版敾鍑绘満鏉ユ敾鍑讳笉鍐嶈兘璧蜂綔鐢ㄧ殑璇濓紝鏀诲嚮鑰浣跨敤10鍙版敾鍑绘満鍚屾椂鏀诲嚮鍛紵鐢100鍙板憿锛烡DoS灏辨槸鍒╃敤鏇村鐨勫個鍎℃満鏉ュ彂璧疯繘鏀伙紝浠ユ瘮浠庡墠鏇村ぇ鐨勮妯℃潵杩涙敾鍙楀鑰呫
绛旓細濡傛鏌ユ壘,鍗充娇鏈缁堣兘鏌ュ埌骞曞悗榛戞墜,浣嗛渶瑕佽姳璐瑰法棰濈殑浜哄姏鍜岃储鍔涙垚鏈,鍙湁鍏崇郴鍒板浗瀹堕噸澶у0瑾夋垨缁忔祹鎹熷け鏃舵墠鍙兘褰诲簳杩芥煡,涓鑸儏鍐典篃灏变笉浜嗕簡涔嬩簡銆 鍘傚晢鏂规鍚勬湁涓嶅悓 鐩墠,涓氱晫鏅亶璁や负,瀵逛簬DDoS鏀诲嚮骞舵病鏈100%鏈夋晥鐨勯槻寰℃墜娈点備絾鏄,鐢变簬鏀诲嚮鑰蹇呴』浠樺嚭姣旈槻寰¤呭ぇ寰楀鐨勮祫婧愬拰鍔姏鎵嶈兘鎷ユ湁杩欐牱鐨勨滃姩鍔涒,鎵浠ョН鏋...
绛旓細瀹為檯涓婏紝BBC骞堕潪鍞竴閬彈姝ょ被鏀诲嚮鐨勫獟浣撴満鏋勩傛棭鍦2013骞达紝绾界害鏃舵姤鍏徃鐨勫煙鍚嶅氨鏇捐鍙欏埄浜氶粦瀹㈢洴涓婏紝瀵艰嚧銆婄航绾︽椂鎶ャ嬬綉绔欑煭鏆傚畷鏈恒傘婇噾铻嶆椂鎶ャ嬪拰銆婂崕鐩涢】閭姤銆嬩篃鏇炬垚涓烘敾鍑荤洰鏍囥傚氨杩炴斂搴滈儴闂ㄧ殑鏁板瓧鏈嶅姟鍦ㄩ伃鍒拌繖绫DDoS鏀诲嚮鏃讹紝涔熷彲鑳藉嚭鐜版湇鍔′腑鏂殑鎯呭喌銆傝繖娆′簨浠跺啀娆″嚫鏄句簡鏂伴椈濯掍綋鍦ㄦ暟瀛楀寲鏃朵唬闈复鐨...
绛旓細1銆佸悗闂ㄦ湪椹細鍚庨棬鏈ㄩ┈涓鏃﹁繘鍏ヤ綘鐨勭數鑴戯紝灏变細鍦ㄤ綘鐨勭數鑴戜笂瀹夎涓涓悗闂紝鍏佽缃戠粶缃姱杩滅▼璁块棶銆鏀诲嚮鑰缁忓父浣跨敤瀹冧滑鏉ュ垱寤哄兊灏哥綉缁滐紝浠呭湪2022骞村氨杩涜浜嗘暟鍗佷竾娆℃敾鍑汇2銆丏DoS鏈ㄩ┈锛氬垎甯冨紡鎷掔粷鏈嶅姟锛圖DoS锛夋湪椹氬父涓庡悗闂ㄦ湪椹噸鍙犮傝繖浜涙伓鎰忚蒋浠舵帶鍒跺彈鎰熸煋鐨勮绠楁満锛岄氳繃璇锋眰浣跨綉绔欐垨缃戠粶杩囪浇锛屼綔涓DDoS鏀诲嚮鐨...
绛旓細绗簩姝ュ湪鍏ヤ镜涓绘満涓婂畨瑁呮敾鍑荤▼搴忥紝鍏朵腑涓閮ㄥ垎涓绘満鍏呭綋鏀诲嚮鐨勪富鎺х锛屼竴閮ㄥ垎涓绘満鍏呭綋鏀诲嚮鐨勪唬鐞嗙銆傛渶鍚庡悇閮ㄥ垎涓绘満鍚勫徃鍏惰亴锛屽湪鏀诲嚮鑰鐨勮皟閬d笅瀵规敾鍑诲璞″彂璧锋敾鍑汇傜敱浜庢敾鍑昏呭湪骞曞悗鎿嶇旱锛屾墍浠ュ湪鏀诲嚮鏃朵笉浼氬彈鍒扮洃鎺х郴缁熺殑璺熻釜锛岃韩浠戒笉瀹规槗琚彂鐜般備簩銆DDoS鏀诲嚮浣跨敤鐨勫父鐢ㄥ伐鍏 DDoS鏀诲嚮瀹炴柦璧锋潵鏈変竴瀹氱殑闅惧害锛...
绛旓細瀵规姉DDoS鏀诲嚮 锛屼絾鎶鏈伐鍏疯繕涓嶅锛屾湁鍏冲湪绾挎椿鍔ㄧ殑娉曞緥娉曡涔熶笉澶熲斺斿寘鎷帿閲屾柉琚寚鎺х殑娉曞緥銆傛暟鍗佷釜宸炲拰鑱旈偊鐨勭綉缁滅姱缃硶瑙勪技涔庤繕娌℃湁鍑忓皯鏀诲嚮鐨勬绘暟鎴栦弗閲嶇▼搴︼紝閮ㄥ垎鍘熷洜鏄敱浜庨棶棰樼殑鍏ㄧ悆鎬с傚浗浼氭鍦ㄥ姫鍔涘厑璁告敾鍑诲彈瀹宠呭湪鏌愪簺鎯呭喌涓嬮噰鍙栫Н鏋佺殑闃插尽鎺柦鈥斺旇繖涓姒傚康甯︽潵浜嗚澶氫笉鍒╁洜绱狅紝鍖呮嫭鍗囩骇鐨勯闄┾...
绛旓細鑵捐浜戣嚜寤哄ぇ绂圭郴缁熷崜瓒婄殑瀹夊叏闃插尽鑳藉姏浠ュ強鑵捐鍦ㄩ暱鏈熷畧鍗捣閲忕敤鎴峰畨鍏ㄥ疄鎴樹腑娌夋穩鐨勫疂璐电粡楠屽啀娆$粡鍙椾綇鑰冮獙锛屽苟鑾峰緱涓氱晫鐨勪竴鑷撮鑲傜綉缁滃畨鍏ㄤ簨浠堕鍙戯紝DDoS鏀诲嚮澶氫负骞曞悗榛戞墜鎻愬埌DDoS鏀诲嚮锛屾渶杩戜袱涓湀涔嬪唴鍙戠敓鐨勫ぇ瑙勬ā浜掕仈缃戦粦鐏簨浠惰繕鍦ㄤ护浼楀浜掕仈缃戜粠涓氳呭績鏈変綑鎮搞傚悓鏍锋槸22鏃ワ紝鍥藉唴鐭ュ悕浜戞湇鍔℃満鎴挎晠闅滐紝...
绛旓細榛戝鍚寸堪娓 闃块噷鍐呴儴鏈変竴涓瀬鍏剁绉樼殑閮ㄩ棬锛屽彨闃块噷绁炵浘灞锛岃繖涓儴闂ㄦ槸淇濋殰鍏ㄧ悆鏈搴炲ぇ鐢靛瓙鍟嗗姟鐢熸佺郴缁熷畨鍏ㄧ殑鈥滅綉缁滅壒宸ラ槦鈥濓紝涔熸槸淇濋殰鈥滃弻11鈥濃滅孩鍖呭ぇ鎴樷濋『鍒╄繘琛岀殑骞曞悗鍔熻嚕锛屾瘡澶╅兘鏈嶅姟鐫鏁颁嚎娑堣垂鑰呭拰鍟嗗銆傚畠淇濇姢鐭ヨ瘑浜ф潈锛屽嵆鎵撳亣锛涗繚鎶よ处鎴峰畨鍏紝涓昏闃叉铏氬亣娉ㄥ唽锛涗繚鎶や氦鏄撳畨鍏紝涓昏闃叉浜ゆ槗娆鸿瘓銆佹伓鎰...
绛旓細浣嗚繖骞朵笉绛変簬Conficker涓嶄細浣滄伓,鑰岃繖瀹屽叏鍙栧喅浜嶤onficker骞曞悗鐨勬帶鍒惰呬笅涓姝ュ浣曞姩浣溿 2銆佹櫘閫氱綉姘戝拰浼佷笟鐢ㄦ埛搴旇濡備綍闃茶寖? 绛:鏅氱敤鎴峰簲寮哄寲缃戠粶瀹夊叏鎰忚瘑,鍙婃椂鐢360瀹夊叏鍗+杩欐牱鐨勪笓涓氬畨鍏ㄥ伐鍏蜂负鐢佃剳鎵撹ˉ涓,淇绯荤粺婕忔礊,灏辫兘閬垮厤鍙楀埌Conficker锠曡櫕鐨勫叆渚,浠庤屼笉浼氭垚涓轰粬浠鏀诲嚮鍒汉缃戠粶鐨勫府鍑躲 浼佷笟鐢ㄦ埛鐨勫眬鍩熺綉鏇存槸Con...
