设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 运维技术 —— LinuxSir.cn 网络技术\网络安全讨论 服务器貌似受到UDP FLOOD攻击,大家给看看。 ...
返回列表 发新帖
查看: 2625|回复: 2

服务器貌似受到UDP FLOOD攻击,大家给看看。

[复制链接]
emilio
发表于 2010-3-30 18:55:21 | 显示全部楼层 |阅读模式
服务器版本

Distributor ID:        Ubuntu
Description:        Ubuntu 8.04.4 LTS
Release:        8.04
Codename:        hardy
Kernel: 2.6.24-27-server


用dmesg看到很多udp checksum error的错误。如下

  1. [32437.881001] UDP: bad checksum. From 121.27.205.1:13223 to 61.178.231.X:13803 ulen 1056
  2. [32437.944654] UDP: bad checksum. From 121.27.205.1:13223 to 61.178.231.X:13803 ulen 1056
  3. [32441.155480] UDP: bad checksum. From 121.27.205.1:13223 to 61.178.231.X:13803 ulen 1056
  4. [32446.515058] UDP: bad checksum. From 116.208.196.109:20220 to 61.178.231.X:11662 ulen 116
  5. [32581.577348] UDP: bad checksum. From 58.44.246.205:13980 to 61.178.231.X:13876 ulen 1056
  6. [32682.521452] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  7. [32682.662707] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  8. [32682.709034] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  9. [32685.975322] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  10. [32688.112755] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  11. [32694.100693] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  12. [32697.314187] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  13. [32697.357757] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  14. [32697.403166] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  15. [32697.410709] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  16. [32700.153897] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  17. [32703.182395] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  18. [32707.517785] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  19. [32710.203817] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  20. [32712.288750] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  21. [32715.456915] printk: 1 messages suppressed.
  22. [32715.456923] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  23. [32717.684547] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  24. [32723.645794] printk: 4 messages suppressed.
  25. [32723.645801] UDP: bad checksum. From 58.50.13.216:13564 to 61.178.231.X:13617 ulen 1056
  26. [32878.711360] UDP: bad checksum. From 114.149.251.142:13343 to 61.178.231.X:13320 ulen 1056
  27. [33139.195948] UDP: bad checksum. From 117.42.156.183:15000 to 61.178.231.X:15000 ulen 1445
  28. [33139.253567] UDP: bad checksum. From 117.42.156.183:15000 to 61.178.231.X:15000 ulen 1446
  29. [33144.802990] UDP: bad checksum. From 117.42.156.183:15000 to 61.178.231.X:15000 ulen 1448
  30. [33565.451681] UDP: bad checksum. From 113.137.240.225:1863 to 61.178.231.X:9099 ulen 1060
  31. [33582.986148] UDP: bad checksum. From 113.137.240.225:1863 to 61.178.231.X:9099 ulen 1060
  32. [33772.105596] UDP: bad checksum. From 114.237.123.7:2447 to 61.178.231.X:1731 ulen 21
  33. [33892.254780] UDP: bad checksum. From 222.243.35.18:53126 to 61.178.231.X:12403 ulen 132
复制代码



为了防止DDOS攻击,我在/etc/sysctl.conf加入了如下内容。

  1. net.ipv4.netfilter.ip_conntrack_max = 98000
  2. net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 30
  3. net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
  4. net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 120
  5. net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 30
  6. net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 60
  7. net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 30
  8. net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 30
  9. net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 30
  10. net.ipv4.tcp_keepalive_time = 10
  11. #
  12. net.ipv4.tcp_syncookies= 1
  13. net.ipv4.tcp_fin_timeout=2
  14. net.ipv4.tcp_tw_reuse = 1
  15. net.ipv4.tcp_tw_recycle = 1
  16. net.ipv4.tcp_tw_reuse = 1
  17. net.ipv4.ip_local_port_range=102465000
  18. net.ipv4.tcp_max_syn_backlog = 8192
  19. net.ipv4.tcp_max_tw_buckets = 5000
  20. net.ipv4.tcp_synack_retries = 2
  21. net.ipv4.tcp_syn_retries = 2
复制代码


/proc/net/ip_conntrack 的计数如下:

  1. $ sudo wc -l /proc/net/ip_conntrack
  2. 13109 /proc/net/ip_conntrack
复制代码


请问各位朋友,出现这种问题,是什么原因?如何应对?服务器有运行IPTABLES。
回复

使用道具 举报

afong9
发表于 2010-5-24 12:28:37 | 显示全部楼层
若不使用UDP协议的就关掉iptables里的UDP穿透吧.好像是631那项
回复 支持 反对

使用道具 举报

发表于 2010-6-29 13:51:27 | 显示全部楼层
封掉UDP。
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表