设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 运维技术 —— LinuxSir.cn 网络技术\网络安全讨论 被攻击实例:请教ESTABLISHED方式的如何用iptables来防 ...
返回列表 发新帖
查看: 1860|回复: 3

被攻击实例:请教ESTABLISHED方式的如何用iptables来防

[复制链接]
zzw45
发表于 2005-11-28 09:12:22 | 显示全部楼层 |阅读模式
1、请教下面一句话是什么意思?
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


2、请教如果防止如下攻击
###################################
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1392 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1360 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1456 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1424 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1393 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1361 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1457 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1425 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1394 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1362 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1458 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1426 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1395 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1363 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1427 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1396 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1364 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1428 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1397 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1365 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1429 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:4662 TIME_WAIT   
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1398 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1366 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1430 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:4663 TIME_WAIT   
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1399 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1367 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1431 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1400 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1368 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1432 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1401 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1369 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1433 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1402 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1370 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1434 ESTABLISHED
tcp        0      0 ::ffff:61.129.53.112:80     ::ffff:221.224.114.195:1403 ESTABLISHED
###################################
回复

使用道具 举报

发表于 2005-11-28 21:07:51 | 显示全部楼层
假设221.224.114.195是攻击机器
iptables -t nat -I PREROUTING 1 -s 221.224.114.195 -j DROP
iptables -t nat -I PREROUTING 1 -d 221.224.114.195 -j DROP
试试

# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
是讲让已经建立的连接正常通过,通常用在缺省策略为禁止的防火墙上。
回复 支持 反对

使用道具 举报

hmqq
发表于 2005-11-29 09:35:58 | 显示全部楼层
iptables connlimit
或者用apache的mod_limitipconn模块来限制每个IP的并发连接数量
回复 支持 反对

使用道具 举报

发表于 2005-12-5 11:39:26 | 显示全部楼层
Post by hmqq
iptables connlimit
或者用apache的mod_limitipconn模块来限制每个IP的并发连接数量


正解,限制同一个IP的连接数量即可:%
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表