ss5 1080端口被攻击如何解决
机器上开了SS5的SOCKS代理。端口为1080
近期常常间隔1,2小时自动重启。。。。搞了很久也不知道怎么回事。
TCPDUMP后发现奇怪的包
水平较菜,目前只大概猜 到发送大量的FIN标志包。。。。
这样的攻击有可能造成重启吗?如果负载过大的话。。那为什么他不攻击80,,还是APACHE连接机制比较好
有没有办法解决这种攻击。
12:29:26.747312 IP (tos 0x0, ttl 115, id 20907, offset 0, flags [DF], proto 6, length: 4
222.231.59.26.3751 > my ip..134.socks: S [tcp sum ok] 2138886867:2138886867(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:26.747358 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..134.socks > 222.231.59.26.3751: R [tcp sum ok] 0:0(0) ack 2138886868 win 0
12:29:27.417965 IP (tos 0x0, ttl 115, id 21575, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.3751 > my ip..134.socks: S [tcp sum ok] 2138886867:2138886867(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:27.417979 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..134.socks > 222.231.59.26.3751: R [tcp sum ok] 0:0(0) ack 1 win 0
12:29:28.188567 IP (tos 0x0, ttl 115, id 22426, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.3751 > my ip..134.socks: S [tcp sum ok] 2138886867:2138886867(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:28.188584 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..134.socks > 222.231.59.26.3751: R [tcp sum ok] 0:0(0) ack 1 win 0
12:29:34.853252 IP (tos 0x0, ttl 115, id 29544, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.8978 > my ip..131.socks: S [tcp sum ok] 518693620:518693620(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:34.853311 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 222.231.59.26.8978: R [tcp sum ok] 0:0(0) ack 518693621 win 0
12:29:35.507777 IP (tos 0x0, ttl 115, id 30183, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.8978 > my ip..131.socks: S [tcp sum ok] 518693620:518693620(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:35.507790 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 222.231.59.26.8978: R [tcp sum ok] 0:0(0) ack 1 win 0
12:29:35.682688 IP (tos 0x0, ttl 119, id 39919, offset 0, flags [DF], proto 6, length: 4 216.32.69.74.4859 > my ip..131.socks: S [tcp sum ok] 197881388:197881388(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:35.682700 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 216.32.69.74.4859: R [tcp sum ok] 0:0(0) ack 197881389 win 0
12:29:36.054995 IP (tos 0x0, ttl 115, id 30784, offset 0, flags [DF], proto 6, length: 4 222.231.59.26.8978 > my ip..131.socks: S [tcp sum ok] 518693620:518693620(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:36.055014 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 222.231.59.26.8978: R [tcp sum ok] 0:0(0) ack 1 win 0
12:29:36.104470 IP (tos 0x0, ttl 119, id 39949, offset 0, flags [DF], proto 6, length: 4 216.32.69.74.4859 > my ip..131.socks: S [tcp sum ok] 197881388:197881388(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:36.104489 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 216.32.69.74.4859: R [tcp sum ok] 0:0(0) ack 1 win 0
12:29:36.607346 IP (tos 0x0, ttl 119, id 40013, offset 0, flags [DF], proto 6, length: 4 216.32.69.74.4859 > my ip..131.socks: S [tcp sum ok] 197881388:197881388(0) win 65535 <mss 1460,nop,nop,sackOK>
12:29:36.607395 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, length: 40) my ip..131.socks > 216.32.69.74.4859: R [tcp sum ok] 0:0(0) ack 1 win 0
那上面奇怪的人头是什么。。搞什么 搞。。。。自动转换这么郁闷的功能竟然也开启
[ 本帖最后由 loniy 于 2007-5-13 01:34 编辑 ]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
用iptables
iptables -A allowed -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A allowed -p tcp -j DROP
正常的包允许 其他的删掉
iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
经常重启,不排除硬件的可能哦.
是不是CPU温度太高了?机箱内温度呢?
很多人都说,自己也的确感觉 socks5 不稳定,建议换其他的 proxy 代理
还有一个 for linux 的开源代理,具体名字我忘记了……
不是温度,,,把服务关了,就正常了,不重启了,,,,