| SYN FLOOD Saldırılarını görme |
| (1/1) |
|
MuratbanK: Konsola girdikten sonra netstat -np | grep SYN_RECV yazdıktan sonra Kod Alanı: Kod: root@client-196-20 [~]# netstat -np | grep SYN_RECV tcp 0 0 62.*.*.*:80 85.106.132.234:28008 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28014 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1175 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1179 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28007 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28010 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28009 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1172 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1177 SYN_RECV - tcp 0 0 62.*.*.*:80 85.102.50.22:50706 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1173 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1178 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28005 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28001 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1167 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1171 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1168 SYN_RECV - tcp 0 0 62.*.*.*:80 85.102.50.22:50707 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28011 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28006 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1176 SYN_RECV - tcp 0 0 62.*.*.*:80 85.106.132.234:28002 SYN_RECV - tcp 0 0 62.*.*.*:80 81.215.237.83:1174 SYN_RECV - SYN_RECV başlıklı tüm ip ler SYN Flood yapan ip adresleridir. O anki saldırıyo kesmek için şu iki iptables komutunu kullanıyorum : iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN iptables -A INPUT -p tcp -m tcp -d 80 -j DROP Saldırıdan sonra netstat -np | grep SYN_RECV |
| Navigasyon |
| Mesajlar |