SYN FLOOD Saldırılarını görme

Sayfa: (1/1)

MuratbanK:

Konsola girdikten sonra

netstat -np | grep SYN_RECV

yazdıktan sonra

Kod Alanı:
Kod:
--

root@client-196-20 [~]# netstat -np | grep SYN_RECV
tcp 0 0 62.*.*.*:80 85.106.132.234:28008 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28014 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1175 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1179 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28007 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28010 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28009 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1172 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1177 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.102.50.22:50706 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1173 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1178 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28005 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28001 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1167 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1171 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1168 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.102.50.22:50707 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28011 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28006 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1176 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28002 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1174 SYN_RECV - 
--

 



SYN_RECV başlıklı tüm ip ler SYN Flood yapan ip adresleridir.

O anki saldırıyo kesmek için şu iki iptables komutunu kullanıyorum :

iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A INPUT -p tcp -m tcp -d 80 -j DROP


Saldırıdan sonra

netstat -np | grep SYN_RECV

Sayfa: (1/1)