这样的攻击,谁有办法。。大家来帮帮忙
用netstat 查看如下。。
TCP 61.132.136.139:80 0.229.162.224:10647 SYN_RECEIVED
TCP 61.132.136.139:80 1.229.44.224:48965 SYN_RECEIVED
TCP 61.132.136.139:80 2.105.2.156:20131 SYN_RECEIVED
TCP 61.132.136.139:80 2.167.128.64:27061 SYN_RECEIVED
TCP 61.132.136.139:80 2.179.69.96:37205 SYN_RECEIVED
TCP 61.132.136.139:80 2.244.249.192:59759 SYN_RECEIVED
TCP 61.132.136.139:80 4.1.34.224:17643 SYN_RECEIVED
TCP 61.132.136.139:80 4.202.80.192:38910 SYN_RECEIVED
TCP 61.132.136.139:80 8.137.82.96:40150 SYN_RECEIVED
TCP 61.132.136.139:80 11.40.68.32:12461 SYN_RECEIVED
TCP 61.132.136.139:80 11.95.13.64:51529 SYN_RECEIVED
TCP 61.132.136.139:80 12.71.121.240:39756 SYN_RECEIVED
TCP 61.132.136.139:80 16.6.14.128:35975 SYN_RECEIVED
TCP 61.132.136.139:80 18.29.134.224:6663 SYN_RECEIVED
TCP 61.132.136.139:80 18.52.164.64:32888 SYN_RECEIVED
TCP 61.132.136.139:80 19.231.24.176:57922 SYN_RECEIVED
TCP 61.132.136.139:80 20.239.158.0:3680 SYN_RECEIVED
TCP 61.132.136.139:80 23.49.173.96:11687 SYN_RECEIVED
TCP 61.132.136.139:80 23.250.219.68:10078 SYN_RECEIVED
TCP 61.132.136.139:80 24.30.42.192:63521 SYN_RECEIVED
TCP 61.132.136.139:80 25.189.146.160:56374 SYN_RECEIVED
TCP 61.132.136.139:80 27.150.250.64:47469 SYN_RECEIVED
TCP 61.132.136.139:80 30.62.13.128:45141 SYN_RECEIVED
TCP 61.132.136.139:80 32.42.129.224:21086 SYN_RECEIVED
TCP 61.132.136.139:80 32.224.163.20:2032 SYN_RECEIVED
TCP 61.132.136.139:80 33.58.78.192:41916 SYN_RECEIVED
TCP 61.132.136.139:80 33.136.53.64:21732 SYN_RECEIVED
TCP 61.132.136.139:80 34.151.40.64:31401 SYN_RECEIVED
TCP 61.132.136.139:80 36.31.5.174:46566 SYN_RECEIVED
TCP 61.132.136.139:80 37.93.122.80:64324 SYN_RECEIVED
TCP 61.132.136.139:80 38.143.188.190:16304 SYN_RECEIVED
TCP 61.132.136.139:80 38.214.91.192:37096 SYN_RECEIVED
TCP 61.132.136.139:80 39.24.16.32:30272 SYN_RECEIVED
TCP 61.132.136.139:80 40.179.103.64:42182 SYN_RECEIVED
TCP 61.132.136.139:80 41.47.27.136:13801 SYN_RECEIVED
TCP 61.132.136.139:80 41.90.31.128:6064 SYN_RECEIVED
TCP 61.132.136.139:80 41.175.77.128:54906 SYN_RECEIVED
TCP 61.132.136.139:80 43.225.243.240:54066 SYN_RECEIVED
TCP 61.132.136.139:80 43.253.34.16:9194 SYN_RECEIVED
TCP 61.132.136.139:80 44.121.67.80:48984 SYN_RECEIVED
TCP 61.132.136.139:80 44.218.163.128:64804 SYN_RECEIVED
TCP 61.132.136.139:80 45.66.222.31:20891 SYN_RECEIVED
TCP 61.132.136.139:80 45.203.49.128:12357 SYN_RECEIVED
TCP 61.132.136.139:80 46.94.221.32:14418 SYN_RECEIVED
TCP 61.132.136.139:80 47.59.132.160:36474 SYN_RECEIVED
TCP 61.132.136.139:80 47.223.6.32:36241 SYN_RECEIVED
TCP 61.132.136.139:80 48.52.52.32:24168 SYN_RECEIVED
TCP 61.132.136.139:80 48.160.236.128:27084 SYN_RECEIVED
TCP 61.132.136.139:80 48.184.9.224:56122 SYN_RECEIVED
TCP 61.132.136.139:80 49.176.76.112:6782 SYN_RECEIVED
TCP 61.132.136.139:80 49.179.240.40:60695 SYN_RECEIVED
TCP 61.132.136.139:80 50.9.139.32:11645 SYN_RECEIVED
TCP 61.132.136.139:80 50.129.155.176:45260 SYN_RECEIVED
TCP 61.132.136.139:80 50.231.12.160:4858 SYN_RECEIVED
TCP 61.132.136.139:80 51.1.205.176:53310 SYN_RECEIVED
TCP 61.132.136.139:80 51.56.41.224:53680 SYN_RECEIVED
TCP 61.132.136.139:80 56.52.198.16:31401 SYN_RECEIVED
TCP 61.132.136.139:80 56.157.109.184:4013 SYN_RECEIVED
TCP 61.132.136.139:80 57.161.117.112:32180 SYN_RECEIVED
TCP 61.132.136.139:80 58.41.200.224:18294 SYN_RECEIVED
TCP 61.132.136.139:80 58.184.246.192:29450 SYN_RECEIVED
TCP 61.132.136.139:80 58.208.20.40:15454 SYN_RECEIVED
TCP 61.132.136.139:80 59.14.145.192:25261 SYN_RECEIVED
TCP 61.132.136.139:80 59.38.28.0:14366 SYN_RECEIVED
TCP 61.132.136.139:80 59.45.99.144:16831 SYN_RECEIVED
TCP 61.132.136.139:80 59.181.74.0:47678 SYN_RECEIVED
TCP 61.132.136.139:80 60.84.77.208:19320 SYN_RECEIVED
TCP 61.132.136.139:80 60.107.216.64:5850 SYN_RECEIVED
TCP 61.132.136.139:80 61.49.207.64:19661 SYN_RECEIVED
TCP 61.132.136.139:80 61.57.22.192:13079 SYN_RECEIVED
TCP 61.132.136.139:80 61.88.194.128:58197 SYN_RECEIVED
TCP 61.132.136.139:80 61.138.239.73:3457 TIME_WAIT
TCP 61.132.136.139:80 61.146.85.120:52179 SYN_RECEIVED
TCP 61.132.136.139:80 61.154.30.224:3338 ESTABLISHED
TCP 61.132.136.139:80 61.154.30.224:4692 ESTABLISHED
TCP 61.132.136.139:80 61.154.30.224:4892 ESTABLISHED
TCP 61.132.136.139:80 61.177.214.65:30542 SYN_RECEIVED
TCP 61.132.136.139:80 61.250.253.28:33377 SYN_RECEIVED
TCP 61.132.136.139:80 62.41.164.216:10438 SYN_RECEIVED
TCP 61.132.136.139:80 62.96.1.0:8724 SYN_RECEIVED
TCP 61.132.136.139:80 63.6.185.72:2227 SYN_RECEIVED
TCP 61.132.136.139:80 63.112.58.192:27013 SYN_RECEIVED
TCP 61.132.136.139:80 63.119.130.96:20806 SYN_RECEIVED
TCP 61.132.136.139:80 63.231.222.112:56021 SYN_RECEIVED
TCP 61.132.136.139:80 64.228.158.160:11241 SYN_RECEIVED
TCP 61.132.136.139:80 64.248.24.64:2284 SYN_RECEIVED
TCP 61.132.136.139:80 67.18.199.108:29236 SYN_RECEIVED
TCP 61.132.136.139:80 67.27.85.192:34688 SYN_RECEIVED
TCP 61.132.136.139:80 68.19.43.96:31682 SYN_RECEIVED
TCP 61.132.136.139:80 68.69.227.224:807 SYN_RECEIVED
TCP 61.132.136.139:80 68.116.139.128:25651 SYN_RECEIVED
TCP 61.132.136.139:80 68.244.189.128:45986 SYN_RECEIVED
TCP 61.132.136.139:80 69.170.113.192:48409 SYN_RECEIVED
TCP 61.132.136.139:80 69.232.130.96:35880 SYN_RECEIVED
TCP 61.132.136.139:80 70.182.154.224:57551 SYN_RECEIVED
TCP 61.132.136.139:80 70.240.154.208:10258 SYN_RECEIVED
TCP 61.132.136.139:80 72.120.229.64:9750 SYN_RECEIVED
TCP 61.132.136.139:80 72.151.74.20:15971 SYN_RECEIVED
TCP 61.132.136.139:80 72.186.44.160:28053 SYN_RECEIVED
TCP 61.132.136.139:80 72.221.124.32:29987 SYN_RECEIVED
TCP 61.132.136.139:80 74.46.253.112:1643 SYN_RECEIVED
TCP 61.132.136.139:80 74.78.60.64:55106 SYN_RECEIVED
TCP 61.132.136.139:80 75.59.38.128:58572 SYN_RECEIVED
TCP 61.132.136.139:80 75.151.156.12:81 SYN_RECEIVED
TCP 61.132.136.139:80 76.210.108.224:41636 SYN_RECEIVED
TCP 61.132.136.139:80 77.128.217.160:40231 SYN_RECEIVED
TCP 61.132.136.139:80 78.35.129.52:11840 SYN_RECEIVED
TCP 61.132.136.139:80 78.132.225.96:17838 SYN_RECEIVED
都是这样的 单一ip的 syn攻击。。。有什么办法呀
屏蔽了一些ip 但是刷新的太快了。
问题点数:0、回复次数:7Top
1 楼newstudy(简单搜索)回复于 2003-06-01 01:57:10 得分 0
后面还有几千条 这样攻击记录
一直到 254.x.x.x这样的 ip。
Top
2 楼lijiuhua0721(随缘)回复于 2003-06-01 07:57:55 得分 0
加上天网试试吧Top
3 楼suntiger(windows2000超级补丁)回复于 2003-06-01 12:52:36 得分 0
主机系统中,抵御SYN Flood攻击可以采用以下措施:
1,增加TCP监听套接字未完成连接队列的最大长度。
2,减少未完成队列的超时等待时间。
3,使用诸如SYN Cookies这样的特殊措施。
在windows 2000 中,可以通过注册表来设置一些TCP/IP参数。
以下是几个与TCP/IP参数相关的注册表值位于下列注册表键中:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\parameters
(1)SynAttackProtect
类型:REG_DWORD
有效取值:0-2
默认值:0(无 )
推荐值:2
说明:这个值决定了系统受到SYN攻击时所采用的保护措施,包括减少系统SYN/ACK重试次数,缩短SYN超时等待时间等,该值设置为2,可以提供对付SYN Flood攻击的最好保护措施。
(2)TcpMaxConnectResponseRetransmissions
类型:REG_DWORD
有效取值:0-255
默认值:3
推荐值:1
说明:这个值决定了服务器收到SYN请求后重传SYN/ACK包的次数,在没有打补丁的NT4.0系统中,该值为5。在新的系统中该值为3(重传超时时间为3,6,12秒,并在第三次超时后的24秒之后清除队列表项,所以,总共持续时间为45秒)。如果设置为1,表示只重传1次,3秒之后再等待6秒钟(共持续9秒),将表项从队列中清除。
(3)TcpMaxHalfOpen
类型:REG_DWORD
有效取值:100-0xFFFF
默认值:100(工作站和服务器 ),500(高级服务器)
推荐值:根据实际情况来定
说明:这个值表示系统允许同时打开的半连接数,如果半连接数超过了该值的设定,系统将会随机丢弃SYN报文。
(4)TcpMaxHalfOpenRetried
类型: REG_DWORD
有效取值:80-0xFFFF
默认值:80(工作站和服务器),400( 高级服务器)
推荐值:根据实际情况来定
说明:这个值决定了系统在什么情况下开启SynAttackProtect功能。
其实,Windows 2000的SYN Flood攻击保护机制是由上面几个注册表值协同工作来实现的:如果SYN半连接的数量超过了TcpMaxHalfOpenRetried的设置,系统会认为受到了SYN Flood攻击,此时,SynAttackProtect键值中的设置选项开始起作用,SYN超时时间被缩短,SYN/ACK的重试次数减少,系统力图将攻击危害减到最低。如果攻击强度不断增大,超过了TcpMaxHalfOpen值,系统认为已经不能提供正常的服务了,它将会随机丢弃任何超出TcpMaxHalfOpen取值范围的SYN报文,以保证系统的稳定性。
尽管通过调整TCP/IP协议栈的某些参数可以在一定程度上抵御SYN Flood攻击,但总不是根本的方法。因为系统资源是有限的。增大了连接队列长度,系统消耗的内存资源就更多,而且,无论怎样,黑客发动SYN Flood攻击的效率总要比系统资源的调整更高一些,如果黑客策划大规模的攻击(例如DDOS),系统还是无法抵御。另外,某些操作系统采用的特殊机制(例如SYN cookies),也只能在有限范围和程度上起作用,并不能从本质上提高抵御SYN Flood攻击的能力。所以,采用高性能的防火墙也许是较好的选择。不过,要视你的具体情况而定!
Top
4 楼sink()回复于 2003-06-01 14:00:28 得分 0
买硬件防火墙吧,没有好办法Top
5 楼dyw_nirvana(dywnirvana)回复于 2003-06-01 14:10:33 得分 0
安装天网直接吧syn屏蔽,简单实用
如果你还想了解syn攻击原理,就到xfocus看看,很多Top
6 楼joyo167(joyo)回复于 2003-06-01 15:30:53 得分 0
关闭Http服务,然后买防火墙Top
7 楼moonmistake()回复于 2003-06-02 10:50:37 得分 0
前些天清华就是这样遭到攻击的.
没有办法
还是买硬件防火墙
软件防火墙根本顶不住.
Top
