phanx
powered by Technology
-
TCP Intercept防止TCP SynFlood DoS
========phanx.com=========
Author: phanx
Updated: 2008-12-18
=========================今天居然有人SynFlood我的Web Server,无聊的人还真多。。。偶然跑到Router上检查,居然发现有大量的NAT条目,一看端口很规律,都是去往Web Server的80的,而且源地址是同一个,源端口依次递增。估计是TCP SynFlood了,不过幸好还不是超多。于是使用2800自带的防止SynFlood DoS的功能TCP Intercept。配置简单,立马见效,5 seconds 不Established,就向Server发送TCP RST了 。ip tcp intercept list TCPINTERCEPT
ip tcp intercept connection-timeout 300ip tcp intercept watch-timeout 5
ip tcp intercept mode watchip access-list extended TCPINTERCEPT
permit tcp any host 188.8.8.8 eq 80phanx_Router#sh tcp intercept con
Incomplete:
Client Server State Create Timeout Mode
221.201.145.24:51247 188.8.8.8:80 SYNSENT 00:00:04 00:00:00 W
221.201.145.24:51246 188.8.8.8:80 SYNSENT 00:00:04 00:00:00 W
221.201.145.24:51245 188.8.8.8:80 SYNSENT 00:00:04 00:00:00 W
221.201.145.24:51251 188.8.8.8:80 SYNSENT 00:00:03 00:00:01 W
221.201.145.24:51250 188.8.8.8:80 SYNSENT 00:00:04 00:00:00 W
221.201.145.24:51249 188.8.8.8:80 SYNSENT 00:00:04 00:00:00 W
221.201.145.24:51248 188.8.8.8:80 SYNSENT 00:00:04 00:00:00 W
Established:phanx_Router#sh tcp intercept st
Watching new connections using access-list TCPINTERCEPT
11 incomplete, 0 established connections (total 11)
55 connection requests per minute还好还好,不是动真格的。。。
以下是NAT记录。phanx_Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:1055 60.240.247.48:1055
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:1060 60.240.247.48:1060
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:1061 60.240.247.48:1061
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:1094 60.240.247.48:1094
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:1116 60.240.247.48:1116
。。。tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:3688 60.240.247.48:3688
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:3689 60.240.247.48:3689
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:3690 60.240.247.48:3690
。。。tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:4887 60.240.247.48:4887
tcp 218.104.217.135:80 188.8.8.8:80 60.240.247.48:4993 60.240.247.48:4993
Pro Inside global Inside local Outside local Outside global
tcp 218.104.217.135:80 188.8.8.8:80 94.240.224.240:59779 94.240.224.240:59779
tcp 218.104.217.135:80 188.8.8.8:80 94.240.224.240:60091 94.240.224.240:60091
tcp 218.104.217.135:80 188.8.8.8:80 94.240.224.240:62937 94.240.224.240:62937
tcp 218.104.217.135:80 188.8.8.8:80 94.240.224.240:64645 94.240.224.240:64645
tcp 218.104.217.135:80 188.8.8.8:80 94.240.224.240:65373 94.240.224.240:65373
tcp 218.104.217.135:80 188.8.8.8:80 121.229.68.69:1134 121.229.68.69:1134
tcp 218.104.217.135:80 188.8.8.8:80 123.115.1.69:7744 123.115.1.69:7744
tcp 218.104.217.135:80 188.8.8.8:80 123.115.1.69:8241 123.115.1.69:8241
tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:18860 221.201.145.24:18860
tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:18999 221.201.145.24:18999
。。。。。。tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:40572 221.201.145.24:40572
tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:40573 221.201.145.24:40573
tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:40574 221.201.145.24:40574
tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:40575 221.201.145.24:40575
tcp 218.104.217.135:80 188.8.8.8:80 221.201.145.24:40576 221.201.145.24:40576
tcp 218.104.217.135:80 188.8.8.8:80 — —
最新评论