论坛: UNIX系统 标题: 有关DNS攻击的问题! 复制本贴地址    
作者: libbycat [libbycat]    论坛用户   登录
最近我发现我的一台dns服务器,被若干个IP同时发送将随机生成(第四个数不断加1)的ip地址作为A记录进行查询,因为不可能存在与ip地址相同的域名,则每次查询都会引起服务器向根服务器发起询问,后果是很严重的。想请教各位安全高手,有没有什么办法防止这种攻击?急!!!


[此贴被 libbycat(libbycat) 在 06月02日15时47分 编辑过]

地主 发表时间: 06/02 15:16
回复: cimsxiyang [cimsxiyang]   版主   登录
把你的netstat贴出来看一下
不过,我估计是对你的53进行SYNFLOOD。

B1层 发表时间: 06/02 22:34
回复: libbycat [libbycat]   论坛用户   登录
请夕阳帮忙看一下,先谢了!
# netstat -a

UDP
   Local Address         Remote Address     State
-------------------- -------------------- -------
      *.sunrpc                              Idle
      *.*                                   Unbound
      *.32771                               Idle
      *.name                                Idle
      *.syslog                              Idle
localhost.domain                            Idle
dns.whnet.edu.cn.domain                        Idle
      *.177                                 Idle
      *.63695                               Idle
      *.*                                   Unbound

TCP
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
-------------------- -------------------- ----- ------ ----- ------ -------
      *.*                  *.*                0      0     0      0 IDLE
      *.sunrpc             *.*                0      0     0      0 LISTEN
      *.*                  *.*                0      0     0      0 IDLE
      *.ftp                *.*                0      0     0      0 LISTEN
      *.uucp               *.*                0      0     0      0 LISTEN
      *.pop3               *.*                0      0     0      0 LISTEN
localhost.domain           *.*                0      0     0      0 LISTEN
dns.whnet.edu.cn.domain       *.*                0      0     0      0 LISTEN
      *.32777              *.*                0      0     0      0 LISTEN
      *.6000               *.*                0      0     0      0 LISTEN
      *.smtp               *.*                0      0     0      0 LISTEN
      *.587                *.*                0      0     0      0 LISTEN
      *.32780              *.*                0      0     0      0 LISTEN
localhost.32782      localhost.32780      32768      0 32768      0 ESTABLISHED
localhost.32780      localhost.32782      32768      0 32768      0 ESTABLISHED
localhost.32785      localhost.32784      32768      0 32768      0 ESTABLISHED
localhost.32784      localhost.32785      32768      0 32768      0 ESTABLISHED
localhost.32790      localhost.32780      32768      0 32768      0 ESTABLISHED
localhost.32780      localhost.32790      32768      0 32768      0 ESTABLISHED
localhost.32793      localhost.32792      32768      0 32768      0 ESTABLISHED
localhost.32792      localhost.32793      32768      0 32768      0 ESTABLISHED
localhost.32811      localhost.32780      32768      0 32768      0 ESTABLISHED
localhost.32780      localhost.32811      32768      0 32768      0 ESTABLISHED
localhost.32814      localhost.32813      32768      0 32768      0 ESTABLISHED
localhost.32813      localhost.32814      32768      0 32768      0 ESTABLISHED
dns.whnet.edu.cn.32992 dns.whnet.edu.cn.6000 32768      0 32768      0 ESTABLISHED
dns.whnet.edu.cn.6000 dns.whnet.edu.cn.32992 32768      0 32768      0 ESTABLISHED
localhost.32994      localhost.32780      32768      0 32768      0 ESTABLISHED
localhost.32780      localhost.32994      32768      0 32768      0 ESTABLISHED
localhost.32997      localhost.32996      32768      0 32768      0 ESTABLISHED
localhost.32996      localhost.32997      32768      0 32768      0 ESTABLISHED
localhost.39884      localhost.32780      32768      0 32768      0 ESTABLISHED
localhost.32780      localhost.39884      32768      0 32768      0 ESTABLISHED
localhost.39887      localhost.39886      32768      0 32768      0 ESTABLISHED
localhost.39886      localhost.39887      32768      0 32768      0 ESTABLISHED
dns.whnet.edu.cn.domain 211.85.176.6.2719    64992      0  8760      0 LAST_ACK
      *.*                  *.*                0      0  8576      0 IDLE
      *.*                  *.*                0      0  8576      0 IDLE
      *.*                  *.*                0      0  8576      0 IDLE
dns.whnet.edu.cn.40467 61.129.74.15.domain      0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40469 210.43.48.8.domain       0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40470 210.42.68.8.domain       0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.domain 202.197.119.1.4638   64226      0  8760      0 LAST_ACK
dns.whnet.edu.cn.40471 210.42.68.8.domain       0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40472 210.42.69.151.domain     0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40473 210.42.69.151.domain     0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40474 e450.hbmu.edu.cn.domain 24820      0  8760      0 TIME_WAIT
dns.whnet.edu.cn.40475 210.43.80.3.domain       0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40476 210.43.80.3.domain       0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40477 210.43.112.33.domain     0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40478 210.43.112.33.domain     0      0  8760      0 SYN_SENT
dns.whnet.edu.cn.40479 210.42.72.28.domain      0      0  8760      0 SYN_SENT
      *.*                  *.*                0      0     0      0 IDLE
Active UNIX domain sockets
Address  Type          Vnode     Conn  Local Addr      Remote Addr
30000ebb988 stream-ord 30000bc8800 00000000 /tmp/.X11-unix/X0                
30000ebbb20 stream-ord 00000000 00000000                               
30000ebbcb8 stream-ord 30000eb98f0 00000000 /usr/local/etc/ndc    


B2层 发表时间: 06/03 10:13
回复: group [group]   论坛用户   登录
这个是正在被攻击时候的netstat么?

B3层 发表时间: 06/03 14:18
回复: libbycat [libbycat]   论坛用户   登录


B4层 发表时间: 06/03 14:36
回复: libbycat [libbycat]   论坛用户   登录
现在发现可能是病毒的问题,最近是否有一种新蠕虫病毒出现,有人知道吗?

B5层 发表时间: 06/10 14:45

论坛: UNIX系统

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号