Jobbiga attacker
G Hasse
gh at raditex.se
Sat Jul 22 23:05:24 CEST 2006
Hej!
Jag får hela tiden jobbiga atacker mot min webb-server.
Är det någon som har något bra tipps...
Så här ser det ut om man kör tcp-dump,
21:02:15.557530 203-67-54-68.adsl.dynamic.seed.net.tw.2109 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.560778 203-67-54-68.adsl.dynamic.seed.net.tw.2110 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.566709 203-67-54-68.adsl.dynamic.seed.net.tw.2111 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.642378 203-67-54-68.adsl.dynamic.seed.net.tw.2112 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.652121 203-67-54-68.adsl.dynamic.seed.net.tw.2116 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.655445 203-67-54-68.adsl.dynamic.seed.net.tw.2113 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.658666 203-67-54-68.adsl.dynamic.seed.net.tw.2114 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.662179 203-67-54-68.adsl.dynamic.seed.net.tw.2115 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.665183 203-67-54-68.adsl.dynamic.seed.net.tw.2117 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.668747 203-67-54-68.adsl.dynamic.seed.net.tw.2118 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.681709 203-67-54-68.adsl.dynamic.seed.net.tw.2119 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.685272 203-67-54-68.adsl.dynamic.seed.net.tw.2120 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.695088 203-67-54-68.adsl.dynamic.seed.net.tw.2121 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.698495 203-67-54-68.adsl.dynamic.seed.net.tw.2122 > www.raditex.se.http: . ack 1 win 65535 (DF)
21:02:15.715015 203-67-54-68.adsl.dynamic.seed.net.tw.2123 > www.raditex.se.http: . ack 1 win 65535 (DF)
Och så här om man kör netstat -an
tcp4 0 0 192.5.36.20.80 203.67.54.68.2283 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.2282 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.2281 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1355 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1350 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1345 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1300 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1298 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1294 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1292 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1291 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1290 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1289 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1288 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1287 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1286 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1285 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1284 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1283 ESTABLISHED
tcp4 0 0 192.5.36.20.80 203.67.54.68.1282 ESTABLISHED
Som ni förstår så svarar webb-servern inte på några verkliga frågor...
--
Göran Hasse
----------------------------------------------------------------
Göran Hasse email: gh at raditex.se Tel: 08-6949270
Raditex AB http://www.raditex.se Fax: 070-??????
Planiavägen 15, 1tr Mob: 070-5530148
131 34 NACKA, SWEDEN OrgNr: 556240-0589
VAT: SE556240058901
------------------------------------------------------------------
More information about the BUS
mailing list