linux – 如何阻止ICMP攻击?

前端之家收集整理的这篇文章主要介绍了linux – 如何阻止ICMP攻击?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我们遭受了严重的洪水袭击. Tcpdump显示以下结果.尽管我们已经使用iptables阻止了ICMP,但tcpdump仍会打印icmp数据包.我还附上了iptables配置和“top”结果.有什么办法可以完全阻止icmp数据包吗?
[root@server downloads]# tcpdump icmp -v -n -nn
tcpdump: listening on eth0,link-type EN10MB (Ethernet),capture size 96 bytes
03:02:47.810957 IP (tos 0x0,ttl  49,id 16007,offset 0,flags [none],proto: ICMP (1),length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129,length 36
        IP (tos 0x0,ttl 124,id 31864,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.811559 IP (tos 0x0,id 16010,ttl  52,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.811922 IP (tos 0x0,id 16012,ttl 122,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.812485 IP (tos 0x0,id 16015,ttl 126,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.812613 IP (tos 0x0,id 16016,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.812992 IP (tos 0x0,id 16018,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.813582 IP (tos 0x0,id 16020,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.814092 IP (tos 0x0,id 16023,ttl 120,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.814233 IP (tos 0x0,id 16024,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.815579 IP (tos 0x0,id 16025,ttl  50,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.815726 IP (tos 0x0,id 16026,length: 76) 77.92.136.196 > 94.201.175.188: [|icmp]
03:02:47.815890 IP (tos 0x0,id 16027,length 36

iptables配置:

[root@server etc]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ofis       tcp  --  anywhere             anywhere            tcp dpt:MysqL
ofis       tcp  --  anywhere             anywhere            tcp dpt:ftp
DROP       icmp --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       icmp --  anywhere             anywhere

Chain ofis (2 references)
target     prot opt source               destination
ACCEPT     all  --  OUR_OFFICE_IP        anywhere
DROP       all  --  anywhere             anywhere

最佳:

top - 03:12:19 up 400 days,15:43,3 users,load average: 1.49,1.67,2.61
Tasks: 751 total,3 running,748 sleeping,0 stopped,0 zombie
cpu(s):  8.2%us,1.0%sy,0.0%ni,87.9%id,2.1%wa,0.1%hi,0.7%si,0.0%st
Mem:  32949948k total,26906844k used,6043104k free,4707676k buffers
Swap: 10223608k total,0k used,10223608k free,14255584k cached

  PID USER      PR  NI  VIRT  RES  SHR S %cpu %MEM    TIME+  COMMAND
   36 root      39  19     0    0    0 R 100.8  0.0  17:03.56 ksoftirqd/11
10552 root      15   0 11408 1460  676 R  5.7  0.0   0:00.04 top
 7475 lighttpd  15   0  304m  22m  15m S  3.8  0.1   0:05.37 php-cgi
 1294 root      10  -5     0    0    0 S  1.9  0.0 380:54.73 kjournald
 3574 root      15   0  631m  11m 5464 S  1.9  0.0   0:00.65 node
 7766 lighttpd  16   0  302m  19m  14m S  1.9  0.1   0:05.70 php-cgi
10237 postfix   15   0 52572 2216 1692 S  1.9  0.0   0:00.02 scache
    1 root      15   0 10372  680  572 S  0.0  0.0   0:07.99 init
    2 root      RT  -5     0    0    0 S  0.0  0.0   0:16.72 migration/0
    3 root      34  19     0    0    0 S  0.0  0.0   0:00.06 ksoftirqd/0
    4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/0
    5 root      RT  -5     0    0    0 S  0.0  0.0   1:10.46 migration/1
    6 root      34  19     0    0    0 S  0.0  0.0   0:01.11 ksoftirqd/1
    7 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/1
    8 root      RT  -5     0    0    0 S  0.0  0.0   2:36.15 migration/2
    9 root      34  19     0    0    0 S  0.0  0.0   0:00.19 ksoftirqd/2
   10 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/2
   11 root      RT  -5     0    0    0 S  0.0  0.0   3:48.91 migration/3
   12 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/3
   13 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/3

uname -a

[root@server etc]# uname -a
Linux thisis.oursite.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:31:24 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

arp -an

[root@server downloads]# arp -an
? (77.92.136.194) at 00:25:90:04:F0:90 [ether] on eth0
? (192.168.0.2) at 00:25:90:04:F0:91 [ether] on eth1
? (77.92.136.193) at 00:23:9C:0B:CD:01 [ether] on eth0

解决方法

联系您的ISP并向他们提供此信息.他们需要减少主干上的流量.一旦流量到达防火墙,资源就已经消耗掉了.阻止这种情况的唯一方法是将其放在主干上.

猜你在找的Linux相关文章