477
社区成员
发帖
与我相关
我的任务
分享[系统安全] 操作系统一直在被大量的NTP包攻击
我的服务器没有开NTP服务,但是一直有外部IP发送大量的ntp报文到我的123端口,每分钟大概15w个报文,经常把我的网络冲死必须得重启network才能解决,这算是攻击么,我改怎么解决??
我已经增加了iptables策略,将udp目标端口为123的报文drop,但是效果不是很好啊。
14:15:13.837653 IP 192.95.43.227.34618 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.837780 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.839361 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.851085 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857552 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857564 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857566 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.857568 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.858967 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861576 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861585 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861588 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.861590 IP 192.95.43.227.39305 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874200 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874215 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874218 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.874229 IP 192.95.43.227.36328 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879357 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879366 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879580 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.879589 IP 192.95.43.227.19619 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.884428 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925329 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925353 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925356 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.925358 IP 192.95.43.227.17088 > ***.***.***.52.123: NTPv2, Reserved, lengt
14:15:13.927300 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.948565 IP 68.2.20.165.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952981 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952990 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952993 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
14:15:13.952996 IP 192.95.43.227.80 > ***.***.***.52.123: NTPv2, Reserved, length 8
...全文
请发表友善的回复…
发表回复
