V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
aiwha
V2EX  ›  站长

这是哪一类型的扫描或攻击?

  •  
  •   aiwha · 2015-02-08 18:02:22 +08:00 · 2738 次点击
    这是一个创建于 3582 天前的主题,其中的信息可能已经有所发展或是发生改变。

    17:39:51.699395 IP 60.169.78.195.77 > 223.151.171.122.9064: Flags [S], seq 0, win 16384, length 0
    17:39:51.699600 IP 223.151.171.122.9064 > 60.169.78.195.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:39:59.597065 IP 222.186.56.153.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:39:59.597259 IP 223.151.171.122.9000 > 222.186.56.153.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:12.094916 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:12.095126 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:17.805986 IP 60.173.11.130.6000 > 223.151.171.122.8118: Flags [S], seq 1942618112, win 16384, length 0
    17:40:17.806194 IP 223.151.171.122.8118 > 60.173.11.130.6000: Flags [R.], seq 0, ack 1942618113, win 0, length 0
    17:40:18.383223 IP 222.186.56.153.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:18.383395 IP 223.151.171.122.9000 > 222.186.56.153.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:23.543628 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:23.543833 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:29.908367 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:29.908566 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:40.417706 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:40.417905 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:49.944221 IP 222.186.21.108.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:49.944430 IP 223.151.171.122.9000 > 222.186.21.108.77: Flags [R.], seq 0, ack 1, win 0, length 0
    17:40:50.123528 IP 222.186.34.81.77 > 223.151.171.122.9000: Flags [S], seq 0, win 16384, length 0
    17:40:50.123683 IP 223.151.171.122.9000 > 222.186.34.81.77: Flags [R.], seq 0, ack 1, win 0, length 0

    很有规律的,它来个S(win 16384),我回个R,我的ip是223.151.171.122,对方ip则有多个。

    这是我在路由器上的pppoe口抓包发现的,已经排除了内网主机向外发包的可能。

    4 条回复
    kliy
        1
    kliy  
       2015-02-08 18:11:14 +08:00
    TCPDUMP?
    aiwha
        2
    aiwha  
    OP
       2015-02-08 18:13:00 +08:00
    哦,明白了,应该是在尝试连接我的特定端口,但我的iptables将它们复位了。。。
    aiwha
        3
    aiwha  
    OP
       2015-02-08 18:14:25 +08:00
    @kliy 嗯,openwrt下现成的包貌似只有tcpdump,我喜欢用的snort得自己搞交叉编译。。。。
    laoyuan
        4
    laoyuan  
       2015-02-08 19:08:55 +08:00
    好像写一个人造智能接管互联网啊。。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2751 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 29ms · UTC 15:07 · PVG 23:07 · LAX 07:07 · JFK 10:07
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.