Что за DDOS такой...
Привет!
Время от времени на сервере резко зашкаливает httpd, netstat ничего подозрительного не выводить трафик начинает летать с безумной скоростью..
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n держится порядко 70 коннектов.
Хватал трафик через tcpdump, получил:
No. Time Source Destination Protocol Length Info
1 0.000000 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 1: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 44987 (44987), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
2 0.000112 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 2: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 47568 (47568), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
3 0.000224 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 3: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 54137 (54137), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
4 0.000336 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 4: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 35424 (35424), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
5 0.000448 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 5: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 34895 (34895), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
6 0.000560 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 6: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 55490 (55490), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
7 0.000739 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 7: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 57118 (57118), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
8 0.000803 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 8: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 56666 (56666), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
9 0.000927 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 9: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 53741 (53741), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
10 0.001007 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 10: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 38839 (38839), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
11 0.001119 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 11: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 54674 (54674), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
12 0.001231 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 12: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 33308 (33308), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
13 0.001374 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 13: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 46015 (46015), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
No. Time Source Destination Protocol Length Info
14 0.001455 222.22.22.222 204.160.124.126 DNS 1375 Unknown operation (8)[Packet size limited during capture]
Frame 14: 1375 bytes on wire (11000 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Micro-St_be:ce:89 (40:61:86:be:ce:89), Dst: JuniperN_75:d9:10 (00:26:88:75:d9:10)
Internet Protocol Version 4, Src: 222.22.22.222 (222.22.22.222), Dst: 204.160.124.126 (204.160.124.126)
User Datagram Protocol, Src Port: 59414 (59414), Dst Port: domain (53)
Domain Name System (query)
[Packet size limited during capture: DNS truncated]
Я верно понимаю, что атакуют мой DNS, тогда почему httpd перегружает систему...