Dnes z subnetu 1/8 a 100/4 je poněkud rušno. Tcp Syn , který se po Syn+ack serverem nijak nevyvíjí. (technicky to nic škodlivého není, jenom furt někdo otvírá spojení do zblbnutí)
conntrack -L |grep SYN_REC | grep rt=80\ |wc
conntrack v1.4.6 (conntrack-tools): 117 flow entries have been shown.
Tak jsem to takhle zalepil.
Chain INPUT
26327 1053K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 match-set p80block src reject-with wtf-prohni'tě
(a na zkoušku si mohu hrát s iptables -D INPUT 1 + +# iptables -I INPUT -p tcp --dport 80 -j ACCEPT abych viděl že se nic nezmění conntrack -L |grep SYN_REC|grep "dport=80" |wc = 15 210 2182 a roste dál)
)
# tcpdump -nti eth0 dst port 443
nic
# tcpdump -nti eth0
dst port 80 ( koment
: pro přehlednost je druhý směr ve výpisu odděleně níž, ale i tak chybí ack a data)
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
IP 112.6.174.224.49612 > x.80: Flags [S], seq 0, win 53270, length 0
IP 111.173.114.63.49612 >x.80: Flags [S], seq 0, win 53270, length 0
IP 112.7.225.88.49612 > x.80: Flags [S], seq 0, win 53270, length 0
IP 111.180.196.108.49612 > x.80: Flags [S], seq 0, win 53270, length 0
IP 113.56.214.3.49612 > x.80: Flags [S], seq 0, win 53270, length 0
IP x.80> 111.173.119.165.59182: Flags [S.], seq 240209408, ack 1, win 64240, options [mss 1460], length 0
IP x.80 > 103.91.209.215.17663: Flags [S.], seq 4163049757, ack 1, win 64240, options [mss 1460], length 0
IP x.80 > 111.173.119.165.59182: Flags [S.], seq 240209408, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 103.91.209.215.17663: Flags [S.], seq 4163049757, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 115.28.249.32.59182: Flags [S.], seq 3530163295, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 103.91.209.182.46302: Flags [S.], seq 3800225531, ack 1, win 64240, options [mss 1460], length 0
IP x,80> 111.173.114.61.40897: Flags [S.], seq 1055995499, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 115.28.249.32.59182: Flags [S.], seq 3530163295, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 103.91.209.182.46302: Flags [S.], seq 3800225531, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 111.173.114.61.40897: Flags [S.], seq 1055995499, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 111.173.119.165.59182: Flags [S.], seq 240209408, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 103.91.209.215.17663: Flags [S.], seq 4163049757, ack 1, win 64240, options [mss 1460], length 0
IP x.80> 113.56.214.3.40897: Flags [S.], seq 3700852961, ack 1, win 64240, options [mss 1460], length 0
Type: hash:net
106.0.0.0/8 packets 2022 bytes 80880
108.160.0.0/11 packets 28 bytes 1120
101.0.0.0/8 packets 3435 bytes 137400
110.0.0.0/8 packets 1178 bytes 47120
1.0.0.0/8 packets 3330 bytes 133200
112.0.0.0/6 packets 10318 bytes 412720
103.0.0.0/8 packets 3273 bytes 130920
109.192.0.0/10 packets 21 bytes 840
116.0.0.0/8 packets 2540 bytes 101600
104.0.0.0/8 packets 60 bytes 2400