返回列表 回复 发帖
喜哈一组

三星会员

Rank: 4

社区积分
127  
技术积分
1220  
阅读权限
40 
注册时间
2007-7-21 
    论坛徽章 1
网络设备与网管技术板块每日发帖之星  
楼主
打印
tT
发表于 2007-9-15 18:15 | 只看该作者

HiPER 为什么在上网监控中发现大量的ICMP会话?

为什么在上网监控中发现大量的ICMP会话,全是上传为1,下载为0的?


解答:
192.168.0.101是网吧收费/公安监控服务器
第三个记录的外网IP我查了 128.0.7.244 : 查询结果2:美国 0.3.135.217 查询结果1:Internet保留地址 查询结果2:IANA保留地址.是什么在发这二IP???以下是三个记录
(一)
21:30:38 NAT exceeded 192.168.0.101
21:30:32 NAT exceeded 192.168.0.101
21:30:29 NAT exceeded 192.168.0.101
21:30:25 NAT exceeded 192.168.0.101
21:30:21 NAT exceeded 192.168.0.101
21:30:17 NAT exceeded 192.168.0.101
21:30:13 NAT exceeded 192.168.0.101
21:30:09 NAT exceeded 192.168.0.101
21:30:05 NAT exceeded 192.168.0.101
21:30:01 NAT exceeded 192.168.0.101
21:29:57 NAT exceeded 192.168.0.101
21:29:53 NAT exceeded 192.168.0.101
21:29:49 NAT exceeded 192.168.0.101
21:29:45 NAT exceeded 192.168.0.101
21:29:41 NAT exceeded 192.168.0.101
21:29:37 NAT exceeded 192.168.0.101
21:29:33 NAT exceeded 192.168.0.101
21:29:29 NAT exceeded 192.168.0.101
21:29:25 NAT exceeded 192.168.0.101
21:29:21 NAT exceeded 192.168.0.101
21:29:17 NAT exceeded 192.168.0.101
21:29:13 NAT exceeded 192.168.0.101
21:29:09 NAT exceeded 192.168.0.101
21:29:05 NAT exceeded 192.168.0.101
21:29:01 NAT exceeded 192.168.0.101
21:28:57 NAT exceeded 192.168.0.101
21:28:53 NAT exceeded 192.168.0.101
21:28:49 NAT exceeded 192.168.0.101
21:28:45 NAT exceeded 192.168.0.101
21:28:41 NAT exceeded 192.168.0.101
21:28:37 NAT exceeded 192.168.0.101
21:28:33 NAT exceeded 192.168.0

(二)
IP地址 当前连接数 超限次数
192.168.0.101 231 701976
192.168.0.110 87 198491

(三)
ID 内网地址 内网端口 协议 外网地址 外网端口 上传包 下载包 NAT地址 NAT端口
661 192.168.0.101 0 I 128.0.7.244 82 1 0 61.174.209.82 82
662 192.168.0.101 0 I 0.3.135.217 81 1 0 61.174.209.82 81
663 192.168.0.101 0 I 128.0.7.245 59 1 0 61.174.209.82 59
664 192.168.0.101 0 I 0.3.135.218 58 1 0 61.174.209.82 58
665 192.168.0.101 0 I 128.0.7.246 49 1 0 61.174.209.82 49
666 192.168.0.101 0 I 0.3.135.219 48 1 0 61.174.209.82 48
667 192.168.0.101 0 I 128.0.7.247 45 1 0 61.174.209.82 45
668 192.168.0.101 0 I 0.3.135.220 44 1 0 61.174.209.82 44
669 192.168.0.101 0 I 128.0.7.248 43 1 0 61.174.209.82 43
670 192.168.0.101 0 I 0.3.135.221 36 1 0 61.174.209.82 36
671 192.168.0.101 0 I 128.0.7.249 35 1 0 61.174.209.82 35
672 192.168.0.101 0 I 0.3.135.222 24 1 0 61.174.209.82 24
673 192.168.0.101 0 I 128.0.7.250 23 1 0 61.174.209.82 23
674 192.168.0.101 0 I 0.3.135.223 16 1 0 61.174.209.82 16
675 192.168.0.101 0 I 128.0.7.251 15 1 0 61.174.209.82 15
676 192.168.0.101 0 I 0.3.135.224 13 1 0 61.174.209.82 13
677 192.168.0.101 0 I 128.0.7.252 51544 1 0 61.174.209.82 51544
678 192.168.0.101 0 I 0.3.135.225 49268 1 0 61.174.209.82 49268
679 192.168.0.101 0 I 128.0.7.253 49267 1 0 61.174.209.82 49267
680 192.168.0.101 0 I 0.3.135.226 49266 1 0 61.174.209.82 49266

这些记录,所有协议都是ICMP(用大写的I代表),外部端口按顺序递增,会话的上传包为1,下载包为0,是典型的 “有去无回”的DOS攻击行为。
收藏 分享 评分
回复 引用

订阅 TOP

返回列表