如何在被hping3攻击时阻止特定的ip地址?
如何在被hping3攻击时阻止特定的ip地址?
提问于 2020-01-08 16:35:42
我正在从事一个网络安全项目,我正从Kali Linux发送一个攻击Ubuntu的命令如下:
sudo hping3 -c 15000 -d 300 -w 64 -p 22 --flood 192.168.40.40我尝试了几乎所有iptables的配置来阻止我发送攻击(192.168.40.55)的ip,也就是说,我尝试了类似于以下的命令:
iptables -A INPUT -s 192.168.40.55 -j REJECT
iptables -A INPUT -s 192.168.40.55 -j DROP
...但是攻击不会阻止,因为我们可以用ip通信软件看到数据包。
有人能帮我吗?
提前谢谢。
编辑:
这是我的iptables-save -c输出:
New编辑:
来自我正在攻击的VM的数据:
New编辑:
回答 1
Ask Ubuntu用户
发布于 2020-01-08 22:30:36
测试和演示iptables规则的功能的方法将无法工作。您的hping3生成的数据包没有SYN位设置,因此最终得到DROPed,要么是通过iptables规则,要么是因为其他任何东西都不知道如何处理它。
如果您修改hping3命令以包含SYN标志,如果您有sshd监听端口22,您将得到一个回复,并具有测试的启动条件。示例(在我的示例中,192.268.111.112运行的是针对192.168.111.122的hping3 )(我也减慢了速度):
doug@s15:~$ sudo hping3 -c 5 -d 300 -w 64 -p 22 --syn --interval 5 s18
HPING s18 (br0 192.168.111.122): S set, 40 headers + 300 data bytes
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=64240 rtt=1.9 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=64240 rtt=1.8 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=2 win=64240 rtt=1.7 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=3 win=64240 rtt=1.6 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=4 win=64240 rtt=1.5 ms
--- s18 hping statistic ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.5/1.7/1.9 ms
doug@s15:~$在目标计算机上,我运行了tcpdump。观察通过SYN和SYN握手创建的tcp连接。然后,hping3重新设置连接,而坏人可能不会。
doug@s18:~$ sudo tcpdump -n -tttt -i enp3s0 host 192.168.111.112
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-01-08 14:09:38.393919 IP 192.168.111.112.2728 > 192.168.111.122.22: Flags [S], seq 1675527679:1675527979, win 64, length 300
2020-01-08 14:09:38.393980 IP 192.168.111.122.22 > 192.168.111.112.2728: Flags [S.], seq 1494575109, ack 1675527680, win 64240, options [mss 1460], length 0
2020-01-08 14:09:38.394213 IP 192.168.111.112.2728 > 192.168.111.122.22: Flags [R], seq 1675527680, win 0, length 0
2020-01-08 14:09:43.394019 IP 192.168.111.112.2729 > 192.168.111.122.22: Flags [S], seq 1382198395:1382198695, win 64, length 300
2020-01-08 14:09:43.394068 IP 192.168.111.122.22 > 192.168.111.112.2729: Flags [S.], seq 3357751063, ack 1382198396, win 64240, options [mss 1460], length 0
2020-01-08 14:09:43.394318 IP 192.168.111.112.2729 > 192.168.111.122.22: Flags [R], seq 1382198396, win 0, length 0
2020-01-08 14:09:48.394156 IP 192.168.111.112.2730 > 192.168.111.122.22: Flags [S], seq 2046908564:2046908864, win 64, length 300
2020-01-08 14:09:48.394204 IP 192.168.111.122.22 > 192.168.111.112.2730: Flags [S.], seq 922870032, ack 2046908565, win 64240, options [mss 1460], length 0
2020-01-08 14:09:48.394457 IP 192.168.111.112.2730 > 192.168.111.122.22: Flags [R], seq 2046908565, win 0, length 0
2020-01-08 14:09:53.394252 IP 192.168.111.112.2731 > 192.168.111.122.22: Flags [S], seq 2005387083:2005387383, win 64, length 300
2020-01-08 14:09:53.394307 IP 192.168.111.122.22 > 192.168.111.112.2731: Flags [S.], seq 1168444666, ack 2005387084, win 64240, options [mss 1460], length 0
2020-01-08 14:09:53.394547 IP 192.168.111.112.2731 > 192.168.111.122.22: Flags [R], seq 2005387084, win 0, length 0
2020-01-08 14:09:58.394361 IP 192.168.111.112.2732 > 192.168.111.122.22: Flags [S], seq 1346771824:1346772124, win 64, length 300
2020-01-08 14:09:58.394415 IP 192.168.111.122.22 > 192.168.111.112.2732: Flags [S.], seq 1213532639, ack 1346771825, win 64240, options [mss 1460], length 0
2020-01-08 14:09:58.394651 IP 192.168.111.112.2732 > 192.168.111.122.22: Flags [R], seq 1346771825, win 0, length 0无论如何,再次进行测试,但是这次在hping3命令中引入iptables规则。注意回复停止。我只做了您使用的两种方法中的一种,sudo iptables -A INPUT -s 192.168.111.112 -j DROP:
doug@s15:~$ sudo hping3 -c 5 -d 300 -w 64 -p 22 --syn --interval 5 s18
HPING s18 (br0 192.168.111.122): S set, 40 headers + 300 data bytes
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=64240 rtt=1.9 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=64240 rtt=1.8 ms
--- s18 hping statistic ---
5 packets transmitted, 2 packets received, 60% packet loss
round-trip min/avg/max = 1.8/1.8/1.9 ms
doug@s15:~$在tcpdump端,请注意回复数据包停止:
doug@s18:~$ sudo tcpdump -n -tttt -i enp3s0 host 192.168.111.112
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-01-08 14:21:53.046185 IP 192.168.111.112.2218 > 192.168.111.122.22: Flags [S], seq 1908410534:1908410834, win 64, length 300
2020-01-08 14:21:53.046228 IP 192.168.111.122.22 > 192.168.111.112.2218: Flags [S.], seq 4143478207, ack 1908410535, win 64240, options [mss 1460], length 0
2020-01-08 14:21:53.046441 IP 192.168.111.112.2218 > 192.168.111.122.22: Flags [R], seq 1908410535, win 0, length 0
2020-01-08 14:21:58.046251 IP 192.168.111.112.2219 > 192.168.111.122.22: Flags [S], seq 1400121544:1400121844, win 64, length 300
2020-01-08 14:21:58.046289 IP 192.168.111.122.22 > 192.168.111.112.2219: Flags [S.], seq 1009904372, ack 1400121545, win 64240, options [mss 1460], length 0
2020-01-08 14:21:58.046512 IP 192.168.111.112.2219 > 192.168.111.122.22: Flags [R], seq 1400121545, win 0, length 0
2020-01-08 14:22:03.046326 IP 192.168.111.112.2220 > 192.168.111.122.22: Flags [S], seq 628135359:628135659, win 64, length 300
2020-01-08 14:22:08.046392 IP 192.168.111.112.2221 > 192.168.111.122.22: Flags [S], seq 836315746:836316046, win 64, length 300
2020-01-08 14:22:13.046523 IP 192.168.111.112.2222 > 192.168.111.122.22: Flags [S], seq 1462266142:1462266442, win 64, length 300我们还可以观察iptables规则集中的数据包计数器。在答复2封后丢弃的3包,共计5包,这是所发送的:
doug@s18:~$ sudo iptables -v -x -n -L
Chain INPUT (policy ACCEPT 27 packets, 2784 bytes)
pkts bytes target prot opt in out source destination
3 1020 DROP all -- * * 192.168.111.112 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 1272 bytes)
pkts bytes target prot opt in out source destination页面原文内容由Ask Ubuntu提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://askubuntu.com/questions/1201529
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号