hi, you can see same question: http://www.merit.edu/mail.archives/nanog/2001-09/msg01457.html ======= 2004-01-26 17:06:00 您在来信中写道:======= >hi,all > >please help me. >my linux server installed redhat 9 + apache 1.3.29. passing through some attack. >in apache acc_log,like : >221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - >221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - >221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - >61.145.188.110 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - >210.38.179.145 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - >221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - >but no err_log. > >some packge like : >Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=220.173.8.56 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=42497 DF PROTO=TCP SPT=60177 DPT=80 WINDOW=8280 RES=0x00 ACK URGP=0 >Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=220.173.8.56 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=42753 DF PROTO=TCP SPT=60177 DPT=80 WINDOW=8280 RES=0x00 ACK URGP=0 >Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=61.173.25.88 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=53402 DF PROTO=TCP SPT=63601 DPT=80 WINDOW=16560 RES=0x00 ACK URGP=0 >Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=220.173.8.56 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=43265 DF PROTO=TCP SPT=60182 DPT=80 WINDOW=8280 RES=0x00 ACK URGP=0 > >how to set this iptables rules? > >what's this attack? >thanks your any help! = = = = = = = = = = = = = = = = = = = = 致 礼! ccddtt ccddtt@xxxxxxx 2004-01-27
