CONTENTS


Lastmodified 2013-04-02 (火) 15:49:27


tcpdump

tcpdump 取り敢えず・・・あれ?

root@ns1:/root # tcpdump
tcpdump: WARNING: usbus0: That device doesn't support promiscuous mode
(BIOCPROMISC: Operation not supported)
tcpdump: WARNING: usbus0: no IPv4 address assigned
tcpdump: packet printing is not supported for link type USB: use -w

netstat -i

root@ns1:/root # netstat -i
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
usbus     0 <Link#1>                               0     0     0        0     0     0
fxp0   1500 <Link#2>      00:e0:18:90:33:a0  1416902     0     0  1514015     0     0
fxp0   1500 218.44.228.14 218.44.228.146     1408797     -     -  1514343     -     -
fxp0   1500 fe80::2e0:18f fe80::2e0:18ff:fe        0     -     -        1     -     -
plip0  1500 <Link#3>                               0     0     0        0     0     0
lo0   16384 <Link#4>                             729     0     0      729     0     0
lo0   16384 localhost     ::1                      0     -     -        0     -     -
lo0   16384 fe80::1%lo0   fe80::1                  0     -     -        0     -     -
lo0   16384 your-net      localhost               77     -     -      729     -     -

tcpdump -i fxp0 port 53 で、どうじゃ?

root@ns1:/root # tcpdump -i fxp0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 65535 bytes
06:53:25.015800 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.016516 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.017911 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.019799 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.024139 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.052324 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.075201 IP 174.128.233.250.33830 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36)
06:53:25.117580 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.182056 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.242778 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.268370 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.271770 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.285396 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.350268 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.351398 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.370023 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.434142 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.553123 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.556276 IP 174.128.233.250.17172 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36)
06:53:25.561019 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.597657 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.599639 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.614615 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.624453 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.662672 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.685140 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.727451 IP 174.128.233.250.24281 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36)
06:53:25.747649 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.810225 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)

07:11:13.354876 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:13.792561 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:13.828066 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:14.112792 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:14.850590 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:15.025459 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:15.062656 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:15.464877 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:16.205400 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)

445 packets captured
1026 packets received by filter
0 packets dropped by kernel

Protection against isc.org any attack – dns attack isc.org any query

http://www.minihowto.eu/protectio-against-isc-org-any-attack-dns-attack-isc-org-any-query

  207  6:23    tcpdump port 53
  208  6:23    tcpdum
  209  6:23    tcpdump
  210  6:27    netstat -i
  211  6:29    usbdump -i lo0
  212  6:31    ifconfig -a
  213  6:32    tcpdump -D
  214  6:38    tcpdump -i
  215  6:38    tcpdump -i fxp0
  216  6:44    history
  217  6:44    tcpdump -i fxp0 port 53

DNSへのDDoS

http://d.hatena.ne.jp/chipa34/20080210/1202650183

flora{101} % tcpdump port 53

http://h2np.net/mynotebook/post/425

http://www.gossamer-threads.com/lists/nanog/users/111680

http://www.atmarkit.co.jp/flinux/rensai/iptables207/iptables207a.html

http://www.npa.go.jp/cyberpolice/server/rd_env/pdf/20060711_DNS-DDoS.pdf


Total access 4072:本日 2:昨日 0

Counter: 4072, today: 2, yesterday: 0

トップ   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS