CONTENTS
Lastmodified 2013-04-02 (火) 15:49:27
tcpdump 取り敢えず・・・あれ?
root@ns1:/root # tcpdump tcpdump: WARNING: usbus0: That device doesn't support promiscuous mode (BIOCPROMISC: Operation not supported) tcpdump: WARNING: usbus0: no IPv4 address assigned tcpdump: packet printing is not supported for link type USB: use -w
netstat -i
root@ns1:/root # netstat -i Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll usbus 0 <Link#1> 0 0 0 0 0 0 fxp0 1500 <Link#2> 00:e0:18:90:33:a0 1416902 0 0 1514015 0 0 fxp0 1500 218.44.228.14 218.44.228.146 1408797 - - 1514343 - - fxp0 1500 fe80::2e0:18f fe80::2e0:18ff:fe 0 - - 1 - - plip0 1500 <Link#3> 0 0 0 0 0 0 lo0 16384 <Link#4> 729 0 0 729 0 0 lo0 16384 localhost ::1 0 - - 0 - - lo0 16384 fe80::1%lo0 fe80::1 0 - - 0 - - lo0 16384 your-net localhost 77 - - 729 - -
tcpdump -i fxp0 port 53 で、どうじゃ?
root@ns1:/root # tcpdump -i fxp0 port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 65535 bytes 06:53:25.015800 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.016516 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.017911 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.019799 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.024139 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.052324 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.075201 IP 174.128.233.250.33830 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36) 06:53:25.117580 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.182056 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.242778 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.268370 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.271770 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.285396 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.350268 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.351398 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.370023 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.434142 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.553123 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.556276 IP 174.128.233.250.17172 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36) 06:53:25.561019 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.597657 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.599639 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.614615 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.624453 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.662672 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.685140 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.727451 IP 174.128.233.250.24281 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36) 06:53:25.747649 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 06:53:25.810225 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:13.354876 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:13.792561 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:13.828066 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:14.112792 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:14.850590 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:15.025459 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:15.062656 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:15.464877 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 07:11:16.205400 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36) 445 packets captured 1026 packets received by filter 0 packets dropped by kernel
Protection against isc.org any attack – dns attack isc.org any query
http://www.minihowto.eu/protectio-against-isc-org-any-attack-dns-attack-isc-org-any-query
207 6:23 tcpdump port 53 208 6:23 tcpdum 209 6:23 tcpdump 210 6:27 netstat -i 211 6:29 usbdump -i lo0 212 6:31 ifconfig -a 213 6:32 tcpdump -D 214 6:38 tcpdump -i 215 6:38 tcpdump -i fxp0 216 6:44 history 217 6:44 tcpdump -i fxp0 port 53
http://d.hatena.ne.jp/chipa34/20080210/1202650183
flora{101} % tcpdump port 53
http://h2np.net/mynotebook/post/425
http://www.gossamer-threads.com/lists/nanog/users/111680
http://www.atmarkit.co.jp/flinux/rensai/iptables207/iptables207a.html
http://www.npa.go.jp/cyberpolice/server/rd_env/pdf/20060711_DNS-DDoS.pdf
Total access 4072:本日 2:昨日 0