CONTENTS
#contents
----
Lastmodified &lastmod;
----
*tcpdump [#nffcd14a]
tcpdump 取り敢えず・・・あれ?
root@ns1:/root # tcpdump
tcpdump: WARNING: usbus0: That device doesn't support promiscuous mode
(BIOCPROMISC: Operation not supported)
tcpdump: WARNING: usbus0: no IPv4 address assigned
tcpdump: packet printing is not supported for link type USB: use -w
netstat -i
root@ns1:/root # netstat -i
Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll
usbus 0 <Link#1> 0 0 0 0 0 0
fxp0 1500 <Link#2> 00:e0:18:90:33:a0 1416902 0 0 1514015 0 0
fxp0 1500 218.44.228.14 218.44.228.146 1408797 - - 1514343 - -
fxp0 1500 fe80::2e0:18f fe80::2e0:18ff:fe 0 - - 1 - -
plip0 1500 <Link#3> 0 0 0 0 0 0
lo0 16384 <Link#4> 729 0 0 729 0 0
lo0 16384 localhost ::1 0 - - 0 - -
lo0 16384 fe80::1%lo0 fe80::1 0 - - 0 - -
lo0 16384 your-net localhost 77 - - 729 - -
tcpdump -i fxp0 port 53 で、どうじゃ?
root@ns1:/root # tcpdump -i fxp0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 65535 bytes
06:53:25.015800 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.016516 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.017911 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.019799 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.024139 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.052324 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.075201 IP 174.128.233.250.33830 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36)
06:53:25.117580 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.182056 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.242778 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.268370 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.271770 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.285396 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.350268 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.351398 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.370023 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.434142 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.553123 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.556276 IP 174.128.233.250.17172 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36)
06:53:25.561019 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.597657 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.599639 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.614615 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.624453 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.662672 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.685140 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.727451 IP 174.128.233.250.24281 > 218.44.228.146.domain: 7490+ [1au] ANY? isc.org. (36)
06:53:25.747649 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
06:53:25.810225 IP zz20920572084.clear-ddos.com.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:13.354876 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:13.792561 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:13.828066 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:14.112792 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:14.850590 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:15.025459 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:15.062656 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:15.464877 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
07:11:16.205400 IP 64.40.9.7.25345 > 218.44.228.146.domain: 10809+ [1au] ANY? isc.org. (36)
445 packets captured
1026 packets received by filter
0 packets dropped by kernel
Protection against isc.org any attack – dns attack isc.org any query
http://www.minihowto.eu/protectio-against-isc-org-any-attack-dns-attack-isc-org-any-query
207 6:23 tcpdump port 53
208 6:23 tcpdum
209 6:23 tcpdump
210 6:27 netstat -i
211 6:29 usbdump -i lo0
212 6:31 ifconfig -a
213 6:32 tcpdump -D
214 6:38 tcpdump -i
215 6:38 tcpdump -i fxp0
216 6:44 history
217 6:44 tcpdump -i fxp0 port 53
*DNSへのDDoS [#eb3ffcbd]
http://d.hatena.ne.jp/chipa34/20080210/1202650183
flora{101} % tcpdump port 53
http://h2np.net/mynotebook/post/425
http://www.gossamer-threads.com/lists/nanog/users/111680
http://www.atmarkit.co.jp/flinux/rensai/iptables207/iptables207a.html
http://www.npa.go.jp/cyberpolice/server/rd_env/pdf/20060711_DNS-DDoS.pdf
----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
