ICMP时间超过了传输时间

时间:2013-04-23 15:34:05

标签: firewall freebsd icmp ddos

在过去的几天里,我的服务器遭受了这种攻击: (带宽> 60MBit / s,XXX.XXX.XXX.XXX是多个IP)

    tcpdump -n proto ICMP    
    17:15:19.267464 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36
    17:15:19.325217 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36
    17:15:19.345561 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 56
    17:15:19.484865 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36
    17:15:19.529616 IP XXX.XXX.XXX.XXX > my_ip: ICMP time exceeded in-transit, length 36
    17:15:19.957058 IP XXX.XXX.XXX.XXX > my_ip: ICMP YYY.YYY.YYY.YYY tcp port 39692 unreachable, length 36
    17:15:19.968957 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 56
    17:15:20.112520 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 56
    17:15:20.203199 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 36
    17:15:20.204803 IP XXX.XXX.XXX.XXX > my_ip: ICMP host YYY.YYY.YYY.YYY unreachable, length 36

我有FreeBSD 9.1,而我的pf.conf是

ext_if="em0"
table <blockedips> persist file "/etc/pf-blocked-ips.conf"

set skip on lo0

block drop in log (all) quick on $ext_if from <blockedips> to any

block in
pass out flags S/SA keep state

pass in on $ext_if proto tcp to port 80 flags S/SA keep state
pass in on $ext_if proto tcp to port ssh flags S/SA synproxy state

我可以用pf做什么吗?

1 个答案:

答案 0 :(得分:0)

看起来你可能会从ddos攻击(http://blog.usu.edu/security/2010/08/24/backscatters-the-name-dos-the-game/)收到一些反向散射。

除非您可以在切换到服务器之前在交换机中对其进行过滤,否则您无法做到这一点。他们已经因为网络异常而陷入内核。