V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Roboo
V2EX  ›  分享发现

Azure 上部署的服务被人拿去 DDos 攻击,一天来了三封邮件,差点被暂停服务

  •  
  •   Roboo · 2014-12-11 21:21:37 +08:00 · 4138 次点击
    这是一个创建于 3619 天前的主题,其中的信息可能已经有所发展或是发生改变。
    早上就收到邮件,没细看,我还以为是提示Azure出了什么防DDos攻击的新功能
    结果刚才来第三封的时候才知道被人用来拿去攻击了,回了邮件后,发现确实新建了
    很多tcp链接,立马重启,然后希望这事儿就能过去了吧
    好在上面也没搭什么服务 相比那些一晚上被爆上T流量的我觉得我这个真的不算什么



    eth0 Link encap:Ethernet HWaddr 00:15:5d:42:
    inet addr:10.207.XXX.XXX Bcast:10.207.XXX.XXX Mask:255.255.254.0
    inet6 addr: fe80::215:XXXX:XXXX:a55/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:187724719 errors:0 dropped:0 overruns:0 frame:0
    TX packets:278812778 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:33229906819 (33.2 GB) TX bytes:27820418010 (27.8 GB)

    tcp 0 1 10.207.XXX.XXX:59138 7.175.209.81:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:51908 165.27.24.28:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:56015 199.187.55.246:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:46094 109.153.48.212:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:60491 148.59.119.119:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:38816 185.57.157.52:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:36752 179.136.218.35:22 SYN_SENT -
    tcp 0 0 10.207.XXX.XXX:56204 137.117.170.217:22 ESTABLISHED -
    tcp 0 1 10.207.XXX.XXX:40745 80.122.197.61:22 SYN_SENT -
    tcp 0 0 10.207.XXX.XXX:58391 10.207.228.50:80 TIME_WAIT -
    tcp 0 1 10.207.XXX.XXX:35330 83.92.67.52:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:46069 251.147.138.55:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:57374 143.142.187.190:22 SYN_SENT -
    tcp 0 0 10.207.XXX.XXX:46212 120.68.248.68:22 ESTABLISHED -
    tcp 0 1 10.207.XXX.XXX:54450 83.135.246.51:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:43734 249.170.89.210:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:57412 93.201.8.221:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:42112 103.229.107.38:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:36439 142.168.181.47:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:40411 36.28.179.67:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:55837 21.62.188.211:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:36524 23.92.237.200:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:34680 254.27.151.3:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:55678 200.154.0.37:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:49111 252.211.207.0:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:54055 249.181.227.237:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:47975 159.5.210.18:22 SYN_SENT -
    tcp 0 52 10.207.XXX.XXX:44713 114.37.102.54:22 ESTABLISHED -
    tcp 0 1 10.207.XXX.XXX:58468 37.245.138.171:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:58073 180.233.80.114:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:44820 121.159.219.31:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:42282 157.76.52.32:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:38899 123.134.78.162:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:46721 206.89.198.83:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:41170 2.101.87.163:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:37384 205.248.226.97:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:39723 16.10.110.40:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:34251 187.45.5.215:22 SYN_SENT -
    tcp 0 1 10.207.XXX.XXX:51438 147.237.226.153:22 SYN_SENT -
    tcp 0 0 10.207.XXX.XXX:56883 122.242.12.27:22 ESTABLISHED -
    tcp 0 1 10.207.XXX.XXX:57741 178.239.68.75:22 SYN_SENT -
    1 条回复    2014-12-12 04:18:10 +08:00
    ryd994
        1
    ryd994  
       2014-12-12 04:18:10 +08:00 via Android
    很有问题!
    赶紧搞明白这人怎么进来的,还有没有其他损失
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3677 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 00:50 · PVG 08:50 · LAX 16:50 · JFK 19:50
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.