Azure 上部署的服务被人拿去 DDos 攻击,一天来了三封邮件,差点被暂停服务

2014-12-11 21:21:37 +08:00
 Roboo
早上就收到邮件,没细看,我还以为是提示Azure出了什么防DDos攻击的新功能
结果刚才来第三封的时候才知道被人用来拿去攻击了,回了邮件后,发现确实新建了
很多tcp链接,立马重启,然后希望这事儿就能过去了吧
好在上面也没搭什么服务 相比那些一晚上被爆上T流量的我觉得我这个真的不算什么



eth0 Link encap:Ethernet HWaddr 00:15:5d:42:
inet addr:10.207.XXX.XXX Bcast:10.207.XXX.XXX Mask:255.255.254.0
inet6 addr: fe80::215:XXXX:XXXX:a55/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:187724719 errors:0 dropped:0 overruns:0 frame:0
TX packets:278812778 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33229906819 (33.2 GB) TX bytes:27820418010 (27.8 GB)

tcp 0 1 10.207.XXX.XXX:59138 7.175.209.81:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:51908 165.27.24.28:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:56015 199.187.55.246:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:46094 109.153.48.212:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:60491 148.59.119.119:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:38816 185.57.157.52:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:36752 179.136.218.35:22 SYN_SENT -
tcp 0 0 10.207.XXX.XXX:56204 137.117.170.217:22 ESTABLISHED -
tcp 0 1 10.207.XXX.XXX:40745 80.122.197.61:22 SYN_SENT -
tcp 0 0 10.207.XXX.XXX:58391 10.207.228.50:80 TIME_WAIT -
tcp 0 1 10.207.XXX.XXX:35330 83.92.67.52:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:46069 251.147.138.55:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:57374 143.142.187.190:22 SYN_SENT -
tcp 0 0 10.207.XXX.XXX:46212 120.68.248.68:22 ESTABLISHED -
tcp 0 1 10.207.XXX.XXX:54450 83.135.246.51:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:43734 249.170.89.210:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:57412 93.201.8.221:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:42112 103.229.107.38:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:36439 142.168.181.47:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:40411 36.28.179.67:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:55837 21.62.188.211:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:36524 23.92.237.200:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:34680 254.27.151.3:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:55678 200.154.0.37:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:49111 252.211.207.0:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:54055 249.181.227.237:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:47975 159.5.210.18:22 SYN_SENT -
tcp 0 52 10.207.XXX.XXX:44713 114.37.102.54:22 ESTABLISHED -
tcp 0 1 10.207.XXX.XXX:58468 37.245.138.171:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:58073 180.233.80.114:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:44820 121.159.219.31:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:42282 157.76.52.32:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:38899 123.134.78.162:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:46721 206.89.198.83:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:41170 2.101.87.163:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:37384 205.248.226.97:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:39723 16.10.110.40:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:34251 187.45.5.215:22 SYN_SENT -
tcp 0 1 10.207.XXX.XXX:51438 147.237.226.153:22 SYN_SENT -
tcp 0 0 10.207.XXX.XXX:56883 122.242.12.27:22 ESTABLISHED -
tcp 0 1 10.207.XXX.XXX:57741 178.239.68.75:22 SYN_SENT -
4014 次点击
所在节点    分享发现
1 条回复
ryd994
2014-12-12 04:18:10 +08:00
很有问题!
赶紧搞明白这人怎么进来的,还有没有其他损失

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/153242

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX