http 劫持请教

2019-01-04 11:02:13 +08:00
 wangjiyueding

昨晚,公司的好几个服务发现用 http 访问的时候,全部访问不了的, 公司的 ip 我以 123.123.123.123 ,域名以 www.test.com 代替,说下过程。 昨晚开发突然过来反馈说他们业务故障了, 说了因为 www.test.com 打开不了, 测试了一下,打开显示是找不到网页,线路是电信, 用 https 访问居然正常, 挂美国的 vps 访问也是正常的,联通 4G 访问也是正常, 现象为移动,和电信的线路无法访问 123.123.123.123 的 web 服务。 在服务器上用 curl 访问如下

20190103_19:19:11[root@Tantu_wg_api ~]# curl  123.123.123.123 
20190103_19:19:11curl: (56) Failure when receiving data from the peer
20190103_19:19:31[root@Tantu_wg_api ~]# curl  -Hhost:www.test.com  192.168.10.1
20190103_19:19:37{"status":200,"code":0,"msg":"OK, is api }
[root@Tantu_wg_api ~]#
20190103_19:19:41[root@Tantu_wg_api ~]# curl  -Hhost:api.tantu.
20190103_19:19:51[root@Tantu_wg_api ~]# curl https://www.test.com -I
20190103_19:19:51HTTP/1.1 200 OK

走内网和 https 都没问题,走外网出去就报 56 的错误,服务器上开启日志,发现移动和电信的访问根本没进来,抓包后发现 3 次握手后连接就被重置了

20190103_19:15:0319:15:04.394756 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [S], seq 3917553324, win 14600, options [mss 1460,sackOK,TS val 2842031732 ecr 0,nop,wscale 7], length 0
20190103_19:15:0319:15:04.401524 IP 123.123.123.123.http > 192.168.64.130.33257: Flags [S.], seq 3931168778, ack 3917553325, win 14480, options [mss 1460,sackOK,TS val 1009545965 ecr 2842031732,nop,wscale 7], length 0
20190103_19:15:0319:15:04.401552 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842031739 ecr 1009545965], length 0
20190103_19:15:0319:15:04.401625 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [P.], seq 1:167, ack 1, win 115, options [nop,nop,TS val 2842031739 ecr 1009545965], length 166
20190103_19:15:0319:15:04.408249 IP 123.123.123.123.http > 192.168.64.130.33257: Flags [R], seq 3931168779, win 0, length 0
20190103_19:15:0419:15:05.452281 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [S], seq 3591611786, win 14600, options [mss 1460,sackOK,TS val 2842032790 ecr 0,nop,wscale 7], length 0
20190103_19:15:0419:15:05.459026 IP 123.123.123.123.http > 192.168.64.130.33317: Flags [S.], seq 1471399763, ack 3591611787, win 14480, options [mss 1460,sackOK,TS val 1009547023 ecr 2842032790,nop,wscale 7], length 0
20190103_19:15:0419:15:05.459031 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842032797 ecr 1009547023], length 0
20190103_19:15:0419:15:05.459129 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [P.], seq 1:703, ack 1, win 115, options [nop,nop,TS val 2842032797 ecr 1009547023], length 702
20190103_19:15:0419:15:05.465569 IP 123.123.123.123.http > 192.168.64.130.33317: Flags [R], seq 1471399764, win 0, length 0
20190103_19:15:0519:15:06.700367 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [S], seq 99677139, win 14600, options [mss 1460,sackOK,TS val 2842034038 ecr 0,nop,wscale 7], length 0
20190103_19:15:0519:15:06.707523 IP 123.123.123.123.http > 192.168.64.130.33478: Flags [S.], seq 3754760549, ack 99677140, win 14480, options [mss 1460,sackOK,TS val 1009548272 ecr 2842034038,nop,wscale 7], length 0
20190103_19:15:0519:15:06.707529 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842034045 ecr 1009548272], length 0
20190103_19:15:0519:15:06.707607 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [P.], seq 1:226, ack 1, win 115, options [nop,nop,TS val 2842034045 ecr 1009548272], length 225
20190103_19:15:0519:15:06.714797 IP 123.123.123.123.http > 192.168.64.130.33478: Flags [R], seq 3754760550, win 0, length 0
20190103_19:15:10

这种是不是就是 http 劫持呀? 这种是怎么做到的,而且过了不到一个小时就自己好了, 是运营商网络问题导致的, 移动和电信发给 123.123.123.123 的包没有到达?

1176 次点击
所在节点    问与答
0 条回复

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/523776

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX