星期二, 3月 27, 2007

萬一被SYN Flood攻擊

昨天看到diggirl被駭客攻擊了,就在想若是我遇到要怎麼處理,剛找到這篇,今天獨孤木也貼出SYN Flood 攻擊的基本原理及防禦

想知道diggirl的主機狀況為何,於是拿出老工具nmap:
#nmap -v -A www.diggirl.net

Starting Nmap 4.20 ( http://insecure.org ) at 2007-03-27 11:13 CST
Initiating Parallel DNS resolution of 1 host. at 11:13
Completed Parallel DNS resolution of 1 host. at 11:13, 0.07s elapsed
Initiating SYN Stealth Scan at 11:13
Scanning diggirl.net (202.153.195.38) [1697 ports]
(略)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd or WU-FTPD
22/tcp open ssh OpenSSH 4.2 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.7/8.13.7
53/tcp open domain
80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
110/tcp open pop3 Dovecot pop3d
443/tcp closed https
2401/tcp closed cvspserver
9090/tcp closed zeus-admin
Device type: general purpose
Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%)
果然是很省呀,用一台Linux全包了。
還是建議一下:把ftp、cvspserver關掉,改用sftp、Subversion。至於 zeus-admin我就沒用過,不需要還是關了吧。如果我是hacker,不用直接hack進diggirl,先找同網段一台進去,再Listen ftp port就會知道帳號和密碼;就算是不能登入的帳號....總是有方法的嘛~

用SYN Flood只是讓你不能動,真正厲害是想法子入侵,弄點好玩的出來。不過diggirl裏應該也沒什麼值錢的吧?還是像獨孤木說的,hacker應該去找FBI還是CIA的主機呀!

忘了提主題,萬一被DDoS攻擊時.... 實在沒能力抵抗,說不定網卡就先掛點,我只能舉白旗投降,有錢就買台IP KVM遠端重開機吧。

沒有留言: