zshanjun
我这里dos攻击没有什么效果,我查看了一下被攻击主机的tcp连接状态发现根本就没有多少SYN_REC的状态。
然后通过抓包发现,是攻击主机主动发了【R】,导致被攻击主机的tcp的SYN_REC没有堆积起来:
06:38:15.452913 IP 192.168.38.4.15651 > 192.168.38.5.80: Flags [S], seq 1206198085, win 512, length 0
06:38:15.452930 IP 192.168.38.5.80 > 192.168.38.4.15651: Flags [S.], seq 1729577211, ack 1206198086, win 29200, options [mss 1460], length 0
06:38:15.453009 IP 192.168.38.4.15652 > 192.168.38.5.80: Flags [S], seq 1185838297, win 512, length 0
06:38:15.453033 IP 192.168.38.5.80 > 192.168.38.4.15652: Flags [S.], seq 1389286866, ack 1185838298, win 29200, options [mss 1460], length 0
06:38:15.453132 IP 192.168.38.4.15651 > 192.168.38.5.80: Flags [R], seq 1206198086, win 0, length 0
06:38:15.453141 IP 192.168.38.4.15652 > 192.168.38.5.80: Flags [R], seq 1185838298, win 0, length 0
06:38:15.453384 IP 192.168.38.4.15653 > 192.168.38.5.80: Flags [S], seq 1851454908, win 512, length 0
06:38:15.453406 IP 192.168.38.5.80 > 192.168.38.4.15653: Flags [S.], seq 128486955, ack 1851454909, win 29200, options [mss 1460], length 0
06:38:15.453479 IP 192.168.38.4.15653 > 192.168.38.5.80: Flags [R], seq 1851454909, win 0, length 0
06:38:15.453719 IP 192.168.38.4.15654 > 192.168.38.5.80: Flags [S], seq 700664781, win 512, length 0
06:38:15.453743 IP 192.168.38.5.80 > 192.168.38.4.15654: Flags [S.], seq 3877145682, ack 700664782, win 29200, options [mss 1460], length 0
06:38:15.454017 IP 192.168.38.4.15654 > 192.168.38.5.80: Flags [R], seq 700664782, win 0, length 0
06:38:15.454961 IP 192.168.38.4.15655 > 192.168.38.5.80: Flags [S], seq 1751493720, win 512, length 0
06:38:15.454993 IP 192.168.38.5.80 > 192.168.38.4.15655: Flags [S.], seq 1257904630, ack 1751493721, win 29200, options [mss 1460], length 0
请问这种情况是hping3工具的问题吗?
作者回复: 看起来像是被攻击主机配置了防DoS策略