Banyak trafik Keluar melalui UDP

Discussion in 'Masalah Teknik dan Keamanan' started by PusatHosting, 27 Aug 2010.

Thread Status:
Not open for further replies.
  1. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    Hi master ada yang pernah alamin ini, sampai sinkronisasi raidnya gagal server kolaps. masih berkutat cari solusi.

    tcpdump -i eth0 -c 200 -nn
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    19:57:35.233300 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233308 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233309 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233312 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233315 IP 204.74.211.250.55921 > 110.139.24.58.32158: UDP, length 8192
    19:57:35.233321 IP 204.74.211.250.42575 > 110.139.10.137.37794: UDP, length 8192
    19:57:35.233323 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233324 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.233328 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233330 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.233334 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233336 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.233337 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.233340 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.233343 IP 204.74.211.250.48928 > 110.139.10.137.30757: UDP, length 8192
    19:57:35.233346 IP 204.74.211.250.34646 > 110.139.24.58.6242: UDP, length 8192
    19:57:35.233350 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235302 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235306 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235308 IP 204.74.211.250.48928 > 110.139.10.137.30757: UDP, length 8192
    19:57:35.235309 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235310 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235312 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.235313 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.235314 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.235316 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.235325 IP 204.74.211.250 > 110.139.10.137: udp
    19:57:35.235332 IP 204.74.211.250.34646 > 110.139.24.58.6242: UDP, length 8192
    19:57:35.235333 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235335 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235336 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235337 IP 204.74.211.250.38798 > 110.139.24.58.8378: UDP, length 8192
    19:57:35.235339 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.235340 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.237297 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.237305 IP 204.74.211.250 > 110.139.24.58: udp
    19:57:35.237307 IP 204.74.211.250 > 110.139.24.58: udp
     
  2. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    trus ada ini ratusan nih juga, kelihatanya relay dns dari opendns

    Aug 27 21:29:46 cancun named[3666]: client 63.107.135.71#57505: query (cache) 'www.clbooks.com/A/IN' denied
    Aug 27 21:29:46 cancun named[3666]: client 63.87.170.8#36176: query (cache) 'www.clbooks.com/A/IN' denied
    Aug 27 21:29:46 cancun named[3666]: client 74.191.67.11#50970: query (cache) 'www.clbooks.com/A/IN' denied
    Aug 27 21:29:46 cancun named[3666]: client 63.107.135.71#16649: query (cache) 'www.clbooks.com/A/IN' denied
     
  3. rendy

    rendy Hosting Guru DWH Guardian Web Hosting (Company)

    Messages:
    2,792
    Likes Received:
    240
    Trophy Points:
    63
    blok dulu aja si ip yang nge UDP
    abis itu pelan2 cari programnya
    biasanya kalau engga query rekursif, itu ada yang coba ngeabuse pake program ddos
     
  4. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
  5. rendy

    rendy Hosting Guru DWH Guardian Web Hosting (Company)

    Messages:
    2,792
    Likes Received:
    240
    Trophy Points:
    63
  6. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    terima kasih bos, rekursif sudah ku disable coba tak baca referensinya
     
  7. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    kalau dari DA bilang http://help.directadmin.com/item.php?id=115
    allow-recursion{ localnets;}; cuman sayang masih tembus karena ini sebenarnya maslah lama cuman tak biarin karena belum seberapa ganggu tapi kali ini harus ku beresin. sementara tak kasih recursion no; macet dah.
    cuman kalau gini nanti apa masih bisa di resolve dari luar ya...
     
  8. nicosoftmedia

    nicosoftmedia (RIP) Community Guide

    Messages:
    2,025
    Likes Received:
    34
    Trophy Points:
    48
    Kemungkinan percobaan DDOS itu benar adanya.
    Makanya untuk mendisable recursion di DNS sangat direkomendasikan.
    Fungsi recursion ini hampir mirip2 lookup hostname.
    Yang berakibat proses berulang2 dan resource server menjadi naik.
     
  9. rendy

    rendy Hosting Guru DWH Guardian Web Hosting (Company)

    Messages:
    2,792
    Likes Received:
    240
    Trophy Points:
    63
    kalau localnets diganti 127.0.0.1 ?
     
  10. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    langsun keluar lagi

     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...