Banyak trafik Keluar melalui UDP


Status
Not open for further replies.

PusatHosting

Hosting Guru
Hi master ada yang pernah alamin ini, sampai sinkronisasi raidnya gagal server kolaps. masih berkutat cari solusi.

tcpdump -i eth0 -c 200 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:57:35.233300 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233308 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233309 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233312 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233315 IP 204.74.211.250.55921 > 110.139.24.58.32158: UDP, length 8192
19:57:35.233321 IP 204.74.211.250.42575 > 110.139.10.137.37794: UDP, length 8192
19:57:35.233323 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233324 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.233328 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233330 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.233334 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233336 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.233337 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.233340 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.233343 IP 204.74.211.250.48928 > 110.139.10.137.30757: UDP, length 8192
19:57:35.233346 IP 204.74.211.250.34646 > 110.139.24.58.6242: UDP, length 8192
19:57:35.233350 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235302 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235306 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235308 IP 204.74.211.250.48928 > 110.139.10.137.30757: UDP, length 8192
19:57:35.235309 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235310 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235312 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.235313 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.235314 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.235316 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.235325 IP 204.74.211.250 > 110.139.10.137: udp
19:57:35.235332 IP 204.74.211.250.34646 > 110.139.24.58.6242: UDP, length 8192
19:57:35.235333 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235335 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235336 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235337 IP 204.74.211.250.38798 > 110.139.24.58.8378: UDP, length 8192
19:57:35.235339 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.235340 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.237297 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.237305 IP 204.74.211.250 > 110.139.24.58: udp
19:57:35.237307 IP 204.74.211.250 > 110.139.24.58: udp
 

PusatHosting

Hosting Guru
trus ada ini ratusan nih juga, kelihatanya relay dns dari opendns

Aug 27 21:29:46 cancun named[3666]: client 63.107.135.71#57505: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:29:46 cancun named[3666]: client 63.87.170.8#36176: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:29:46 cancun named[3666]: client 74.191.67.11#50970: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:29:46 cancun named[3666]: client 63.107.135.71#16649: query (cache) 'www.clbooks.com/A/IN' denied
 

rendy

Hosting Guru
Verified Provider
blok dulu aja si ip yang nge UDP
abis itu pelan2 cari programnya
biasanya kalau engga query rekursif, itu ada yang coba ngeabuse pake program ddos
 

PusatHosting

Hosting Guru

PusatHosting

Hosting Guru
kalau dari DA bilang http://help.directadmin.com/item.php?id=115
allow-recursion{ localnets;}; cuman sayang masih tembus karena ini sebenarnya maslah lama cuman tak biarin karena belum seberapa ganggu tapi kali ini harus ku beresin. sementara tak kasih recursion no; macet dah.
cuman kalau gini nanti apa masih bisa di resolve dari luar ya...
 

nicosoftmedia

(RIP) Community Guide
Kemungkinan percobaan DDOS itu benar adanya.
Makanya untuk mendisable recursion di DNS sangat direkomendasikan.
Fungsi recursion ini hampir mirip2 lookup hostname.
Yang berakibat proses berulang2 dan resource server menjadi naik.
 

rendy

Hosting Guru
Verified Provider
kalau dari DA bilang http://help.directadmin.com/item.php?id=115
allow-recursion{ localnets;}; cuman sayang masih tembus karena ini sebenarnya maslah lama cuman tak biarin karena belum seberapa ganggu tapi kali ini harus ku beresin. sementara tak kasih recursion no; macet dah.
cuman kalau gini nanti apa masih bisa di resolve dari luar ya...
kalau localnets diganti 127.0.0.1 ?
 

PusatHosting

Hosting Guru
langsun keluar lagi

Aug 28 08:10:22 cancun named\[24343]: client 125.160.4.82#60400: query (cache) 'iklanpos.co.id/A/IN' denied
Aug 28 08:10:22 cancun named\[24343]: client 125.160.4.82#51172: query (cache) 'iklanpos.co.id/A/IN' denied
Aug 28 08:10:22 cancun named\[24343]: client 125.160.4.82#36249: query (cache) 'iklanpos.co.id/A/IN' denied
Aug 28 08:10:22 cancun named\[24343]: client 125.160.4.82#55818: query (cache) 'iklanpos.co.id/A/IN' denied
Aug 28 08:10:23 cancun named\[24343]: client 125.160.4.82#41775: query (cache) 'iklanpos.co.id/A/IN' denied
 
Status
Not open for further replies.

Top