受到hping3攻击时如何封锁特定ip地址?

受到hping3攻击时如何封锁特定ip地址?

我正在开展一个网络安全项目,并使用以下命令从 Kali Linux 向 Ubuntu VM 发送攻击:

sudo hping3 -c 15000 -d 300 -w 64 -p 22 --flood 192.168.40.40

我已经尝试了几乎所有的 iptables 配置来阻止我发送攻击的 ip ( 192.168.40.55),即,我尝试了类似如下的命令:

iptables -A INPUT -s 192.168.40.55 -j REJECT
iptables -A INPUT -s 192.168.40.55 -j DROP
...

但是攻击并没有被阻止,因为我们可以用 IP 流量软件看到数据包。

有人能帮助我吗?

提前致谢。

编辑:

这是我的输出iptables-save -c

在此处输入图片描述

新编辑:

我正在攻击的虚拟机的数据: 在此处输入图片描述

新编辑: 在此处输入图片描述

答案1

您测试和演示 iptables 规则功能的方法将不起作用。hping3 生成的数据包未设置 SYN 位,因此最终被丢弃,要么是被 iptables 规则丢弃,要么是因为没有其他东西知道如何处理它。

如果您修改 hping3 命令以包含 SYN 标志,并且如果您正在sshd监听端口 22,那么您将收到回复,并且具备测试的起始条件。示例(在我的例子中,192.268.111.112 正在针对 192.168.111.122 运行 hping3)(我也放慢了速度):

doug@s15:~$ sudo hping3 -c 5 -d 300 -w 64 -p 22 --syn --interval 5 s18
HPING s18 (br0 192.168.111.122): S set, 40 headers + 300 data bytes
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=64240 rtt=1.9 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=64240 rtt=1.8 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=2 win=64240 rtt=1.7 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=3 win=64240 rtt=1.6 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=4 win=64240 rtt=1.5 ms

--- s18 hping statistic ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.5/1.7/1.9 ms
doug@s15:~$

在目标计算机上,我运行了 tcpdump。观察通过 SYN 和 SYN ACK 握手创建的 tcp 连接。然后,hping3 重置连接,而坏人可能不会这样做。

doug@s18:~$ sudo tcpdump -n -tttt -i enp3s0 host 192.168.111.112
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-01-08 14:09:38.393919 IP 192.168.111.112.2728 > 192.168.111.122.22: Flags [S], seq 1675527679:1675527979, win 64, length 300
2020-01-08 14:09:38.393980 IP 192.168.111.122.22 > 192.168.111.112.2728: Flags [S.], seq 1494575109, ack 1675527680, win 64240, options [mss 1460], length 0
2020-01-08 14:09:38.394213 IP 192.168.111.112.2728 > 192.168.111.122.22: Flags [R], seq 1675527680, win 0, length 0
2020-01-08 14:09:43.394019 IP 192.168.111.112.2729 > 192.168.111.122.22: Flags [S], seq 1382198395:1382198695, win 64, length 300
2020-01-08 14:09:43.394068 IP 192.168.111.122.22 > 192.168.111.112.2729: Flags [S.], seq 3357751063, ack 1382198396, win 64240, options [mss 1460], length 0
2020-01-08 14:09:43.394318 IP 192.168.111.112.2729 > 192.168.111.122.22: Flags [R], seq 1382198396, win 0, length 0
2020-01-08 14:09:48.394156 IP 192.168.111.112.2730 > 192.168.111.122.22: Flags [S], seq 2046908564:2046908864, win 64, length 300
2020-01-08 14:09:48.394204 IP 192.168.111.122.22 > 192.168.111.112.2730: Flags [S.], seq 922870032, ack 2046908565, win 64240, options [mss 1460], length 0
2020-01-08 14:09:48.394457 IP 192.168.111.112.2730 > 192.168.111.122.22: Flags [R], seq 2046908565, win 0, length 0
2020-01-08 14:09:53.394252 IP 192.168.111.112.2731 > 192.168.111.122.22: Flags [S], seq 2005387083:2005387383, win 64, length 300
2020-01-08 14:09:53.394307 IP 192.168.111.122.22 > 192.168.111.112.2731: Flags [S.], seq 1168444666, ack 2005387084, win 64240, options [mss 1460], length 0
2020-01-08 14:09:53.394547 IP 192.168.111.112.2731 > 192.168.111.122.22: Flags [R], seq 2005387084, win 0, length 0
2020-01-08 14:09:58.394361 IP 192.168.111.112.2732 > 192.168.111.122.22: Flags [S], seq 1346771824:1346772124, win 64, length 300
2020-01-08 14:09:58.394415 IP 192.168.111.122.22 > 192.168.111.112.2732: Flags [S.], seq 1213532639, ack 1346771825, win 64240, options [mss 1460], length 0
2020-01-08 14:09:58.394651 IP 192.168.111.112.2732 > 192.168.111.122.22: Flags [R], seq 1346771825, win 0, length 0

无论如何,再次进行测试,但这次在 hping3 命令期间引入 iptables 规则。注意回复停止。我只使用了您使用的两种方法中的一种sudo iptables -A INPUT -s 192.168.111.112 -j DROP

doug@s15:~$ sudo hping3 -c 5 -d 300 -w 64 -p 22 --syn --interval 5 s18
HPING s18 (br0 192.168.111.122): S set, 40 headers + 300 data bytes
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=64240 rtt=1.9 ms
len=46 ip=192.168.111.122 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=64240 rtt=1.8 ms

--- s18 hping statistic ---
5 packets transmitted, 2 packets received, 60% packet loss
round-trip min/avg/max = 1.8/1.8/1.9 ms
doug@s15:~$

在 tcpdump 端,注意回复数据包停止:

doug@s18:~$ sudo tcpdump -n -tttt -i enp3s0 host 192.168.111.112
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-01-08 14:21:53.046185 IP 192.168.111.112.2218 > 192.168.111.122.22: Flags [S], seq 1908410534:1908410834, win 64, length 300
2020-01-08 14:21:53.046228 IP 192.168.111.122.22 > 192.168.111.112.2218: Flags [S.], seq 4143478207, ack 1908410535, win 64240, options [mss 1460], length 0
2020-01-08 14:21:53.046441 IP 192.168.111.112.2218 > 192.168.111.122.22: Flags [R], seq 1908410535, win 0, length 0
2020-01-08 14:21:58.046251 IP 192.168.111.112.2219 > 192.168.111.122.22: Flags [S], seq 1400121544:1400121844, win 64, length 300
2020-01-08 14:21:58.046289 IP 192.168.111.122.22 > 192.168.111.112.2219: Flags [S.], seq 1009904372, ack 1400121545, win 64240, options [mss 1460], length 0
2020-01-08 14:21:58.046512 IP 192.168.111.112.2219 > 192.168.111.122.22: Flags [R], seq 1400121545, win 0, length 0
2020-01-08 14:22:03.046326 IP 192.168.111.112.2220 > 192.168.111.122.22: Flags [S], seq 628135359:628135659, win 64, length 300
2020-01-08 14:22:08.046392 IP 192.168.111.112.2221 > 192.168.111.122.22: Flags [S], seq 836315746:836316046, win 64, length 300
2020-01-08 14:22:13.046523 IP 192.168.111.112.2222 > 192.168.111.122.22: Flags [S], seq 1462266142:1462266442, win 64, length 300

我们还可以在 iptables 规则集中观察数据包计数器。回复了 2 个数据包后,丢弃了 3 个数据包,总共 5 个,这是发送的数据包:

doug@s18:~$ sudo iptables -v -x -n -L
Chain INPUT (policy ACCEPT 27 packets, 2784 bytes)
    pkts      bytes target     prot opt in     out     source               destination
       3     1020 DROP       all  --  *      *       192.168.111.112      0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 7 packets, 1272 bytes)
    pkts      bytes target     prot opt in     out     source               destination

相关内容