UDP: short packet в dmesg

[Cool_Lamer]

Постоянно вижу какой-то флуд в dmesg

dmesg

[30077099.039164] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077100.102449] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077100.750436] UDP: short packet: From 31.180.136.87:0 0/28 to 178.124.555.256:20480
[30077101.462253] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077101.462262] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077101.462267] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077101.462284] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077105.604650] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077108.977703] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077108.977710] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077110.470609] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077110.470625] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077112.284872] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077114.361008] UDP: short packet: From 31.180.136.87:0 0/28 to 178.124.555.256:20480
[30077116.641306] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077116.898629] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077116.989362] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077117.336198] UDP: short packet: From 31.180.136.87:0 0/28 to 178.124.555.256:20480
[30077118.451882] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077119.125739] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077119.445911] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077119.446031] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077119.687843] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077122.421827] net_ratelimit: 10 callbacks suppressed
[30077122.421834] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077123.613084] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077123.613091] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077123.613630] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077123.613638] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077124.377971] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077124.711609] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077124.711618] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077124.712396] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077124.712957] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077128.617275] net_ratelimit: 6 callbacks suppressed
[30077128.617280] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077128.751161] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077128.751173] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077128.751179] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077130.526039] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077131.359656] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077131.359663] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077135.309548] UDP: short packet: From 31.180.136.87:0 0/28 to 178.124.555.256:20480
[30077135.310236] UDP: short packet: From 31.180.136.87:0 0/28 to 178.124.555.256:20480
[30077135.988032] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077135.988038] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077136.975639] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077136.975646] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077137.732145] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077137.732886] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077137.896480] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077138.784650] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077141.121988] net_ratelimit: 3 callbacks suppressed
[30077141.121993] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077141.613249] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077143.807691] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077144.821009] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077144.821187] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077147.055966] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077147.115645] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077147.934313] UDP: short packet: From 31.180.136.87:0 0/1459 to 178.124.555.256:20480
[30077203.589220] UDP: short packet: From 94.233.81.97:0 0/28 to 178.124.555.256:20480
[root@nat ~]# netstat -an | grep 20480
[root@nat ~]#

Где 178.124.555.256 - адрес моего внешнего интерфейса, 20480 порт ничем не занят.

error лог апача

[Tue Jul 11 12:33:21 2017] [error] [client 5.251.122.210] request failed: error reading the headers
[Tue Jul 11 12:33:21 2017] [error] [client 176.62.76.102] request failed: error reading the headers
[Tue Jul 11 12:33:51 2017] [error] [client 90.189.226.233] Invalid URI in request \x1f-\xafn\r\xeb\xa2\xbe\xb2\xc0~\xabdl1J\xb0\xe2b
\x9d\x97\x8as\x01.9\x8c\xe1('\x9d\x05\x8bD\xe5\x83tt}\x18g\xcc)'\xfdl:J\x8a`\xa1\x80\x0e\xb0\x19Z7]g\xfb\xed$\x9a\xe3\xddl\x03
[Tue Jul 11 12:33:57 2017] [error] [client 95.73.111.214] request failed: error reading the headers
[Tue Jul 11 12:33:57 2017] [error] [client 79.139.193.1] Invalid URI in request \x9di\xdf\x90G\xbf_d\xa9I\xfd$\xd5u\xff\xc8\xc9&\x9d
\x10&;\\\xd6iyLO\x9ch\xe1\x85\x04\xcad\xda\xf3rH\xe9Lfh\xd7\xc9\x03\xa3\x16\xee\xean\x8a|=\xd2\xfd(\xeb5\x92\xed\xc2g\xb6\xcb\x89\xc
d\x15\x90\x1d\xb7\xa58x\xe2\xf3a\xda+\xd9\x1b\x8f7\x96tw\x10Az\xb5\xcb\xb1\xd9\x06\x19\xf2\x0f\x13\xeb\xb4\xb6\xa1\xca\xc0QW\r\xaf#\
xb8l%xNT\x11}/
[Tue Jul 11 12:33:57 2017] [error] [client 176.212.241.2] Invalid URI in request AF\xd0w\t6A\xef\xe8\x82\xf6
[Tue Jul 11 12:34:05 2017] [error] [client 31.40.47.205] request failed: error reading the headers
[Tue Jul 11 12:34:05 2017] [error] [client 5.139.136.213] Invalid URI in request \x12i\xd9\xf4\xd8\x820+\x0cVh?\x89\x18\x9b\x8f\x1c\
xd6\x8db\x827\xbb\xff\x8b
[Tue Jul 11 12:34:05 2017] [error] [client 128.69.239.31] request failed: error reading the headers
[Tue Jul 11 12:34:05 2017] [error] [client 88.206.44.196] Invalid method in request \xee\x06
[Tue Jul 11 12:34:05 2017] [error] [client 31.162.132.228] request failed: error reading the headers
[Tue Jul 11 12:34:05 2017] [error] [client 86.102.34.201] request failed: error reading the headers
[Tue Jul 11 12:34:10 2017] [error] [client 141.105.25.54] Invalid method in request u\x14\xceS\xb6\xde:3\xbdi\xc2
[Tue Jul 11 12:34:30 2017] [error] [client 91.78.132.230] Invalid URI in request !\xf2\x12p\x9bB\xdc\xd0U\xc3\xd5z\xf0|h\x12\x85\x1a
\xa52\x80\xcc\r$\xb6\xa5\x96\xfca\xe7\xbcp\xbe\xb6c*
[Tue Jul 11 12:34:30 2017] [error] [client 46.37.145.163] request failed: error reading the headers
[Tue Jul 11 12:34:30 2017] [error] [client 212.79.112.156] request failed: error reading the headers
[Tue Jul 11 12:34:39 2017] [error] [client 92.252.139.86] Invalid method in request y\x07\xd7\x06I}\x0f\xa6\xed\xa8\x82
[Tue Jul 11 12:34:39 2017] [error] [client 2.93.80.175] request failed: error reading the headers
[Tue Jul 11 12:34:39 2017] [error] [client 94.233.3.187] request failed: error reading the headers
[Tue Jul 11 12:34:39 2017] [error] [client 95.181.255.42] request failed: error reading the headers
[Tue Jul 11 12:34:44 2017] [error] [client 178.186.18.206] Invalid method in request \xba\xe6\x9e.\xbb\x92\xd1e\xd6td\xbc\xe0\xdc\x0
5i\x8c\x9aQ8\xab1\x97\xfec1\x88\xc8\xf4\x1bw#I_\x84\x0e\x1dW.\xf6\x1f8\xef\xa5\xd4e\xfeZ`\x94\x0ew\x04q\xb8\xe0\xcb\xb0\xb0+\xb54\x1
26c\xde\xfe\xee\x8c\x16o\xd0\xcb\xff\xd90\xdb\x9d9\x90=\xfa#l)\x8b\x97\xd3q\x89S\x03\x0ef\x94\x9f\xd9\xe8B*\xb0\x17\x9f|#\xf8
[Tue Jul 11 12:34:44 2017] [error] [client 176.124.25.60] Invalid method in request \x03\xd7\x19\xfbD\xb3\x815Y\xc7r\xfc\xf5\x86\x12
KK\xac\xd5\xdd*i3\x7f\x9c\xd3x\xd7\xc4\xbf\xb3\xdd\xb7]\xd8IJ\xb7\x1eB\xb2\xff}Q
[Tue Jul 11 12:34:44 2017] [error] [client 93.80.107.234] Invalid method in request \x1ca\xdai\xc7\x9a\xbb\xd3$\xe2\xb6\x01\xd9j\x13
\xd6\xec
[Tue Jul 11 12:35:00 2017] [error] [client 46.34.142.180] request failed: error reading the headers
[Tue Jul 11 12:36:06 2017] [error] [client 50.64.37.89] PHP Notice:  Undefined index: HTTP_HOST in /var/www/vhosts/sitename.com/librar
ies/joomla/uri/uri.php on line 102
[Tue Jul 11 12:36:06 2017] [error] [client 176.215.14.60] request failed: error reading the headers
[Tue Jul 11 12:36:06 2017] [error] [client 188.226.38.79] request failed: error reading the headers
[Tue Jul 11 12:36:08 2017] [error] [client 95.104.235.149] Invalid method in request \xa7\xd4\xfb\xac\xf6\x87k\x15\xac\x14[nM\xab'\x
e3Gi\x11Y\x1e\x15k\xa8r\xde\xeb\x06\x13\xc5\x05A2g\xe9V[{_\x99B9\x07\x8a\xa1\xa27\x18T\xc8\x83\x8d
[Tue Jul 11 12:36:08 2017] [error] [client 95.106.78.19] request failed: error reading the headers
[Tue Jul 11 12:36:11 2017] [error] [client 178.44.153.117] Invalid URI in request \x13\xde\xe0@e\xcd\t\xb8\xf5N\xe7&\xda\xd4}IN
[Tue Jul 11 12:36:15 2017] [error] [client 193.238.132.85] request failed: error reading the headers
[Tue Jul 11 12:36:15 2017] [error] [client 95.29.160.92] request failed: error reading the headers
[Tue Jul 11 12:36:17 2017] [error] [client 178.216.99.49] Invalid method in request .*\x93v@F\x07\x93\xb2QY\xdb\x10\xd4\xf0\xd9Bn\x1
2\x92\x02\xf8v\x13d\x92\xae\xa6
[Tue Jul 11 12:36:17 2017] [error] [client 77.34.119.139] Invalid URI in request ^E\xd6\xb6O\xcdr\xac\xde\xc3\x04<\xffj\xd4lK\x93\xe
b4\xb3\xa9l\x15\x1a\xaa\xde\xb4!B\xd0\xedo\xeb\\\xe0\xe7\xf3\xaf\xda\xc4\xa3?\x03\b\x15\xd7N,o\xb3\xd3\rC~\xcf\xfaa\xb7\xc9C\xc0\xba
\xfd|\xb6(\xdc\xbd\xafH\xb44\xf8\x8ba\xd2\bm\\\xfbg\xaf\x1a\xda\x0f\x9f\xb2G\xdaT\xc5\xc0\xd1N\x13\x8a[\xbf\xceX\b\xc0\xbc\xfa\xde[\
xf1F\xfa\x85\x7f]\xb9\xc2\xf2-kaL00R\x9a
[Tue Jul 11 12:36:22 2017] [error] [client 62.84.36.60] Invalid method in request \x1f#\xa6f\xb2\xe1\x97"\xb5*
[Tue Jul 11 12:36:22 2017] [error] [client 2.133.221.129] Invalid method in request \x99\xd9
[Tue Jul 11 12:36:30 2017] [error] [client 79.139.193.1] Invalid URI in request \xa2\xb8$-~w\xafT\xd5\xfd\b'\xa7(\x89\x1d\x1c\xbe<\x
8b\x07!H\r\x91b$?\x8d\x80x8h+\xa8'J\xba\xcc,k5
[Tue Jul 11 12:36:30 2017] [error] [client 10.5.23.25] File does not exist: /var/www/vhosts/sitename.com/templates/djamfavicon.ico, re
ferer: http://sitename.com/
[Tue Jul 11 12:36:32 2017] [error] [client 109.165.102.255] request failed: error reading the headers
[Tue Jul 11 12:36:37 2017] [error] [client 95.72.110.190] request failed: error reading the headers
[Tue Jul 11 12:36:56 2017] [error] [client 88.206.44.196] Invalid URI in request \x88Ilh/>\x90]\xb4\x1fu\x9f~2U\xb6\x15\x91b\x11hkC+
\xd4\xf8\xa5\xe7.:\x82.\x88\xf0\x05j\xd5\xef\xa2\xd0\xa3*\xd3\xeb\xa0\x9c\xe3y\xc04\x87 \xdd\xaf<\xbe\xf9\xb4n6\x99\xf0>Gg\x04\x80z/
#\xa0W\xf4']y\x19\xc2\xfe\xff\x01\xa2\xfe\x07\x83\xf3\x11\xb9\x8fV\xb9\xd3\xd8yp\xa2)\xba?\xf6\x1a
[Tue Jul 11 12:37:11 2017] [error] [client 109.197.249.40] Invalid URI in request \xe8 \x84\x95\xfc#\x98\x0eSG\xa5

Связаны ли эти два события? Это ддос или же, на вебке попытка брутфорса, а в dmesg просто железяка какая-то криво работает и флудит?

[ruslandh]

http://c-s.net.ua/forum/topic71733.html

[Cool_Lamer]

http://c-s.net.ua/forum/topic71733.html

Уже читал, к чему там пришли так и не понял, но то что дропать бесполезно это факт, т.к. адрес меняется.

[ruslandh]

Во-первых прлверить, что у вас на этом порту никто не висит из приложений.
Во-вторых можно дропать по длине пакета.
А так, насколько я понял, этот порт обычно используют игры, типа Контр-Страйк. 

[Cool_Lamer]

# netstat -an | grep 20480

Точно, в первом посту выдавал
пусто, просто строка затерялась внизу)
Ну контра контрой, а я тут при чём?)
На данный момент прилетают сообщения UDP: bad checksum

dmesg

[30089531.854743] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1398
[30089533.055422] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1398
[30089535.062968] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1398
[30089535.428616] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1398
[30089539.128685] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1398
[30089547.210536] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1398
[30089624.739319] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089624.854188] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089624.980117] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089624.980124] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089626.587577] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089626.587751] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089626.588280] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089627.979415] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089630.040046] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089634.112418] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393
[30089642.524837] UDP: bad checksum. From 81.162.50.199:29375 to 178.124.555.256:21272 ulen 1393

[ruslandh]

Попытка ddos' ить короткими и неправильными пакетами.

[Cool_Lamer]

Попытка ddos' ить короткими и неправильными пакетами.

Может что посоветуете?

[ruslandh]

Там по ссылке были правила, возможно этого будет достаточно.

[Cool_Lamer]

Там по ссылке были правила, возможно этого будет достаточно.

Вы про

Код: [Выделить]

-A INPUT -p udp -m length --length 0:32 -j DROP?
А как узнать размер пакета?