华为防火墙受ICM华为ip unreachablee attack攻击,SRC地址为内网IP,需要怎么处理?

来源:蜘蛛抓取(WebSpider) 时间:2017-10-21 03:40 标签: 黑客攻击 hack attack
查看:9180|回复:7
初级工程师
各位帮最近公司网速很慢,没有什么人的时候打开网页也比较慢,检查了一下防火墙好像有点不正常。
老是受到攻击,IP spoof attack,ICMP unreachable attack&
我已经配置了
firewall defend icmp-unreachable enable
firewall defend icmp-redirect enable
firewall defend large-icmp enable
firewall defend ping-of-death enable& &&&
firewall defend smurf enable
firewall defend land enable
firewall defend ip-spoofing enable
怎么还有这些提示,有点时候看到内网也有这样的攻击类型
73.12.209:6000 &, dst=&61.144.244.140:8080 &, begin time=& 21:45:38&, end time=& 21:45:59&, total packets=&4&, max speed=&0&.
% 21:45:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&114.80.116.175:6000 &, dst=&61.144.244.140:135 &, begin time=& 21:44:59&, end time=& 21:44:59&, total packets=&1&, max speed=&0&.
% 21:44:35 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&61.160.213.9:6000 &, dst=&61.144.244.140:1433 &, begin time=& 21:44:34&, end time=& 21:44:34&, total packets=&1&, max speed=&0&.
% 21:44:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&210.14.64.83:6000 &, dst=&61.144.244.140:1433 &, begin time=& 21:43:37&, end time=& 21:43:37&, total packets=&1&, max speed=&0&.
% 21:43:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&61.147.119.240:6000 &, dst=&61.144.244.140:1433 &, begin time=& 21:42:55&, end time=& 21:42:55&, total packets=&1&, max speed=&0&.
% 21:42:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&81.31.148.175:19650 &, dst=&61.144.244.140:16001 &, begin time=& 21:41:55&, end time=& 21:41:55&, total packets=&1&, max speed=&0&.
% 21:40:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&112.90.33.5:6000 &, dst=&61.144.244.140:1433 &, begin time=& 21:40:03&, end time=& 21:40:03&, total packets=&1&, max speed=&0&.
% 21:39:35 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&TCP&, src=&124.237.78.104:6000 &, dst=&61.144.244.140:6666 &, begin time=& 21:39:05&, end time=& 21:39:12&, total packets=&3&, max speed=&0&.
% 19:47:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&2&, receive interface=&Ethernet2/0/0 &, proto=&ICMP&, src=&59.34.198.253:0 &, dst=&61.144.244.140:0 &, begin time=& 19:46:51&, end time=& 19:46:51&, total packets=&1&, max speed=&0&.
先谢谢各位了
高级工程师
引用:原帖由 culiuzu 于
22:19 发表
各位帮最近公司网速很慢,没有什么人的时候打开网页也比较慢,检查了一下防火墙好像有点不正常。
老是受到攻击,IP spoof attack,ICMP unreachable attack&
我已经配置了
firewall defend icmp-unreachable enable
firew ... 通过日志可以发现攻击是通过Ethernet2/0/0 接受到的,查看一下该端口连接的是什么设备
断了这个端口。测试一下攻击是否存在 ,如果下面连接的是主机或是服务器,直接断网杀毒,
少思虑以养心气,寡色欲以养肾气,
常运动以养骨气,戒嗔怒以养肝气,
薄滋味以养胃气,省言语以养神气,
多读书以养胆气,顺时令以养元气
高级工程师
引用:原帖由 culiuzu 于
22:19 发表
各位帮最近公司网速很慢,没有什么人的时候打开网页也比较慢,检查了一下防火墙好像有点不正常。
老是受到攻击,IP spoof attack,ICMP unreachable attack&
我已经配置了
firewall defend icmp-unreachable enable
firew ... 你把内网攻击的日志信息发上来 我看看
少思虑以养心气,寡色欲以养肾气,
常运动以养骨气,戒嗔怒以养肝气,
薄滋味以养胃气,省言语以养神气,
多读书以养胆气,顺时令以养元气
白袍大法师
正常的。。
打开防攻击功能,至少可以把攻击连接丢弃。。
如果不打开,反而会占用连接数,导致防火墙最后瘫痪!!
检查攻击源地址,如果是内网的方向 向外网的,就查查找内网主机,进行处理。。
如果是外网的,是没办法处理的。只能打开防攻击功能,由防火墙来处理。
天下风云出我辈, 一入江湖岁月催。当年的“小侠唐在飞” 如今变成了“大侠唐在飞”。?金杯银杯,不如网友的口碑;金奖银奖,不如网友的褒奖;熊掌鸭掌,不如网友的鼓掌~& &
?欢迎加入“唐志强技术教学交流群”,群号:。& &?
正常啊,防火墙显示出来了,攻击被拦截
初级工程师
谢谢,我去检查一下内网主机
本帖最后由 culiuzu 于
13:10 编辑
初级工程师
内网电脑:192.168.0.2;192.168.0.3;192.168.0.12
怎么看到都是过一段时间就会看到不同的内网ip显示受到攻击,难道内网都中毒了,还是这些是正常的拦截信息,谢谢
这些是内网日志的信息:
% 11:21:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&0&, receive interface=&Vlanif1 Ethernet0/0/0 &, proto=&ICMP&, src=&192.168.0.51:0 12.88.101.42:0 &, dst=&121.11.68.194:0 183.62.139.199:0 &, begin time=& 11:20:48&, end time=& 11:21:01&, total packets=&3&, max speed=&0&.
% 11:20:35 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&IP spoof attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&UDP&, src=&10.45.50.52:138 &, dst=&10.45.50.63:138 &, begin time=& 11:20:17&, end time=& 11:20:17&, total packets=&1&, max speed=&0&
% 08:54:35 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&ICMP&, src=&192.168.0.26:0 &, dst=&202.104.241.70:0 &, begin time=& 08:54:20&, end time=& 08:54:20&, total packets=&1&, max speed=&0&.
% 08:52:35 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&ICMP&, src=&192.168.0.26:0 &, dst=&121.11.68.214:0 &, begin time=& 08:52:33&, end time=& 08:52:33&, total packets=&1&, max speed=&0&.
% 08:28:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&ICMP&, src=&192.168.0.2:0 &, dst=&183.8.72.88:0 &, begin time=& 08:27:58&, end time=& 08:27:58&, total packets=&1&, max speed=&0&.
% 08:27:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&ICMP&, src=&192.168.0.2:0 &, dst=&119.123.122.211:0 &, begin time=& 08:26:59&, end time=& 08:27:03&, total packets=&2&, max speed=&0&.
% 08:26:35 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&ICMP unreachable attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&ICMP&, src=&192.168.0.2:0 &, dst=&183.8.72.88:0 119.123.122.211:0 &, begin time=& 08:26:26&, end time=& 08:26:32&, total packets=&3&, max speed=&0&.
% 08:29:05 USG2110 %%01SEC/4/ATCKDF(l): AttackType=&Arp spoof attack&, slot=&0&, receive interface=&Vlanif1 &, proto=&ARP&, src=&192.168.0.3:0 &, dst=&192.168.0.1:0 &, begin time=& 08:28:52&, end time=& 08:28:53&, total packets=&2&, max speed=&0&.华为防火墙攻击防范参考配置_百度文库
两大类热门资源免费畅读
续费一年阅读会员,立省24元!
华为防火墙攻击防范参考配置
你可能喜欢用户名:foamy_3379
访问量:6923
注册日期:
阅读量:1297
阅读量:3317
阅读量:581711
阅读量:466261
51CTO推荐博文
华为防火墙安全策略配置一、配置要求及拓扑;要求:1、Trust区域用户可以访问Untust区域与DMZ区域用户;2、Untrust区域用户只能访问DMZ区域ICMP与Telnet流量;3、DMZ区域用户即不能访问Untrust区域和Tust区域;4、区域trust内只允许源地址为192.168.1.0/24,ICMP ;二、基础配置防火墙huaweiFWsystem-view&sysname huaweiFWinterface GigabitEthernet0/0/0&ip address 202.100.1.10 255.255.255.0quitinterface GigabitEthernet0/0/1&ip address 172.16.1.10 255.255.255.0quitinterface GigabitEthernet0/0/2&&ip address 192.168.1.10 255.255.255.0quitinterface GigabitEthernet0/0/3&ip address 192.168.10.10 255.255.255.0quitfirewall zone trust&add interface GigabitEthernet0/0/2&add interface GigabitEthernet0/0/3&quitfirewall zone untrust&add interface GigabitEthernet0/0/0&quitfirewall zone dmz&add interface GigabitEthernet0/0/1&quit&AR1:system-view&sysname AR5interface GigabitEthernet0/0/0&ip address 192.168.10.1 255.255.255.0&quitip route-static 0.0.0.0 0.0.0.0 192.168.10.1AR2system-view&sysname DMZinterface GigabitEthernet 0/0/0ip address 172.16.1.1 24quitip route-static 0.0.0.0 0 172.16.1.10AR3system-view&sysname trustinterface GigabitEthernet 0/0/0ip address 192.168.1.1 24interface loopback0ip address 2.2.2.2 32quitip route-static 0.0.0.0 0 192.168.1.10quitAR5system-view&sysname trustinterface GigabitEthernet 0/0/0ip address 192.168.1.1 24interface loopback0ip address 2.2.2.2 32quitip route-static 0.0.0.0 0 192.168.1.10quit三、防火墙策略配置防火墙默认策略为:# &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&firewall packet-filter default permit interzone local trust direction inbound&firewall packet-filter default permit interzone local trust direction outbound&firewall packet-filter default permit interzone local untrust direction outbound&firewall packet-filter default permit interzone local dmz direction outbound#&firewall session link-state check&==启用会话链路状态检查firewall packet-filter default deny all&==拒绝所有流量配值安全访问策略Trust区域用户可以访问Untust区域与DMZ区域用户firewall packet-filter default permit interzone trust untrust direction outboundfirewall packet-filter default permit interzone trust dmz direction outboundUntrust区域用户只能访问DMZ区域ICMP与Telnet流量policy interzone dmz untrust inbound&policy 1&&action permit&&policy service service-set icmp&&policy destination 172.16.1.1 0&policy 2&&action permit&&policy service service-set telnet&&policy destination 172.16.1.1 0 &&&&&&&&&&查看会话:[huaweiFW]display policy interzone untrust dmz inbound15:17:51 &policy interzone dmz untrust inbound&firewall default packet-filter is deny&policy 1 (2 times matched)&&action permit&&&policy service service-set icmp (predefined)&&policy source any&&policy destination 172.16.1.1 0&policy 2 (4 times matched)&&action permit&&&policy service service-set telnet (predefined)&&policy source any&&policy destination 172.16.1.1 0[huaweiFW]&&&DMZ区域用户即不能访问Untrust区域和Tust区域(可以不用配置因为前面以拒绝过一次流量了)区域trust内只允许源地址为192.168.1.0/24,ICMP ;policy zone trust&policy 1&&action permit&&policy service service-set icmp&&policy source 192.168.1.0 mask 255.255.255.0&policy 2&&action deny本文出自 “” 博客,请务必保留此出处
了这篇文章
类别:未分类┆阅读(0)┆评论(0)

我要回帖

更多关于 黑客攻击 hack attack 的文章

 

随机推荐