the attack for demonstration purposes
본문
해커가
Responsible Disclosure would be regarding an Interval HTTP-Header based vulnerability that creates overflow in the server process to impact the request handling.
I would like to create a PoC of the attack for demonstration purposes and instruct with solving it.
Regards,
위와같이 메시지가 온후 사이트 작동이 멈추고 access.log 에 다음과 같이 되어있습니다.
아무 정보나 좋습니다... 해결책을 찾고 있는 중입니다.
51.159.5.133 - - [29/Nov/2021:15:31:58 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
101.99.95.54 - - [29/Nov/2021:15:31:58 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
201.28.120.142 - - [29/Nov/2021:15:31:58 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
163.172.35.121 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
182.53.50.184 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
115.75.1.184 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
115.75.1.184 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
36.95.65.99 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
202.162.214.243 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
51.159.5.133 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
103.124.2.239 - - [29/Nov/2021:15:31:59 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
188.166.162.1 - - [29/Nov/2021:15:32:00 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
103.124.2.239 - - [29/Nov/2021:15:32:00 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
203.189.142.168 - - [29/Nov/2021:15:32:00 +0000] "PRI * HTTP/2.0" 400 182 "-" "-"
에러로그는 다음과 같습니다.
2021/11/29 15:32:56 [alert] 6395#6395: 768 worker_connections are not enough
2021/11/29 15:32:56 [alert] 6395#6395: 768 worker_connections are not enough
2021/11/29 15:32:56 [alert] 6395#6395: 768 worker_connections are not enough
2021/11/29 15:32:56 [alert] 6395#6395: 768 worker_connections are not enough
2021/11/29 15:32:56 [alert] 6395#6395: 768 worker_connections are not enough
답변 3
SYN attack이면 리눅스환경인경우 iptables chain을 이용해 처리하시면 어떨지..
참고 원문 : https://javapipe.com/blog/iptables-ddos-protection/
한글 자료 : https://sata.kr/entry/IPTables-7-IPTables%EB%A1%9C-Flooding-%EA%B3%B5%EA%B2%A9%EC%9D%84-%EB%A7%89%EC%95%84%EB%B3%B4%EC%9E%90-1-INPUT