PROXY規制中とやらの2ちゃんねるでは、書き込み時に クライアントに対しポートスキャナが動きます。 下のダンプで観測しているのは 80番だけですが、3128や8080もたぶん 確認するんでしょう。
SYN - SYNACK - ACK - ACKFIN なので、単なるポートスキャンです。 特に HTTP な通信がされるわけではなく、httpdのログにも残らないことがあります。
接続が成功すれば open proxy であるかどうかとは関係なく、 書き込み規制されます。
エラーメッセージでは「プロバイダかシステム管理者さんと相談してね。」 としか出ず、管理者でも対処方法がわからんというたちが悪いものですが、 現状での正解は 「アクティブ型IDS(侵入検出システム)で、216.218.192.138 からの接続は ACKRSTで強制切断」 かな? 「216.218.192.138 からのtcpをルータでたたき落とす」の方が確実ですが、 タイムアウトまで待たされます。併用が一番しあわせそうです (が、アクティブIDSなんてそうそう使えるもんぢゃないぞ)
! Preliminary 2ch port scanner ! Just dropping the packet as below requires timeout on the ! "client" side (216.218.192.138); faster solution is to ! pretend that port isn't open at all, by using Active IDS or similar. access-list 101 deny tcp 216.218.192.136 0.0.0.7 any access-list 101 permit ip any anyaccept()されたらアウトなので、httpdレベルでの規制は全く無意味です。 Linuxではカーネルレベルでたたき落とす機構があったような気がしますが
順索きが www とか ns でも弾くようにできているようなので、 場合によっては 2ch専用に偽DNSサーバーとかが必要かも。
基本的に2chは個人サイトなので、いかにも素人っぽい対策が施されていても 文句は言えません。
he.net (Hurricane Electric) は、spamにおそろしく寛容なことで その名を轟かせているので、2chでなくてもルーターで ブロックするのはかなりおすすめ。
________________________________ 1 0.00000 banana.he.net -> masamune ETHER Type=0800 (IP), size = 74 bytes 1 0.00000 banana.he.net -> masamune IP D=130.34.233.159 S=216.218.192.138 LEN=60, ID=44092 1 0.00000 banana.he.net -> masamune TCP D=80 S=1547 Syn Seq=1434138361 Len=0 Win=32120 Options=<mss 1460,sackOK,tstamp 780522027 0,nop,wscale 0> 1 0.00000 banana.he.net -> masamune HTTP C port=1547 ________________________________ 2 0.00002 masamune -> banana.he.net ETHER Type=0800 (IP), size = 78 bytes 2 0.00002 masamune -> banana.he.net IP D=216.218.192.138 S=130.34.233.159 LEN=64, ID=4869 2 0.00002 masamune -> banana.he.net TCP D=1547 S=80 Syn Ack=1434138362 Seq=1424148020 Len=0 Win=24616 Options=<nop,nop,tstamp 333853978 780522027,nop,wscale 0,nop,nop,sackOK,mss 1460> 2 0.00002 masamune -> banana.he.net HTTP R port=1547 ________________________________ 3 0.28432 banana.he.net -> masamune ETHER Type=0800 (IP), size = 66 bytes 3 0.28432 banana.he.net -> masamune IP D=130.34.233.159 S=216.218.192.138 LEN=52, ID=44214 3 0.28432 banana.he.net -> masamune TCP D=80 S=1547 Ack=1424148021 Seq=1434138362 Len=0 Win=32120 Options=<nop,nop,tstamp 780522055 333853978> 3 0.28432 banana.he.net -> masamune HTTP C port=1547 ________________________________ 4 0.00346 banana.he.net -> masamune ETHER Type=0800 (IP), size = 66 bytes 4 0.00346 banana.he.net -> masamune IP D=130.34.233.159 S=216.218.192.138 LEN=52, ID=44217 4 0.00346 banana.he.net -> masamune TCP D=80 S=1547 Fin Ack=1424148021 Seq=1434138362 Len=0 Win=32120 Options=<nop,nop,tstamp 780522055 333853978> 4 0.00346 banana.he.net -> masamune HTTP C port=1547 ________________________________ 5 0.00003 masamune -> banana.he.net ETHER Type=0800 (IP), size = 66 bytes 5 0.00003 masamune -> banana.he.net IP D=216.218.192.138 S=130.34.233.159 LEN=52, ID=4870 5 0.00003 masamune -> banana.he.net TCP D=1547 S=80 Ack=1434138363 Seq=1424148021 Len=0 Win=24616 Options=<nop,nop,tstamp 333854007 780522055> 5 0.00003 masamune -> banana.he.net HTTP R port=1547 ________________________________ 6 0.00012 masamune -> banana.he.net ETHER Type=0800 (IP), size = 66 bytes 6 0.00012 masamune -> banana.he.net IP D=216.218.192.138 S=130.34.233.159 LEN=52, ID=4871 6 0.00012 masamune -> banana.he.net TCP D=1547 S=80 Fin Ack=1434138363 Seq=1424148021 Len=0 Win=24616 Options=<nop,nop,tstamp 333854007 780522055> 6 0.00012 masamune -> banana.he.net HTTP R port=1547 ________________________________ 7 0.22009 banana.he.net -> masamune ETHER Type=0800 (IP), size = 66 bytes 7 0.22009 banana.he.net -> masamune IP D=130.34.233.159 S=216.218.192.138 LEN=52, ID=44333 7 0.22009 banana.he.net -> masamune TCP D=80 S=1547 Ack=1424148022 Seq=1434138363 Len=0 Win=32120 Options=<nop,nop,tstamp 780522077 333854007> 7 0.22009 banana.he.net -> masamune HTTP C port=1547
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 0:33:40.17
ETHER: Packet size = 74 bytes
ETHER: Destination = 8:0:20:a1:58:dd, Sun
ETHER: Source = 0:30:f2:cb:40:78,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 60 bytes
IP: Identification = 44092
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 47 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 9a58
IP: Source address = 216.218.192.138, banana.he.net
IP: Destination address = 130.34.233.159, masamune
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 1547
TCP: Destination port = 80 (HTTP)
TCP: Sequence number = 1434138361
TCP: Acknowledgement number = 0
TCP: Data offset = 40 bytes
TCP: Flags = 0x02
TCP: ..0. .... = No urgent pointer
TCP: ...0 .... = No acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 32120
TCP: Checksum = 0x31e7
TCP: Urgent pointer = 0
TCP: Options: (20 bytes)
TCP: - Maximum segment size = 1460 bytes
TCP: - SACK permitted option
TCP: - TS Val = 780522027, TS Echo = 0
TCP: - No operation
TCP: - Window scale = 0
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0800 20a1 58dd 0030 f2cb 4078 0800 4500 .. .X..0..@x..E.
16: 003c ac3c 4000 2f06 9a58 d8da c08a 8222 .<.<@./..X....."
32: e99f 060b 0050 557b 36f9 0000 0000 a002 .....PU{6.......
48: 7d78 31e7 0000 0204 05b4 0402 080a 2e85 }x1.............
64: d22b 0000 0000 0103 0300 .+........
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 0:33:40.17
ETHER: Packet size = 78 bytes
ETHER: Destination = 0:30:f2:cb:40:78,
ETHER: Source = 8:0:20:a1:58:dd, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 64 bytes
IP: Identification = 4869
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 268c
IP: Source address = 130.34.233.159, masamune
IP: Destination address = 216.218.192.138, banana.he.net
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 80
TCP: Destination port = 1547
TCP: Sequence number = 1424148020
TCP: Acknowledgement number = 1434138362
TCP: Data offset = 44 bytes
TCP: Flags = 0x12
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..1. = Syn
TCP: .... ...0 = No Fin
TCP: Window = 24616
TCP: Checksum = 0xd908
TCP: Urgent pointer = 0
TCP: Options: (24 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 333853978, TS Echo = 780522027
TCP: - No operation
TCP: - Window scale = 0
TCP: - No operation
TCP: - No operation
TCP: - SACK permitted option
TCP: - Maximum segment size = 1460 bytes
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0030 f2cb 4078 0800 20a1 58dd 0800 4500 .0..@x.. .X...E.
16: 0040 1305 4000 3c06 268c 8222 e99f d8da .@..@.<.&.."....
32: c08a 0050 060b 54e2 c634 557b 36fa b012 ...P..T..4U{6...
48: 6028 d908 0000 0101 080a 13e6 351a 2e85 `(..........5...
64: d22b 0103 0300 0101 0402 0204 05b4 .+............
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 3 arrived at 0:33:40.45
ETHER: Packet size = 66 bytes
ETHER: Destination = 8:0:20:a1:58:dd, Sun
ETHER: Source = 0:30:f2:cb:40:78,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 52 bytes
IP: Identification = 44214
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 47 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 99e6
IP: Source address = 216.218.192.138, banana.he.net
IP: Destination address = 130.34.233.159, masamune
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 1547
TCP: Destination port = 80 (HTTP)
TCP: Sequence number = 1434138362
TCP: Acknowledgement number = 1424148021
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 32120
TCP: Checksum = 0xfc67
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 780522055, TS Echo = 333853978
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0800 20a1 58dd 0030 f2cb 4078 0800 4500 .. .X..0..@x..E.
16: 0034 acb6 4000 2f06 99e6 d8da c08a 8222 .4..@./........"
32: e99f 060b 0050 557b 36fa 54e2 c635 8010 .....PU{6.T..5..
48: 7d78 fc67 0000 0101 080a 2e85 d247 13e6 }x|g.........G..
64: 351a 5.
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 4 arrived at 0:33:40.46
ETHER: Packet size = 66 bytes
ETHER: Destination = 8:0:20:a1:58:dd, Sun
ETHER: Source = 0:30:f2:cb:40:78,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 52 bytes
IP: Identification = 44217
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 47 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 99e3
IP: Source address = 216.218.192.138, banana.he.net
IP: Destination address = 130.34.233.159, masamune
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 1547
TCP: Destination port = 80 (HTTP)
TCP: Sequence number = 1434138362
TCP: Acknowledgement number = 1424148021
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 32120
TCP: Checksum = 0xfc66
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 780522055, TS Echo = 333853978
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0800 20a1 58dd 0030 f2cb 4078 0800 4500 .. .X..0..@x..E.
16: 0034 acb9 4000 2f06 99e3 d8da c08a 8222 .4..@./........"
32: e99f 060b 0050 557b 36fa 54e2 c635 8011 .....PU{6.T..5..
48: 7d78 fc66 0000 0101 080a 2e85 d247 13e6 }x|f.........G..
64: 351a 5.
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 5 arrived at 0:33:40.46
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:30:f2:cb:40:78,
ETHER: Source = 8:0:20:a1:58:dd, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 52 bytes
IP: Identification = 4870
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 2697
IP: Source address = 130.34.233.159, masamune
IP: Destination address = 216.218.192.138, banana.he.net
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 80
TCP: Destination port = 1547
TCP: Sequence number = 1424148021
TCP: Acknowledgement number = 1434138363
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 24616
TCP: Checksum = 0x199a
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 333854007, TS Echo = 780522055
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0030 f2cb 4078 0800 20a1 58dd 0800 4500 .0..@x.. .X...E.
16: 0034 1306 4000 3c06 2697 8222 e99f d8da .4..@.<.&.."....
32: c08a 0050 060b 54e2 c635 557b 36fb 8010 ...P..T..5U{6{..
48: 6028 199a 0000 0101 080a 13e6 3537 2e85 `(..........57..
64: d247 .G
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 6 arrived at 0:33:40.46
ETHER: Packet size = 66 bytes
ETHER: Destination = 0:30:f2:cb:40:78,
ETHER: Source = 8:0:20:a1:58:dd, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 52 bytes
IP: Identification = 4871
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 2696
IP: Source address = 130.34.233.159, masamune
IP: Destination address = 216.218.192.138, banana.he.net
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 80
TCP: Destination port = 1547
TCP: Sequence number = 1424148021
TCP: Acknowledgement number = 1434138363
TCP: Data offset = 32 bytes
TCP: Flags = 0x11
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...1 = Fin
TCP: Window = 24616
TCP: Checksum = 0x1999
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 333854007, TS Echo = 780522055
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0030 f2cb 4078 0800 20a1 58dd 0800 4500 .0..@x.. .X...E.
16: 0034 1307 4000 3c06 2696 8222 e99f d8da .4..@.<.&.."....
32: c08a 0050 060b 54e2 c635 557b 36fb 8011 ...P..T..5U{6{..
48: 6028 1999 0000 0101 080a 13e6 3537 2e85 `(..........57..
64: d247 .G
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 7 arrived at 0:33:40.68
ETHER: Packet size = 66 bytes
ETHER: Destination = 8:0:20:a1:58:dd, Sun
ETHER: Source = 0:30:f2:cb:40:78,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 52 bytes
IP: Identification = 44333
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 47 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 996f
IP: Source address = 216.218.192.138, banana.he.net
IP: Destination address = 130.34.233.159, masamune
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 1547
TCP: Destination port = 80 (HTTP)
TCP: Sequence number = 1434138363
TCP: Acknowledgement number = 1424148022
TCP: Data offset = 32 bytes
TCP: Flags = 0x10
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 32120
TCP: Checksum = 0xfc32
TCP: Urgent pointer = 0
TCP: Options: (12 bytes)
TCP: - No operation
TCP: - No operation
TCP: - TS Val = 780522077, TS Echo = 333854007
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0800 20a1 58dd 0030 f2cb 4078 0800 4500 .. .X..0..@x..E.
16: 0034 ad2d 4000 2f06 996f d8da c08a 8222 .4.-@./..o....."
32: e99f 060b 0050 557b 36fb 54e2 c636 8010 .....PU{6{T..6..
48: 7d78 fc32 0000 0101 080a 2e85 d25d 13e6 }x|2.........]..
64: 3537 57