도와주세요! 공유기가 밤마다 DDoS 를 당하고있습니다!

왠지는 모르겠지만…. 지난주쯤 부터 매일밤 10시~10시 30분 사이에 수십분 동안 엄청난 양의 포트스캔을 당하고있습니다….

때문에 해당 시간 사이에는 인터넷 사용을 거의 못합니다…. (너무 느려서요!!)

우선 공격자 IP 가 KT 쪽으로 특정이 되어서요, 고객센터에 문의해서 해당 IP 사용 정지 해달라고 요청할 셈이긴하지만,

뭔가 공격자가 괘씸해서 합의금이라도 받아내보고싶네요.

혹시 관련해서 경험 있으신분 계신가요?

공익을 위해 공격자 IP 가 노출된 공격 패킷 드랍되는 로그도 같이 올립니다

Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=18686 PROTO=TCP SPT=40033 DPT=33630 SEQ=2774734265 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=37971 PROTO=TCP SPT=40033 DPT=37935 SEQ=405724773 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=53795 PROTO=TCP SPT=40017 DPT=35648 SEQ=3253045114 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=21809 PROTO=TCP SPT=40033 DPT=15547 SEQ=1741993875 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=25478 PROTO=TCP SPT=40017 DPT=18359 SEQ=3465345576 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=45639 PROTO=TCP SPT=40017 DPT=23184 SEQ=2848667342 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=29590 PROTO=TCP SPT=40017 DPT=52987 SEQ=3033883508 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=7848 PROTO=TCP SPT=40033 DPT=35103 SEQ=1160202670 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=26200 PROTO=TCP SPT=40033 DPT=31335 SEQ=14860838 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=64916 PROTO=TCP SPT=40017 DPT=30091 SEQ=430986758 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=44799 PROTO=TCP SPT=40017 DPT=32718 SEQ=244453160 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=61009 PROTO=TCP SPT=40033 DPT=51571 SEQ=608303419 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=59466 PROTO=TCP SPT=40017 DPT=15140 SEQ=2737638775 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=22839 PROTO=TCP SPT=40017 DPT=18247 SEQ=3188244585 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=51444 PROTO=TCP SPT=40017 DPT=64300 SEQ=1592716737 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=57333 PROTO=TCP SPT=40033 DPT=21710 SEQ=1279087906 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=15797 PROTO=TCP SPT=40017 DPT=64127 SEQ=3989051859 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=2876 PROTO=TCP SPT=40017 DPT=34556 SEQ=2677429209 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=319 PROTO=TCP SPT=40033 DPT=10746 SEQ=1476196060 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=29845 PROTO=TCP SPT=40017 DPT=26438 SEQ=3643723210 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=38594 PROTO=TCP SPT=40017 DPT=28428 SEQ=4102760407 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=19287 PROTO=TCP SPT=40033 DPT=32615 SEQ=1678895657 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:28 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=44711 PROTO=TCP SPT=40017 DPT=21094 SEQ=1306993368 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=47248 PROTO=TCP SPT=40033 DPT=37564 SEQ=4221039669 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=10033 PROTO=TCP SPT=40017 DPT=15874 SEQ=3045181226 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=26705 PROTO=TCP SPT=40033 DPT=2793 SEQ=3663051937 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=5779 PROTO=TCP SPT=40017 DPT=43563 SEQ=471949985 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=9989 PROTO=TCP SPT=40033 DPT=194 SEQ=55704030 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=36313 PROTO=TCP SPT=40033 DPT=10515 SEQ=2924968659 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=16367 PROTO=TCP SPT=40033 DPT=44107 SEQ=1087917501 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=59325 PROTO=TCP SPT=40033 DPT=47434 SEQ=2390065390 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=24107 PROTO=TCP SPT=40033 DPT=41331 SEQ=2266505537 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=64640 PROTO=TCP SPT=40033 DPT=58170 SEQ=3055731107 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=59508 PROTO=TCP SPT=40017 DPT=52192 SEQ=628424077 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=7175 PROTO=TCP SPT=40033 DPT=57362 SEQ=1427644940 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=31285 PROTO=TCP SPT=40033 DPT=4273 SEQ=2155525277 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=64608 PROTO=TCP SPT=40033 DPT=45844 SEQ=4256403821 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=14073 PROTO=TCP SPT=40017 DPT=40122 SEQ=2632021082 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=26956 PROTO=TCP SPT=40017 DPT=36281 SEQ=970472172 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=15386 PROTO=TCP SPT=40033 DPT=63355 SEQ=299570552 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 
Feb 18 22:29:29 kernel: DROP IN=eth0 OUT= MAC=*** SRC=220.94.228.162 DST=*** LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=37845 PROTO=TCP SPT=40033 DPT=21758 SEQ=2181830962 ACK=0 WINDOW=1025 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000 

공유기의 MAC 주소를 바꾸세요. 바로 사용중인 IP가 바뀝니다. DHCP Lease가 끝난 다음에 그 IP를 다른 사용자가 할당받을 경우도 IP가 바뀌긴 하는데 일단 이게 직빵입니다.

SYN 스캔 하는거 같아 보이네요

상대방쪽 ip 가진 서버가 털려서 스캔 용도로 사용되는 경우도 있어서 합의금 같은건 힘드시지 않을까 해요

통신사쪽에 해당 ip 로부터 오는 패킷들을 null 처리 되는지도 한번 문의해보셔도 좋겠어요

보통 공유기로는 아이피 확인이 잘 안되서 잘 안들어오는데 혹시 집에서 공인ip 로 서비스 여시는게 있으신걸까요?

합의금 받아낼 수 있었으면 DDoS 자체가 없어졌을겁니다.ㅠ

헐. 좋은 아이디어에요. 제안 감사합니다!

좀비PC인 건가요 ㄷㄷ