V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
wangjiyueding
V2EX  ›  问与答

http 劫持请教

  •  
  •   wangjiyueding · 2019-01-04 11:02:13 +08:00 · 1292 次点击
    这是一个创建于 2135 天前的主题,其中的信息可能已经有所发展或是发生改变。

    昨晚,公司的好几个服务发现用 http 访问的时候,全部访问不了的, 公司的 ip 我以 123.123.123.123 ,域名以 www.test.com 代替,说下过程。 昨晚开发突然过来反馈说他们业务故障了, 说了因为 www.test.com 打开不了, 测试了一下,打开显示是找不到网页,线路是电信, 用 https 访问居然正常, 挂美国的 vps 访问也是正常的,联通 4G 访问也是正常, 现象为移动,和电信的线路无法访问 123.123.123.123 的 web 服务。 在服务器上用 curl 访问如下

    20190103_19:19:11[root@Tantu_wg_api ~]# curl  123.123.123.123 
    20190103_19:19:11curl: (56) Failure when receiving data from the peer
    20190103_19:19:31[root@Tantu_wg_api ~]# curl  -Hhost:www.test.com  192.168.10.1
    20190103_19:19:37{"status":200,"code":0,"msg":"OK, is api }
    [root@Tantu_wg_api ~]#
    20190103_19:19:41[root@Tantu_wg_api ~]# curl  -Hhost:api.tantu.
    20190103_19:19:51[root@Tantu_wg_api ~]# curl https://www.test.com -I
    20190103_19:19:51HTTP/1.1 200 OK
    

    走内网和 https 都没问题,走外网出去就报 56 的错误,服务器上开启日志,发现移动和电信的访问根本没进来,抓包后发现 3 次握手后连接就被重置了

    20190103_19:15:0319:15:04.394756 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [S], seq 3917553324, win 14600, options [mss 1460,sackOK,TS val 2842031732 ecr 0,nop,wscale 7], length 0
    20190103_19:15:0319:15:04.401524 IP 123.123.123.123.http > 192.168.64.130.33257: Flags [S.], seq 3931168778, ack 3917553325, win 14480, options [mss 1460,sackOK,TS val 1009545965 ecr 2842031732,nop,wscale 7], length 0
    20190103_19:15:0319:15:04.401552 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842031739 ecr 1009545965], length 0
    20190103_19:15:0319:15:04.401625 IP 192.168.64.130.33257 > 123.123.123.123.http: Flags [P.], seq 1:167, ack 1, win 115, options [nop,nop,TS val 2842031739 ecr 1009545965], length 166
    20190103_19:15:0319:15:04.408249 IP 123.123.123.123.http > 192.168.64.130.33257: Flags [R], seq 3931168779, win 0, length 0
    20190103_19:15:0419:15:05.452281 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [S], seq 3591611786, win 14600, options [mss 1460,sackOK,TS val 2842032790 ecr 0,nop,wscale 7], length 0
    20190103_19:15:0419:15:05.459026 IP 123.123.123.123.http > 192.168.64.130.33317: Flags [S.], seq 1471399763, ack 3591611787, win 14480, options [mss 1460,sackOK,TS val 1009547023 ecr 2842032790,nop,wscale 7], length 0
    20190103_19:15:0419:15:05.459031 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842032797 ecr 1009547023], length 0
    20190103_19:15:0419:15:05.459129 IP 192.168.64.130.33317 > 123.123.123.123.http: Flags [P.], seq 1:703, ack 1, win 115, options [nop,nop,TS val 2842032797 ecr 1009547023], length 702
    20190103_19:15:0419:15:05.465569 IP 123.123.123.123.http > 192.168.64.130.33317: Flags [R], seq 1471399764, win 0, length 0
    20190103_19:15:0519:15:06.700367 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [S], seq 99677139, win 14600, options [mss 1460,sackOK,TS val 2842034038 ecr 0,nop,wscale 7], length 0
    20190103_19:15:0519:15:06.707523 IP 123.123.123.123.http > 192.168.64.130.33478: Flags [S.], seq 3754760549, ack 99677140, win 14480, options [mss 1460,sackOK,TS val 1009548272 ecr 2842034038,nop,wscale 7], length 0
    20190103_19:15:0519:15:06.707529 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [.], ack 1, win 115, options [nop,nop,TS val 2842034045 ecr 1009548272], length 0
    20190103_19:15:0519:15:06.707607 IP 192.168.64.130.33478 > 123.123.123.123.http: Flags [P.], seq 1:226, ack 1, win 115, options [nop,nop,TS val 2842034045 ecr 1009548272], length 225
    20190103_19:15:0519:15:06.714797 IP 123.123.123.123.http > 192.168.64.130.33478: Flags [R], seq 3754760550, win 0, length 0
    20190103_19:15:10
    

    这种是不是就是 http 劫持呀? 这种是怎么做到的,而且过了不到一个小时就自己好了, 是运营商网络问题导致的, 移动和电信发给 123.123.123.123 的包没有到达?

    目前尚无回复
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2772 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 42ms · UTC 02:00 · PVG 10:00 · LAX 18:00 · JFK 21:00
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.