결재포트로 DDOS 공격

DDOS 공격 패킷

E..4.G@.7...p..M.w...v.P...V........................ 02:50:17.042705 IP 59.xx.xx.103.1827 > 211.xx.xx.12.80: P 1:1262(1261) ack 1 win 65535 ;..g.w...#.P.....di.P.......POST /Web/regist/type5/hp_payone/Deliver.php3 HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, */* Referer: http://도메인/Web/regist/type5/hp_payone/Ready.php3 Accept-Language: ko User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: 도메인 Connection: close Cache-Control: no-cache Cookie: rec_id=naver1; samm[1]=5; samm[2]=3; samm[3]=6; samm[4]=1; samm[5]=4; samm[6]=2; img_cnt1=3; title_cnt1=11 Content-Length: 433

위와 같은 공격은 웹서버가 SYN 패킷에 대한 응답이 결재사 서버의 결재페이지를 공격함

공격에 대한 결과는 고객서버에서 결재서버쪽으로 다량의 패킷 발생

결재서버에서 해당 고객아이피를 차단함으로써 결재가 안되는 문제 발생함