收到来自客户端大量rst(服务器没被墙)

连接和出现很多rst(来自客户端) 已关闭客户端防火墙，没有用更换端口，无用更换节点，无用服务器能ping通，ssh 服务端日志： [2023-02-10 10:55:02][INFO]run_command iptables -I udp2rawDwrW_d2320a9_C0 -j DROP [2023-02-10 10:55:02][INFO]run_command iptables -I INPUT -p tcp -m tcp --dport 64373 -j udp2rawDwrW_d2320a9_C0 [2023-02-10 10:55:02][WARN]auto added iptables rules [2023-02-10 10:55:02][INFO]we are running at lower-level (auto) mode [2023-02-10 10:55:02][INFO]now listening at 0.0.0.0:64373 [2023-02-10 10:55:06][INFO][223.102.220.117:27391]received syn,sent syn ack back [2023-02-10 10:55:06][WARN][223.102.220.117,27391]rst==1,cnt=1 [2023-02-10 10:55:07][INFO][223.102.220.117:27391]got packet from a new ip [2023-02-10 10:55:07][INFO][223.102.220.117:27391]created new conn,state: server_handshake1,my_id is d06003d7 [2023-02-10 10:55:07][INFO][223.102.220.117:27391]changed state to server_handshake1,my_id is d06003d7 [2023-02-10 10:55:07][WARN][223.102.220.117,27391]rst==1,cnt=1 [2023-02-10 10:55:07][INFO][223.102.220.117:27391]received handshake oppsite_id:b1de8d30 my_id:d06003d7 [2023-02-10 10:55:07][INFO][223.102.220.117:27391]oppsite const_id:ed1000d4 [2023-02-10 10:55:07][INFO][223.102.220.117:27391]changed state to server_ready [2023-02-10 10:55:07][WARN][223.102.220.117,27391]rst==1,cnt=2 [2023-02-10 10:55:08][WARN][223.102.220.117,27391]rst==1,cnt=3 [2023-02-10 10:55:09][WARN][223.102.220.117,27391]rst==1,cnt=4 [2023-02-10 10:55:10][WARN][223.102.220.117,27391]rst==1,cnt=5 [2023-02-10 10:55:10][WARN][223.102.220.117,27391]rst==1,cnt=6 [2023-02-10 10:55:11][WARN][223.102.220.117,27391]rst==1,cnt=7 [2023-02-10 10:55:12][WARN][223.102.220.117,27391]rst==1,cnt=8 [2023-02-10 10:55:13][WARN][223.102.220.117,27391]rst==1,cnt=9 [2023-02-10 10:55:14][WARN][223.102.220.117,27391]rst==1,cnt=10 [2023-02-10 10:55:14][WARN][223.102.220.117,27391]rst==1,cnt=11 [2023-02-10 10:55:15][WARN][223.102.220.117,27391]rst==1,cnt=12 [2023-02-10 10:55:16][WARN][223.102.220.117,27391]rst==1,cnt=13 [2023-02-10 10:55:17][WARN][223.102.220.117,27391]rst==1,cnt=14 [2023-02-10 10:55:18][WARN][223.102.220.117,27391]rst==1,cnt=15 >=max_rst_to_show, this log will be muted for current connection

客户端日志： using system32/wpcap.dll The Winsock 2.2 dll was found okay, _setmaxstdio() was set to 4000 [2023-02-10 18:48:33][INFO]argc=14 udp2raw_mp_wepoll.exe -c -l 127.0.0.1:34524 -r 45.144.137.133:64373 -k YIGDblnft1b2rHgDeaT99SvMHjIRIvG3tOAEKzSjmXAEjRUMof --cipher-mode xor --auth-mode simple --raw-mode faketcp [2023-02-10 18:48:33][INFO]parsing address: 127.0.0.1:34524 [2023-02-10 18:48:33][INFO]its an ipv4 adress [2023-02-10 18:48:33][INFO]ip_address is {127.0.0.1}, port is {34524} [2023-02-10 18:48:33][INFO]parsing address: 45.144.137.133:64373 [2023-02-10 18:48:33][INFO]its an ipv4 adress [2023-02-10 18:48:33][INFO]ip_address is {45.144.137.133}, port is {64373} [2023-02-10 18:48:33][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=xor auth_mode=simple key=YIGDblnft1b2rHgDeaT99SvMHjIRIvG3tOAEKzSjmXAEjRUMof local_addr=127.0.0.1:34524 remote_addr=45.144.137.133:64373 socket_buf_size=1048576 [2023-02-10 18:48:33][INFO]remote_ip=[45.144.137.133], make sure this is a vaild IP address [2023-02-10 18:48:33][INFO]constid:1fae1f11 [2023-02-10 18:48:33][INFO]--dev have not been set, trying to detect automatically, available devices: [2023-02-10 18:48:33][INFO]available device(device name: ip address ; description): \Device\NPF{18CAE620-5F7D-43DC-A3F4-3D55550BEB1B}: [no ip found]; WAN Miniport (Network Monitor) \Device\NPF{2D01F7D1-6DB3-4244-9991-646DD050F703}: [no ip found]; WAN Miniport (IPv6) \Device\NPF{B95A457B-54DC-4F34-9A05-CCF552EB68BF}: [no ip found]; WAN Miniport (IP) \Device\NPF{CC99E315-CE22-46A1-8753-AA487C578643}: [192.168.0.105] [fe80::8960:fe7a:bdd3:8001] [2409:8a15:4e22:bc90:8960:fe7a:bdd3:8001]; MediaTek Wi-Fi 6 MT7921 Wireless LAN Card \Device\NPF{CDB0A1B2-1D40-4DAD-B587-94A15956919C}: [169.254.130.197] [fe80::10b6:6bee:66b9:82c5]; Microsoft Wi-Fi Direct Virtual Adapter #2 \Device\NPF{0EA74FD7-653C-4616-B13E-22144BBABCFF}: [169.254.182.145] [fe80::cd4a:64a6:67e:b691]; Microsoft Wi-Fi Direct Virtual Adapter \Device\NPF{DF148B4B-87F6-4483-8026-38B97FE9B871}: [192.168.137.1] [fe80::a5f6:973e:2328:e1cd]; Hyper-V Virtual Ethernet Adapter \Device\NPFLoopback: [::1] [127.0.0.1]; Adapter for loopback traffic capture \Device\NPF{E3E6B066-6EEE-4473-84D2-239F887B6CC2}: [169.254.194.142] [fe80::2dba:5569:dab1:c28e]; Microsoft Failover Cluster Virtual Adapter \Device\NPF{C201C26D-DED4-403F-BF11-440D75C23330}: [169.254.215.165] [fe80::d578:3f1e:727e:d7a5]; Killer E2600 Gigabit Ethernet Controller [2023-02-10 18:48:33][INFO]using device:[\Device\NPF{CC99E315-CE22-46A1-8753-AA487C578643}], ip: [192.168.0.105] [2023-02-10 18:48:33][INFO]waiting for a use-able packet to be captured link level header captured:

<74><54><27><8e><8a><7d><9c><75><8><0> [2023-02-10 18:48:33][INFO]source_addr is now 192.168.0.105 [2023-02-10 18:48:33][INFO]using port 27787 [2023-02-10 18:48:33][INFO]filter expression is [ip and tcp and src 45.144.137.133 and src port 64373 and dst port 27787] [2023-02-10 18:48:33][INFO]breakloop() succeed after 1 attempt(s) [2023-02-10 18:48:33][INFO]state changed from client_idle to client_tcp_handshake [2023-02-10 18:48:33][INFO](re)sent tcp syn [2023-02-10 18:48:34][INFO]state changed from client_tcp_handshake to client_handshake1 [2023-02-10 18:48:34][INFO](re)sent handshake1 [2023-02-10 18:48:34][INFO]changed state from to client_handshake1 to client_handshake2,my_id is dd6eaa0f,oppsite id is fee5751e [2023-02-10 18:48:34][INFO](re)sent handshake2 [2023-02-10 18:48:34][INFO]changed state from to client_handshake2 to client_ready [2023-02-10 18:51:19][INFO]got sigint, exit C:\Users\Administrator\Documents\mp\wg2>udp2raw_mp_wepoll.exe -c -l 127.0.0.1:34524 -r 45.144.137.133:64373 -k YIGDblnft1b2rHgDeaT99SvMHjIRIvG3tOAEKzSjmXAEjRUMof --cipher-mode xor --auth-mode simple --raw-mode faketcp using system32/wpcap.dll The Winsock 2.2 dll was found okay, _setmaxstdio() was set to 4000 [2023-02-10 18:55:06][INFO]argc=14 udp2raw_mp_wepoll.exe -c -l 127.0.0.1:34524 -r 45.144.137.133:64373 -k YIGDblnft1b2rHgDeaT99SvMHjIRIvG3tOAEKzSjmXAEjRUMof --cipher-mode xor --auth-mode simple --raw-mode faketcp [2023-02-10 18:55:06][INFO]parsing address: 127.0.0.1:34524 [2023-02-10 18:55:06][INFO]its an ipv4 adress [2023-02-10 18:55:06][INFO]ip_address is {127.0.0.1}, port is {34524} [2023-02-10 18:55:06][INFO]parsing address: 45.144.137.133:64373 [2023-02-10 18:55:06][INFO]its an ipv4 adress [2023-02-10 18:55:06][INFO]ip_address is {45.144.137.133}, port is {64373} [2023-02-10 18:55:06][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=xor auth_mode=simple key=YIGDblnft1b2rHgDeaT99SvMHjIRIvG3tOAEKzSjmXAEjRUMof local_addr=127.0.0.1:34524 remote_addr=45.144.137.133:64373 socket_buf_size=1048576 [2023-02-10 18:55:06][INFO]remote_ip=[45.144.137.133], make sure this is a vaild IP address [2023-02-10 18:55:06][INFO]const_id:ed1000d4 [2023-02-10 18:55:06][INFO]--dev have not been set, trying to detect automatically, available devices: [2023-02-10 18:55:06][INFO]available device(device name: ip address ; description): \Device\NPF_{18CAE620-5F7D-43DC-A3F4-3D55550BEB1B}: [no ip found]; WAN Miniport (Network Monitor) \Device\NPF_{2D01F7D1-6DB3-4244-9991-646DD050F703}: [no ip found]; WAN Miniport (IPv6) \Device\NPF_{B95A457B-54DC-4F34-9A05-CCF552EB68BF}: [no ip found]; WAN Miniport (IP) \Device\NPF_{CC99E315-CE22-46A1-8753-AA487C578643}: [192.168.0.105] [fe80::8960:fe7a:bdd3:8001] [2409:8a15:4e22:bc90:8960:fe7a:bdd3:8001]; MediaTek Wi-Fi 6 MT7921 Wireless LAN Card \Device\NPF_{CDB0A1B2-1D40-4DAD-B587-94A15956919C}: [169.254.130.197] [fe80::10b6:6bee:66b9:82c5]; Microsoft Wi-Fi Direct Virtual Adapter #2 \Device\NPF_{0EA74FD7-653C-4616-B13E-22144BBABCFF}: [169.254.182.145] [fe80::cd4a:64a6:67e:b691]; Microsoft Wi-Fi Direct Virtual Adapter \Device\NPF_{DF148B4B-87F6-4483-8026-38B97FE9B871}: [192.168.137.1] [fe80::a5f6:973e:2328:e1cd]; Hyper-V Virtual Ethernet Adapter \Device\NPF_Loopback: [::1] [127.0.0.1]; Adapter for loopback traffic capture \Device\NPF_{E3E6B066-6EEE-4473-84D2-239F887B6CC2}: [169.254.194.142] [fe80::2dba:5569:dab1:c28e]; Microsoft Failover Cluster Virtual Adapter \Device\NPF_{C201C26D-DED4-403F-BF11-440D75C23330}: [169.254.215.165] [fe80::d578:3f1e:727e:d7a5]; Killer E2600 Gigabit Ethernet Controller [2023-02-10 18:55:06][INFO]using device:[\Device\NPF_{CC99E315-CE22-46A1-8753-AA487C578643}], ip: [192.168.0.105] [2023-02-10 18:55:06][INFO]waiting for a use-able packet to be captured link level header captured: <74><54><27><8e><8a><7d><9c><75><8><0> [2023-02-10 18:55:06][INFO]source_addr is now 192.168.0.105 [2023-02-10 18:55:06][INFO]using port 18230 [2023-02-10 18:55:06][INFO]filter expression is [ip and tcp and src 45.144.137.133 and src port 64373 and dst port 18230] [2023-02-10 18:55:06][INFO]breakloop() succeed after 1 attempt(s) [2023-02-10 18:55:06][INFO]state changed from client_idle to client_tcp_handshake [2023-02-10 18:55:06][INFO](re)sent tcp syn [2023-02-10 18:55:07][INFO]state changed from client_tcp_handshake to client_handshake1 [2023-02-10 18:55:07][INFO](re)sent handshake1 [2023-02-10 18:55:07][INFO]changed state from to client_handshake1 to client_handshake2,my_id is b1de8d30,oppsite id is d06003d7 [2023-02-10 18:55:07][INFO](re)sent handshake2 [2023-02-10 18:55:07][INFO]changed state from to client_handshake2 to client_ready [2023-02-10 18:55:19][INFO]got sigint, exit

wangyu- / udp2raw

收到来自客户端大量rst(服务器没被墙) #456