这里就简单说说这个流量跑高。
首先我从cacti 中监控到了一台放在机房的服务器流量异常,何为异常这里说一下:本身这台服务器交换机中限制带宽为两兆峰值,而他却可以跑到100M,按正常情况来说,当你的服务器流量跑满的时候,你的机器会很卡、远程连接会掉线或者根本连不上,所以正常流量来看,是绝对不会跑到100M的,所以这叫流量异常。下面给大家看一下图:
一、
那么当我发现异常后,我就查资料表找出这台机器的IP地址还有系统信息等等。
最终判定这是一台CentOS 5.4 密码为数字加大小写。以下是我查看到的一些信息:
[root@aaa ~]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
## 这是防火墙规则
[root@aaa ~]# netstat -anptActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:60003 0.0.0.0:* LISTEN 3552/cupsdd
tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN 2569/Xvnc
tcp 0 0 0.0.0.0:5802 0.0.0.0:* LISTEN 2613/Xvnc
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2506/mysqld
tcp 0 0 0.0.0.0:14379 0.0.0.0:* LISTEN 3516/ora_d000_thdb
tcp 0 0 0.0.0.0:5803 0.0.0.0:* LISTEN 2674/Xvnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 2569/Xvnc
tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 2613/Xvnc
tcp 0 0 0.0.0.0:5903 0.0.0.0:* LISTEN 2674/Xvnc
tcp 0 0 119.57.51.103:80 221.209.56.114:27808 SYN_RECV -
tcp 0 0 119.57.51.103:80 221.209.56.114:27807 SYN_RECV -
tcp 0 0 119.57.51.103:80 206.217.132.75:2229 SYN_RECV -
tcp 0 0 119.57.51.103:80 121.232.7.242:51370 SYN_RECV -
tcp 0 0 119.57.51.103:80 182.185.216.13:53534 SYN_RECV -
tcp 0 0 119.57.51.103:80 111.161.23.92:37697 SYN_RECV -
tcp 0 0 119.57.51.103:80 157.55.35.96:18323 SYN_RECV -
tcp 0 0 119.57.51.103:80 125.39.163.95:30525 SYN_RECV -
tcp 0 0 119.57.51.103:80 183.3.87.80:51903 SYN_RECV -
tcp 0 0 119.57.51.103:80 221.209.56.114:27806 SYN_RECV -
tcp 0 0 119.57.51.103:80 221.209.56.114:27809 SYN_RECV -
tcp 0 0 0.0.0.0:1521 0.0.0.0:* LISTEN 3426/tnslsnr
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 2569/Xvnc
tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 2613/Xvnc
tcp 0 0 0.0.0.0:6003 0.0.0.0:* LISTEN 2674/Xvnc
tcp 0 1 127.0.0.1:50865 127.0.0.1:1521 SYN_SENT 3494/ora_pmon_thdb
tcp 0 0 119.57.51.103:32005 202.103.178.76:10991 ESTABLISHED 3648/atdd
tcp 0 0 119.57.51.103:32007 202.103.178.76:10991 ESTABLISHED 4059/atdd
tcp 0 0 119.57.51.103:32006 202.103.178.76:10991 ESTABLISHED 3760/atdd
tcp 0 0 119.57.51.103:32008 202.103.178.76:10991 ESTABLISHED 3881/atdd
tcp 0 0 119.57.51.103:32011 202.103.178.76:10991 ESTABLISHED 4472/atdd
tcp 0 0 119.57.51.103:32012 202.103.178.76:10991 ESTABLISHED 4300/atdd
tcp 0 0 119.57.51.103:32015 202.103.178.76:10991 ESTABLISHED 4617/atdd
tcp 0 0 119.57.51.103:32014 202.103.178.76:10991 ESTABLISHED 4198/atdd
tcp 0 0 119.57.51.103:64255 121.12.110.96:10991 ESTABLISHED 3558/ksapd
tcp 0 0 119.57.51.103:64259 121.12.110.96:10991 ESTABLISHED 3832/ksapd
tcp 0 0 119.57.51.103:64258 121.12.110.96:10991 ESTABLISHED 3652/ksapd
tcp 0 0 119.57.51.103:64257 121.12.110.96:10991 ESTABLISHED 4527/ksapd
tcp 0 1 119.57.51.103:51903 112.90.252.76:10991 SYN_SENT 4544/kysapd
tcp 0 1 119.57.51.103:51902 112.90.252.76:10991 SYN_SENT 4365/kysapd
tcp 0 1 119.57.51.103:51901 112.90.252.76:10991 SYN_SENT 4291/kysapd
tcp 0 1 119.57.51.103:51900 112.90.252.76:10991 SYN_SENT 3978/kysapd
tcp 0 1 119.57.51.103:51899 112.90.252.76:10991 SYN_SENT 3878/kysapd
tcp 0 1 119.57.51.103:51898 112.90.252.76:10991 SYN_SENT 4154/kysapd
tcp 0 1 119.57.51.103:51897 112.90.252.76:10991 SYN_SENT 3709/kysapd
tcp 0 1 119.57.51.103:51896 112.90.252.76:10991 SYN_SENT 3604/kysapd
tcp 0 1 127.0.0.1:5369 127.0.0.1:6113 SYN_SENT 3426/tnslsnr
tcp 0 0 :::80 :::* LISTEN 2879/httpd
tcp 0 0 :::6001 :::* LISTEN 2569/Xvnc
tcp 0 0 :::6002 :::* LISTEN 2613/Xvnc
tcp 0 0 :::6003 :::* LISTEN 2674/Xvnc
tcp 0 0 :::22 :::* LISTEN 2448/sshd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:57650 TIME_WAIT -
tcp 0 64 ::ffff:119.57.51.103:22 ::ffff:119.57.180.130:46177 ESTABLISHED 6691/sshd: root@not
tcp 0 29866 ::ffff:119.57.51.103:80 ::ffff:157.55.32.154:24818 FIN_WAIT1 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:14554 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:13526 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:180.173.86.128:1107 TIME_WAIT -
tcp 0 6692 ::ffff:119.57.51.103:22 ::ffff:114.250.249.21:56821 ESTABLISHED 7269/0
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.211:10424 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.190.138.140:35502 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59613 FIN_WAIT2 7271/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59615 ESTABLISHED 7506/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59614 FIN_WAIT2 7507/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59611 FIN_WAIT2 7505/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:183.60.214.28:55574 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.109:46068 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:63141 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:11155 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.127:54739 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:15706 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59617 FIN_WAIT2 7509/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59616 FIN_WAIT2 7508/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:13094 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.28.30:29387 TIME_WAIT -
tcp 0 1 ::ffff:119.57.51.103:80 ::ffff:125.39.172.32:37149 LAST_ACK -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:56558 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:13315 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:81.91.9.160:57503 FIN_WAIT2 -