求助:linux系统被攻击了吗?
(2011-08-28 01:37:52)
标签:
杂谈
求助:linux系统被攻击了吗?今天检查系统日志的时候发现 dmesg 里面都是以下这样的信息:环境:
2.6.9-55.0.2.ELsmp提供http服务。TCP: drop open request from
59.56.108.143/1303printk: 167 messages suppressed.TCP: drop open
request from 219.133.48.219/38162printk: 33 messages
suppressed.TCP: drop open request from 69.64.63.215/40274printk: 88
messages suppressed.TCP: drop open request from
59.56.108.155/4660printk: 78 messages suppressed.TCP: drop open
request from 219.133.60.158/50246printk: 14 messages
suppressed.TCP: drop open request from 219.133.60.160/49610printk:
13 messages suppressed.TCP: drop open request from
208.70.75.182/53274printk: 12 messages suppressed.TCP: drop open
request from 87.242.116.205/1027printk: 2 messages suppressed.TCP:
drop open request from 222.233.52.159/4371TCP: drop open request
from 208.70.75.182/55518TCP: drop open request from
69.64.63.215/41656TCP: drop open request from
219.133.48.219/35311TCP: drop open request from
72.232.115.194/61726TCP: drop open request from
58.61.164.161/34891TCP: drop open request from
64.92.167.82/51102TCP: drop open request from
58.61.164.204/47418TCP: drop open request from
219.133.60.160/35263TCP: drop open request from
219.133.60.158/57734另外 /var/log/message
里面好多这样http://www.kti8tsite.info/gongsi/592.html的信息:Aug 13 03:03:07
soft kernel: printk: 72 messages suppressed.Aug 13 03:03:12 soft
kernel: printk: 49 messages suppressed.Aug 13 03:03:17 soft kernel:
printk: 44 messages suppressed.Aug 13 03:03:22 soft kernel: printk:
103 messages suppressed.Aug 13 03:03:27 soft kernel: printk: 48
messages suppressed.Aug 13 03:03:33 soft kernel: printk: 84
messages suppressed.Aug 13 03:03:37 soft kernel: printk: 39
messages suppressed.Aug 13 03:03:46 soft kernel: printk: 54
messages suppressed.[root@soft ~]# ps aux |grep httpd |wc
-l259但是里面有大量http://www.3goblog.info/jiaru/652.html的TIME_WAIT连接状态。[root@soft
~]# netstat -an |grep TIME_WAIT |wc
-l3961这么少的连接数http://www.k3today.info/guanyuwomen/639.html,冬宝阳光这么会有这么多的TIME_WAIT连接状态?故障现象是过5分钟httpd服务就不正常,网页打不开,重新启动后又可以了?小弟查了一些资料,最后都没有结果,哪位大哥能帮小弟看看,这是怎么回事?小弟先谢了!很有可能被攻击:em16:
:em16:
:em16:楼上兄弟能否说的详细点,谢谢!肯定是攻击,而且还是利用虚假IP攻击,你可以用Iptables进行一下拦截!楼上兄弟能否帮小弟分析下,从那些数据可以看出一些可疑的现
分享:
喜欢
0
赠金笔
加载中,请稍候......
评论加载中,请稍候...
发评论
登录名: 密码: 找回密码 注册记住登录状态
昵 称:
评论并转载此博文
发评论
以上网友发言只代表其个人观点,不代表新浪网的观点或立场。