【发布时间】:2015-09-29 19:36:59
【问题描述】:
网络统计:
ubuntu@ip-172-31-60-232:/$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 187 ip-172-31-60-232.:51044 unknown.prolexic.c:http ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51045 unknown.prolexic.c:http ESTABLISHED
tcp 0 0 ip-172-31-60-232.ec:ssh rrcs-71-43-133-18:50725 ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51048 unknown.prolexic.c:http ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51046 unknown.prolexic.c:http ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51047 unknown.prolexic.c:http ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51050 unknown.prolexic.c:http ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51049 unknown.prolexic.c:http ESTABLISHED
tcp 0 187 ip-172-31-60-232.:51043 unknown.prolexic.c:http ESTABLISHED
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:45931 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:43103 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:46224 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:51975 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:45529 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:52326 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:46529 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:35851 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:42878 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:44822 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:45080 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:51681 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.199-s:54884 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.8.68.54-stati:53652 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:51548 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.8.68.54-stati:39783 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.199-s:58173 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:45439 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.199-s:55093 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:46086 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:46085 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.199-s:35563 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:45901 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:45727 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.199-s:52116 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.196-s:46065 CLOSE_WAIT
tcp6 0 0 ip-172-31-60-232.e:http 159.122.120.199-s:45937 CLOSE_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 8617 /var/spool/postfix/dev/log
unix 9 [ ] DGRAM 8615 /dev/log
unix 3 [ ] STREAM CONNECTED 101130 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 101043 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9394
unix 3 [ ] STREAM CONNECTED 100999 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9448
unix 3 [ ] STREAM CONNECTED 101072 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9409
unix 3 [ ] STREAM CONNECTED 100993 /var/run/mysqld/mysqld.sock
unix 2 [ ] DGRAM 8862
unix 3 [ ] STREAM CONNECTED 101134
unix 3 [ ] STREAM CONNECTED 101083
unix 3 [ ] STREAM CONNECTED 101054 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9450
unix 3 [ ] STREAM CONNECTED 8571
unix 3 [ ] STREAM CONNECTED 101000
unix 2 [ ] DGRAM 35035
unix 3 [ ] STREAM CONNECTED 9436
unix 3 [ ] STREAM CONNECTED 101112 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 7997
unix 3 [ ] STREAM CONNECTED 9385
unix 3 [ ] STREAM CONNECTED 9438
unix 3 [ ] STREAM CONNECTED 9387
unix 3 [ ] STREAM CONNECTED 101049 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9442
unix 3 [ ] STREAM CONNECTED 9414
unix 3 [ ] STREAM CONNECTED 13189
unix 3 [ ] STREAM CONNECTED 9457
unix 3 [ ] STREAM CONNECTED 9453
unix 3 [ ] STREAM CONNECTED 9405
unix 3 [ ] STREAM CONNECTED 100996
unix 3 [ ] STREAM CONNECTED 9444
unix 3 [ ] STREAM CONNECTED 9396
unix 3 [ ] STREAM CONNECTED 8519
unix 3 [ ] STREAM CONNECTED 101117
unix 3 [ ] DGRAM 7633
unix 3 [ ] STREAM CONNECTED 101001 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9375
unix 3 [ ] STREAM CONNECTED 101111
unix 3 [ ] STREAM CONNECTED 9412
unix 3 [ ] STREAM CONNECTED 9430
unix 3 [ ] STREAM CONNECTED 101129
unix 3 [ ] STREAM CONNECTED 101045 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9432
unix 3 [ ] STREAM CONNECTED 7593 @/com/ubuntu/upstart
unix 3 [ ] STREAM CONNECTED 100997 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9415
unix 3 [ ] STREAM CONNECTED 100995 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 100986
unix 3 [ ] STREAM CONNECTED 13190
unix 3 [ ] STREAM CONNECTED 101113
unix 3 [ ] STREAM CONNECTED 9374
unix 3 [ ] STREAM CONNECTED 101046
unix 3 [ ] STREAM CONNECTED 9371
unix 3 [ ] STREAM CONNECTED 101115
unix 3 [ ] STREAM CONNECTED 8639
unix 3 [ ] STREAM CONNECTED 9418
unix 3 [ ] STREAM CONNECTED 9370
unix 2 [ ] DGRAM 8619
unix 3 [ ] STREAM CONNECTED 9420
unix 3 [ ] STREAM CONNECTED 101108 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 101071
unix 3 [ ] STREAM CONNECTED 101062 /var/run/mysqld/mysqld.sock
unix 3 [ ] DGRAM 7634
unix 3 [ ] STREAM CONNECTED 101135 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 101119
unix 3 [ ] STREAM CONNECTED 9377
unix 3 [ ] STREAM CONNECTED 9426
unix 3 [ ] STREAM CONNECTED 9424
unix 3 [ ] STREAM CONNECTED 101044
unix 3 [ ] STREAM CONNECTED 9445
unix 3 [ ] STREAM CONNECTED 8567
unix 3 [ ] STREAM CONNECTED 9378
unix 3 [ ] STREAM CONNECTED 100987 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 101120 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9447
unix 3 [ ] STREAM CONNECTED 100994
unix 3 [ ] STREAM CONNECTED 9451
unix 3 [ ] STREAM CONNECTED 8572 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 101084 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9381
unix 3 [ ] STREAM CONNECTED 9403
unix 3 [ ] STREAM CONNECTED 101048
unix 3 [ ] STREAM CONNECTED 9391
unix 3 [ ] STREAM CONNECTED 100998
unix 3 [ ] STREAM CONNECTED 101068 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9382
unix 3 [ ] STREAM CONNECTED 101078 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 13197 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8008 @/com/ubuntu/upstart
unix 3 [ ] STREAM CONNECTED 100990
unix 3 [ ] STREAM CONNECTED 9411
unix 3 [ ] STREAM CONNECTED 9384
unix 2 [ ] DGRAM 9468
unix 3 [ ] STREAM CONNECTED 101109
unix 2 [ ] DGRAM 9463
unix 3 [ ] STREAM CONNECTED 9439
unix 3 [ ] STREAM CONNECTED 8640 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9406
unix 3 [ ] STREAM CONNECTED 100989 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9441
unix 3 [ ] STREAM CONNECTED 9400
unix 3 [ ] STREAM CONNECTED 8568
unix 3 [ ] STREAM CONNECTED 9456
unix 3 [ ] STREAM CONNECTED 9388
unix 3 [ ] STREAM CONNECTED 9408
unix 3 [ ] STREAM CONNECTED 101047 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 101110 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9454
unix 3 [ ] STREAM CONNECTED 9390
unix 3 [ ] STREAM CONNECTED 9402
unix 3 [ ] STREAM CONNECTED 9397
unix 3 [ ] STREAM CONNECTED 9367
unix 3 [ ] STREAM CONNECTED 101107
unix 3 [ ] STREAM CONNECTED 9427
unix 3 [ ] STREAM CONNECTED 100988
unix 3 [ ] STREAM CONNECTED 101077
unix 3 [ ] STREAM CONNECTED 9429
unix 3 [ ] STREAM CONNECTED 101114 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 101042
unix 2 [ ] DGRAM 12906
unix 3 [ ] STREAM CONNECTED 13196
unix 3 [ ] STREAM CONNECTED 9435
unix 3 [ ] STREAM CONNECTED 9433
unix 3 [ ] STREAM CONNECTED 101067
unix 2 [ ] DGRAM 9344
unix 3 [ ] STREAM CONNECTED 7582
unix 3 [ ] STREAM CONNECTED 101118 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9417
unix 3 [ ] STREAM CONNECTED 101053
unix 3 [ ] STREAM CONNECTED 8545 @/com/ubuntu/upstart
unix 3 [ ] STREAM CONNECTED 9421
unix 3 [ ] STREAM CONNECTED 9399
unix 3 [ ] STREAM CONNECTED 100991 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9393
unix 3 [ ] STREAM CONNECTED 101061
unix 3 [ ] STREAM CONNECTED 9423
unix 3 [ ] STREAM CONNECTED 100992
unix 3 [ ] STREAM CONNECTED 101116 /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 9368
ubuntu@ip-172-31-60-232:/$
我相信有人正在破坏我的服务器
我认为 IP 159.122.120.196 是罪魁祸首,但我不完全确定。我的服务器现在已重新打开。这不是我的专业领域,所以您能给我的任何指导将不胜感激。
【问题讨论】:
-
不要让 netstat 为您解析地址。您无法知道如何解释那些看起来像地址的主机名,但您不知道它们是否正确,并且某些反向 DNS 条目会颠倒八位字节的顺序。请改用
netstat -n。
标签: amazon-ec2 netstat ddos