linux-流量異常高怎麼處理

原創 tuolzb 2020-03-30 15:30

這裏就簡單說說這個流量跑高。

  首先我從cacti 中監控到了一臺放在機房的服務器流量異常,何爲異常這裏說一下:本身這臺服務器交換機中限制帶寬爲兩兆峯值,而他卻可以跑到100M,按正常情況來說,當你的服務器流量跑滿的時候,你的機器會很卡、遠程連接會掉線或者根本連不上,所以正常流量來看,是絕對不會跑到100M的,所以這叫流量異常。下面給大家看一下圖:

一、  

那麼當我發現異常後,我就查資料表找出這臺機器的IP地址還有系統信息等等。

  最終判定這是一臺CentOS 5.4 密碼爲數字加大小寫。以下是我查看到的一些信息:

[root@aaa ~]# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 這是防火牆規則

[root@aaa ~]# netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:60003               0.0.0.0:                   LISTEN      3552/cupsdd
tcp        0      0 0.0.0.0:5801                0.0.0.0:                   LISTEN      2569/Xvnc
tcp        0      0 0.0.0.0:5802                0.0.0.0:                   LISTEN      2613/Xvnc
tcp        0      0 0.0.0.0:3306                0.0.0.0:                   LISTEN      2506/mysqld
tcp        0      0 0.0.0.0:14379               0.0.0.0:                   LISTEN      3516/ora_d000_thdb
tcp        0      0 0.0.0.0:5803                0.0.0.0:                   LISTEN      2674/Xvnc
tcp        0      0 0.0.0.0:5901                0.0.0.0:                   LISTEN      2569/Xvnc
tcp        0      0 0.0.0.0:5902                0.0.0.0:                   LISTEN      2613/Xvnc
tcp        0      0 0.0.0.0:5903                0.0.0.0:                   LISTEN      2674/Xvnc
tcp        0      0 119.57.51.103:80            221.209.56.114:27808        SYN_RECV    -
tcp        0      0 119.57.51.103:80            221.209.56.114:27807        SYN_RECV    -
tcp        0      0 119.57.51.103:80            206.217.132.75:2229         SYN_RECV    -
tcp        0      0 119.57.51.103:80            121.232.7.242:51370         SYN_RECV    -
tcp        0      0 119.57.51.103:80            182.185.216.13:53534        SYN_RECV    -
tcp        0      0 119.57.51.103:80            111.161.23.92:37697         SYN_RECV    -
tcp        0      0 119.57.51.103:80            157.55.35.96:18323          SYN_RECV    -
tcp        0      0 119.57.51.103:80            125.39.163.95:30525         SYN_RECV    -
tcp        0      0 119.57.51.103:80            183.3.87.80:51903           SYN_RECV    -
tcp        0      0 119.57.51.103:80            221.209.56.114:27806        SYN_RECV    -
tcp        0      0 119.57.51.103:80            221.209.56.114:27809        SYN_RECV    -
tcp        0      0 0.0.0.0:1521                0.0.0.0:                   LISTEN      3426/tnslsnr
tcp        0      0 0.0.0.0:6001                0.0.0.0:                   LISTEN      2569/Xvnc
tcp        0      0 0.0.0.0:6002                0.0.0.0:                   LISTEN      2613/Xvnc
tcp        0      0 0.0.0.0:6003                0.0.0.0:*                   LISTEN      2674/Xvnc
tcp        0      1 127.0.0.1:50865             127.0.0.1:1521              SYN_SENT    3494/ora_pmon_thdb
tcp        0      0 119.57.51.103:32005         202.103.178.76:10991        ESTABLISHED 3648/atdd
tcp        0      0 119.57.51.103:32007         202.103.178.76:10991        ESTABLISHED 4059/atdd
tcp        0      0 119.57.51.103:32006         202.103.178.76:10991        ESTABLISHED 3760/atdd
tcp        0      0 119.57.51.103:32008         202.103.178.76:10991        ESTABLISHED 3881/atdd
tcp        0      0 119.57.51.103:32011         202.103.178.76:10991        ESTABLISHED 4472/atdd
tcp        0      0 119.57.51.103:32012         202.103.178.76:10991        ESTABLISHED 4300/atdd
tcp        0      0 119.57.51.103:32015         202.103.178.76:10991        ESTABLISHED 4617/atdd
tcp        0      0 119.57.51.103:32014         202.103.178.76:10991        ESTABLISHED 4198/atdd
tcp        0      0 119.57.51.103:64255         121.12.110.96:10991         ESTABLISHED 3558/ksapd
tcp        0      0 119.57.51.103:64259         121.12.110.96:10991         ESTABLISHED 3832/ksapd
tcp        0      0 119.57.51.103:64258         121.12.110.96:10991         ESTABLISHED 3652/ksapd
tcp        0      0 119.57.51.103:64257         121.12.110.96:10991         ESTABLISHED 4527/ksapd
tcp        0      1 119.57.51.103:51903         112.90.252.76:10991         SYN_SENT    4544/kysapd
tcp        0      1 119.57.51.103:51902         112.90.252.76:10991         SYN_SENT    4365/kysapd
tcp        0      1 119.57.51.103:51901         112.90.252.76:10991         SYN_SENT    4291/kysapd
tcp        0      1 119.57.51.103:51900         112.90.252.76:10991         SYN_SENT    3978/kysapd
tcp        0      1 119.57.51.103:51899         112.90.252.76:10991         SYN_SENT    3878/kysapd
tcp        0      1 119.57.51.103:51898         112.90.252.76:10991         SYN_SENT    4154/kysapd
tcp        0      1 119.57.51.103:51897         112.90.252.76:10991         SYN_SENT    3709/kysapd
tcp        0      1 119.57.51.103:51896         112.90.252.76:10991         SYN_SENT    3604/kysapd
tcp        0      1 127.0.0.1:5369              127.0.0.1:6113              SYN_SENT    3426/tnslsnr
tcp        0      0 :::80                       :::                        LISTEN      2879/httpd
tcp        0      0 :::6001                     :::                        LISTEN      2569/Xvnc
tcp        0      0 :::6002                     :::                        LISTEN      2613/Xvnc
tcp        0      0 :::6003                     :::                        LISTEN      2674/Xvnc
tcp        0      0 :::22                       :::*                        LISTEN      2448/sshd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.34.74:57650   TIME_WAIT   -
tcp        0     64 ::ffff:119.57.51.103:22     ::ffff:119.57.180.130:46177 ESTABLISHED 6691/sshd: root@not
tcp        0  29866 ::ffff:119.57.51.103:80     ::ffff:157.55.32.154:24818  FIN_WAIT1   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:218.106.154.11:14554 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:218.106.154.11:13526 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:180.173.86.128:1107  TIME_WAIT   -
tcp        0   6692 ::ffff:119.57.51.103:22     ::ffff:114.250.249.21:56821 ESTABLISHED 7269/0
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:182.118.19.211:10424 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.190.138.140:35502 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:221.224.14.222:59613 FIN_WAIT2   7271/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:221.224.14.222:59615 ESTABLISHED 7506/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:221.224.14.222:59614 FIN_WAIT2   7507/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:221.224.14.222:59611 FIN_WAIT2   7505/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:183.60.214.28:55574  TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:182.118.19.109:46068 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.34.74:63141   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.34.74:11155   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:182.118.19.127:54739 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:218.106.154.11:15706 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:221.224.14.222:59617 FIN_WAIT2   7509/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:221.224.14.222:59616 FIN_WAIT2   7508/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:218.106.154.11:13094 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:182.118.28.30:29387  TIME_WAIT   -
tcp        0      1 ::ffff:119.57.51.103:80     ::ffff:125.39.172.32:37149  LAST_ACK    -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.34.74:56558   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:218.106.154.11:13315 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:81.91.9.160:57503    FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:81.91.9.160:57499    FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:183.60.213.114:45041 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30624 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:182.118.21.34:16701  ESTABLISHED 7450/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30626 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30627 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30628 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30620 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.35.96:58678   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:206.217.132.75:2132  FIN_WAIT2   7276/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.35.96:50474   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:61.55.192.181:3096   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:61.55.192.181:3095   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:61.55.192.181:3094   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:61.55.192.181:3093   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:81.91.9.160:57505    FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.35.96:64322   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:182.118.19.84:61477  TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8203     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8200     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8204     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8218     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30754 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8211     TIME_WAIT   -
tcp        0  37440 ::ffff:119.57.51.103:80     ::ffff:118.250.130.121:7924 ESTABLISHED 6929/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8210     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:157.55.35.96:38531   TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8214     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8213     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:49.81.2.181:8212     TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:9503 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:9504 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:61.55.192.181:3231   FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:61.55.192.181:3230   FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:110.177.0.129:60133  ESTABLISHED 7518/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:110.177.0.129:60132  ESTABLISHED 7512/httpd
tcp        0  21900 ::ffff:119.57.51.103:80     ::ffff:157.55.33.50:48368   ESTABLISHED 7514/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:9530 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:110.177.0.129:60134  ESTABLISHED 7442/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:110.177.0.129:60129  ESTABLISHED 7516/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:9532 FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:110.177.0.129:60131  ESTABLISHED 7517/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:110.177.0.129:60130  ESTABLISHED 7519/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:9543 TIME_WAIT   -
tcp        0      1 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:8519 LAST_ACK    -
tcp        0      1 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:8520 LAST_ACK    -
tcp        0      1 ::ffff:119.57.51.103:80     ::ffff:111.164.196.141:8521 LAST_ACK    -
tcp        0   2602 ::ffff:119.57.51.103:80     ::ffff:157.55.35.96:12748   FIN_WAIT1   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:121.232.7.242:51371  TIME_WAIT   -
tcp        0   1331 ::ffff:119.57.51.103:80     ::ffff:182.185.216.13:53468 ESTABLISHED 7440/httpd
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30810 TIME_WAIT   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:81.91.9.160:57459    FIN_WAIT2   -
tcp        0      0 ::ffff:119.57.51.103:80     ::ffff:60.176.253.144:30812 TIME_WAIT   -

 這是監聽的端口及運行的進程 可以看到好多atdd ksapd kysapd 還有一個cupsdd 這些都是不正常的進程

[root@aaa ~]# cat /etc/rc.local
#!/bin/sh

This script will be executed after all the other init scripts.

You can put your own initialization stuff in here if you don't

want to do the full Sys V style init stuff.

nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd

 這是我的rc.local 文件 被加入了好多東西,網查發現正是這些東西導致服務器大量向外發包

  那以上就是這次案例的一些文字東西了,在這裏向大家說一聲密碼一定不能簡單化,尤其是公網IP,處理方法的話就把他隨機器啓動的一些文件全部刪除,把他添加的一些東西刪除掉,不過  強烈建議重新做系統,安全要做好!
————————————————
版權聲明:本文爲CSDN博主「RedHat-小怪獸」的原創文章,遵循 CC 4.0 BY-SA 版權協議,轉載請附上原文出處鏈接及本聲明。
原文鏈接:https://blog.csdn.net/redhat_xiaoguaishou/article/details/19042147

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

centos 3種網卡配置

1、自動獲取IP地址 虛擬機使用橋接模式,相當於連接到物理機的網絡裏,物理機網絡有DHCP服務器自動分配IP地址。 #dhclient 自動獲取ip地址命令 #ifconfig 查詢系統裏網卡信息,ip地址、MAC地址   分

卫水金波 2020-07-08 09:56:39

centos 配置支持 sudo

su vim /etc/sudoers yy  root = ALL     ALL p 修改爲 wangfj = ALL   ALL

卫水金波 2020-07-08 09:56:39

在win10下安裝Ubuntu Kylin雙系統

前言 安裝系統之前一定要備份重要的數據,要做好整個系統崩潰的準備。無需太擔心,一般不會有問題 材料準備 Ubuntu Kylin的ISO、UltraISO、U盤(>=2G) Ubuntu Kylin的ISO下載地址:https:

QI760549741 2020-07-08 05:04:25

調整ubuntu命令行終端字體顏色和大小

剛裝好ubuntu16.04新系統,由於電腦比較新,而且是筆記本1080p高清屏幕,分辨率一高,字體就變小了,又不甘心把分辨率調低,就自己動手豐衣足食吧,首先使用ubuntu 最常用的就是命令行終端,以我工作經歷來說,基本百分之9

戎煜 2020-07-08 04:26:05

ssh使用過程中的遇到的問題及解決方法

ssh疑惑記錄寫在前面ssh免密登錄ssh免密登錄的詳細步驟 寫在前面        最近在使用ssh過程中遇到了一些問題,雖然很容易解決,但是有些容易造成我疑惑的地方,藉此機會將這些問題及解決方法記錄下來,以免以後忘記,與大家共

xingyu97 2020-07-07 19:13:22

CentOS7升級openssh

查看openssh和openssl版本 # ssh -V # openssl version -a 一、升級openssl 1.下載openssl二進制安裝包 # wget https://ftp.openssl.org/source

不倒翁Jason 2020-07-05 09:32:42

CentOS編譯安裝Busybox

1.下載busybox wget -N -P /opt https://busybox.net/downloads/busybox-1.31.0.tar.bz2 -C /opt 2.安裝依賴包 yum -y install gcc g

不倒翁Jason 2020-07-05 09:32:42

Linux 2T+硬盤分區和動態擴容分區

1、查看硬盤分區信息 # fdisk -l 查看未格式化的分區 # parted -l 可以查看未掛載的文件系統類型,以及哪些分區尚未格式化 # lsblk -f 可以查看未掛載的文件系統類型 2、格式化分區 # parted /d

不倒翁Jason 2020-07-05 09:32:42

Start Zabbix at boot on Ubuntu 14.04

Version: zabbix 2.2.10 Copy the init.d scripts to the right spot: sudo cp misc/init.d/debian/zabbix-server /etc/i

JeremyIO 2020-07-05 02:33:47

使用udev管理 Linux 設備文件 防止盤符改變---multipath用udev更改權限

 使用udev管理 Linux 設備文件 防止盤符改變 網址: http://www.eygle.com/digest/2012/03/udev_linux_bind.html 原文鏈接: http://www.ibm.co

kevin_LCC 2020-07-05 01:08:22

安裝CetOS7配置網絡

上一篇文檔寫了解決CetOS7安裝完不能ping通主機和外網,今天又幫同事安裝遇到了這個網絡問題,晚上想起來又裝了一遍,so easy。 直接上圖        1、安裝Linux系統省略。。。。。。。。。。。        2、查看網關

董先森^|. .|^ 2020-07-05 00:45:27

fatal error :Eigen/Core: No such file or directory

ubuntu下安裝了eigen庫,但是eigen頭文件是位於eigen3/Eigen/中的,使用#include <Eigen/****>的時候會出問題,解決方法如下: cd /usr/include sudo ln -sf eigen

dulingwen 2020-07-04 21:34:45

性能問題的定位

線上程序常出現的狀況是運行一段時間之後, 發現運行效率越來越差, 慢慢出現了累計或者相應慢的情況, 比較粗暴額解決方式是重啓程序, 一切都正常了。 但是過了一段時間問題又出現了, 我們需要藉助一些工具來定位爲。 通常我們的程序,

baijiwei 2020-07-04 20:25:37

簡單明瞭的在linux格式化u盤

1.首先查看u盤的分區 sudo fdisk -l 查看磁盤分區 2.先卸載u盤分區 umount /dev/sdb1 3.格式化命令 mkfs.vfat /dev/sdb1

桃李醉东风 2020-07-04 14:12:59

ip netns的使用及network namespace 簡介

network namespace 是實現網絡虛擬化的重要功能,它能創建多個隔離的網絡空間,它們有獨自的網絡棧信息。不管是虛擬機還是容器,運行的時候彷彿自己就在獨立的網絡中。這篇文章介紹 network namespace 的基本

beachboyy 2020-07-04 12:23:17