Httpdの問題、攻撃の疑いがありますが、よくわかりません
サーバーの1つで、netstat -nと入力すると、httpdの400エントリのような巨大な出力が得られます。サーバーの帯域幅は高くないので、何が原因であるのか混乱しています。攻撃の疑いがありますが、よくわかりません。
断続的に、Webサーバーは応答を停止します。これが発生すると、ping、ftpなどの他のすべてのサービスは正常に機能します。システム負荷も正常です。
正常ではないのは、「netstat-n」の出力だけだと思います。
皆さん、私にできることがあるかどうか見てみてください。 APFをインストールしましたが、問題を軽減するためにどのルールを設定する必要があるのかわかりません。
ところで、私はApache2でCentOS5Linuxを実行しています。
root@linux [/backup/stuff/apf-9.7-1]# netstat -n|grep :80
tcp 0 0 120.136.23.56:80 220.181.94.220:48397 TIME_WAIT
tcp 0 0 120.136.23.56:80 218.86.49.153:1734 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:48316 TIME_WAIT
tcp 0 0 120.136.23.56:80 208.80.193.33:54407 TIME_WAIT
tcp 0 0 120.136.23.56:80 65.49.2.180:46768 TIME_WAIT
tcp 0 0 120.136.23.56:80 120.0.70.180:9414 FIN_WAIT2
tcp 0 0 120.136.23.56:80 221.130.177.101:43386 TIME_WAIT
tcp 0 0 120.136.23.92:80 220.181.7.112:51601 TIME_WAIT
tcp 0 0 120.136.23.94:80 220.181.94.215:53097 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.188.236:53203 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:62297 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:64345 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.115.105:36600 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1743 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:35107 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:61801 TIME_WAIT
tcp 0 0 120.136.23.56:80 66.249.69.155:57641 TIME_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:17204 CLOSING
tcp 0 0 120.136.23.93:80 119.235.237.85:45355 TIME_WAIT
tcp 0 0 120.136.23.56:80 217.212.224.182:45195 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.189.10.170:1556 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.102:35701 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1745 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1749 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1748 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.195.76.250:26635 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.239:58417 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.218.116.164:53370 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.236:56168 TIME_WAIT
tcp 0 0 120.136.23.93:80 120.136.23.93:36947 TIME_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:16991 CLOSING
tcp 0 305 120.136.23.56:80 59.58.149.147:1881 ESTABLISHED
tcp 0 0 120.136.23.56:80 61.186.48.148:1405 ESTABLISHED
tcp 0 0 120.136.23.56:80 123.125.66.46:26703 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4814 TIME_WAIT
tcp 0 0 120.136.23.56:80 218.86.49.153:1698 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4813 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4810 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.236:60508 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4811 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:43991 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:52182 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4806 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:56024 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4805 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.89.251.167:2133 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:48340 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:63543 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:39544 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:48066 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4822 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.113.253:55817 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.141.124.130:11316 FIN_WAIT2
tcp 0 0 120.136.23.56:80 222.84.58.254:4820 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4816 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.140:40743 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:60979 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29255 LAST_ACK
tcp 0 0 120.136.23.56:80 117.36.231.149:4078 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29251 LAST_ACK
tcp 0 0 120.136.23.56:80 117.36.231.149:4079 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29260 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.236:51379 TIME_WAIT
tcp 0 0 120.136.23.56:80 114.237.16.26:1363 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29263 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.220:63106 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.101:45795 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.224.115.203:46315 ESTABLISHED
tcp 0 0 120.136.23.56:80 66.249.69.5:35081 ESTABLISHED
tcp 0 0 120.136.23.56:80 203.209.252.26:51590 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29268 LAST_ACK
tcp 0 0 120.136.23.80:80 216.7.175.100:54555 TIME_WAIT
tcp 0 0 120.136.23.92:80 220.181.7.38:47180 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:64467 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29265 LAST_ACK
tcp 0 0 120.136.23.92:80 220.181.7.110:46593 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29276 LAST_ACK
tcp 0 0 120.136.23.56:80 117.36.231.149:4080 TIME_WAIT
tcp 0 0 120.136.23.56:80 117.36.231.149:4081 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:50215 TIME_WAIT
tcp 0 101505 120.136.23.56:80 111.166.41.15:1315 ESTABLISHED
tcp 0 2332 120.136.23.56:80 221.180.12.66:29274 LAST_ACK
tcp 0 0 120.136.23.56:80 222.84.58.254:4878 TIME_WAIT
tcp 0 1 120.136.23.93:80 58.33.226.66:4715 FIN_WAIT1
tcp 0 0 120.136.23.56:80 222.84.58.254:4877 TIME_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:17062 CLOSING
tcp 0 2332 120.136.23.56:80 221.180.12.66:29280 LAST_ACK
tcp 0 0 120.136.23.56:80 222.84.58.254:4874 TIME_WAIT
tcp 0 0 120.136.23.93:80 124.115.0.28:59777 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4872 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4870 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:50449 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4868 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.107:37579 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.114.238:34255 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.105:35530 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:43960 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.229:41667 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:52669 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.239:56779 TIME_WAIT
tcp 1 16560 120.136.23.56:80 210.13.118.102:43675 CLOSE_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:17084 CLOSING
tcp 0 0 120.136.23.56:80 221.130.177.105:33501 TIME_WAIT
tcp 0 0 120.136.23.93:80 123.116.230.132:9703 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:49414 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.168.66.48:3360 ESTABLISHED
tcp 0 0 120.136.23.56:80 220.168.66.48:3361 FIN_WAIT2
tcp 0 0 120.136.23.56:80 220.168.66.48:3362 ESTABLISHED
tcp 0 0 120.136.23.80:80 66.249.68.183:39813 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:51569 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.129.119.11:58377 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.229:41914 TIME_WAIT
tcp 0 0 120.136.23.56:80 60.213.146.54:33921 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:50287 TIME_WAIT
tcp 0 0 120.136.23.56:80 61.150.84.6:2094 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.218.116.166:33262 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.101:38064 TIME_WAIT
tcp 0 0 120.136.23.56:80 110.75.167.223:39895 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:48991 TIME_WAIT
tcp 1 16560 120.136.23.56:80 210.13.118.102:61893 CLOSE_WAIT
tcp 0 0 120.136.23.93:80 61.152.250.144:42832 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.174:37484 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:63403 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:62121 TIME_WAIT
tcp 0 0 120.136.23.56:80 66.249.69.155:62189 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.80:60303 TIME_WAIT
tcp 0 363 120.136.23.56:80 123.89.153.157:39067 ESTABLISHED
tcp 0 0 127.0.0.1:80 127.0.0.1:49406 TIME_WAIT
tcp 0 0 120.136.23.92:80 66.249.65.226:61423 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.136.173.33:19652 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29243 LAST_ACK
tcp 0 0 120.136.23.56:80 122.136.173.33:19653 FIN_WAIT2
tcp 0 0 120.136.23.56:80 122.86.41.132:5061 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.179.90:51318 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5060 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:54333 TIME_WAIT
tcp 0 1 120.136.23.56:80 122.86.41.132:5062 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.229:42547 ESTABLISHED
tcp 0 0 120.136.23.56:80 123.125.66.135:39557 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5057 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.127.20.37:17012 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.127.20.37:17013 ESTABLISHED
tcp 0 0 120.136.23.93:80 222.190.105.186:4641 FIN_WAIT2
tcp 0 0 120.136.23.56:80 122.86.41.132:5059 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.127.20.37:17014 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64078 ESTABLISHED
tcp 0 0 120.136.23.56:80 122.86.41.132:5058 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.127.20.37:17015 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64079 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.127.20.37:17016 ESTABLISHED
tcp 0 0 120.136.23.56:80 67.195.113.224:53092 TIME_WAIT
tcp 0 1 120.136.23.56:80 122.86.41.132:5065 LAST_ACK
tcp 0 0 120.136.23.56:80 122.86.41.132:5064 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5067 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5066 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:58200 TIME_WAIT
tcp 0 27544 120.136.23.56:80 124.160.125.8:8189 LAST_ACK
tcp 0 0 120.136.23.56:80 123.125.66.27:30477 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.102:60019 TIME_WAIT
tcp 0 0 120.136.23.56:80 60.169.49.238:64080 FIN_WAIT2
tcp 0 0 120.136.23.56:80 220.181.94.229:37673 TIME_WAIT
tcp 0 26136 120.136.23.56:80 60.169.49.238:64081 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.127.20.37:17002 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64082 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64083 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64084 FIN_WAIT2
tcp 0 0 120.136.23.56:80 60.169.49.238:64085 FIN_WAIT2
tcp 0 0 120.136.23.56:80 219.131.92.53:4084 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4085 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4086 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:42269 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56911 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56910 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4081 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:34606 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4082 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:25451 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4083 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.100:55875 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.100:51522 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49650 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4088 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4089 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18753 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18752 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18755 TIME_WAIT
tcp 0 0 120.136.23.56:80 66.249.69.2:43954 ESTABLISHED
tcp 0 0 120.136.23.56:80 124.224.63.144:18754 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.231:48903 TIME_WAIT
tcp 0 0 120.136.23.56:80 121.0.29.194:61655 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56915 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56914 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:16247 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56913 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:59909 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:48389 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56912 TIME_WAIT
tcp 0 0 120.136.23.93:80 222.190.105.186:4635 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.106:44326 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1812 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1810 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.104:36898 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:39033 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.231:58229 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1822 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1820 TIME_WAIT
tcp 0 0 120.136.23.56:80 121.206.183.172:2214 FIN_WAIT2
tcp 0 0 120.136.23.56:80 220.181.94.221:54341 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1818 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18751 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18750 TIME_WAIT
tcp 0 0 120.136.23.56:80 61.177.143.210:4226 TIME_WAIT
tcp 0 0 120.136.23.56:80 116.9.9.250:55700 TIME_WAIT
tcp 0 39599 120.136.23.93:80 125.107.166.221:3083 ESTABLISHED
tcp 0 0 120.136.23.56:80 120.86.215.180:62554 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.100:48442 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34199 TIME_WAIT
tcp 0 69227 120.136.23.93:80 125.107.166.221:3084 ESTABLISHED
tcp 0 0 120.136.23.56:80 220.181.94.231:53605 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34196 TIME_WAIT
tcp 0 0 120.136.23.56:80 120.86.215.180:62556 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34203 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.104:40252 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34202 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18731 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34201 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34200 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49538 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.57:49229 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18734 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34204 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:2517 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.229:59728 TIME_WAIT
tcp 0 0 120.136.23.56:80 116.20.61.208:50598 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5031 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5030 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.191.255.196:46290 FIN_WAIT2
tcp 0 0 120.136.23.56:80 122.86.41.132:5037 TIME_WAIT
tcp 0 1 120.136.23.56:80 122.86.41.132:5036 LAST_ACK
tcp 0 0 120.136.23.80:80 115.56.48.140:38058 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5039 TIME_WAIT
tcp 0 0 120.136.23.80:80 115.56.48.140:38057 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5038 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:45862 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5033 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5032 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5034 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49582 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:38777 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.125.66.15:27007 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.98:59848 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5040 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:14651 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:58495 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:2765 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5053 TIME_WAIT
tcp 0 0 120.136.23.56:80 120.86.215.180:62578 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.160.179.58:36715 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5048 TIME_WAIT
tcp 0 0 120.136.23.93:80 61.153.27.172:4889 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:1995 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49501 TIME_WAIT
tcp 0 12270 120.136.23.56:80 119.12.4.49:49551 ESTABLISHED
tcp 0 6988 120.136.23.56:80 119.12.4.49:49550 ESTABLISHED
tcp 0 0 120.136.23.56:80 66.249.67.106:60516 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.179.76:56301 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.178.41:32907 TIME_WAIT
tcp 0 0 120.136.23.93:80 61.153.27.172:24811 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.155:35617 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.229:50081 TIME_WAIT
tcp 0 3650 120.136.23.56:80 119.12.4.49:49555 ESTABLISHED
tcp 0 0 120.136.23.56:80 116.9.9.250:55632 TIME_WAIT
tcp 0 4590 120.136.23.56:80 119.12.4.49:49554 ESTABLISHED
tcp 0 823 120.136.23.56:80 119.12.4.49:49553 ESTABLISHED
tcp 0 778 120.136.23.56:80 119.12.4.49:49552 ESTABLISHED
tcp 0 31944 120.136.23.93:80 222.67.49.170:52229 ESTABLISHED
tcp 0 0 120.136.23.93:80 219.219.127.2:44661 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.102:38602 TIME_WAIT
tcp 0 0 120.136.23.56:80 61.177.143.210:4208 TIME_WAIT
tcp 0 0 120.136.23.56:80 117.23.111.2:3297 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:2079 TIME_WAIT
tcp 0 0 120.136.23.92:80 220.181.7.49:44133 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:38627 TIME_WAIT
tcp 0 660 120.136.23.56:80 113.16.37.24:62908 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.231:62850 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:33423 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.129.119.40:53331 TIME_WAIT
tcp 0 0 120.136.23.56:80 116.248.65.32:2580 ESTABLISHED
tcp 0 0 120.136.23.56:80 61.177.143.210:4199 TIME_WAIT
tcp 0 0 120.136.23.93:80 125.107.166.221:3052 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.7.175.100:36933 TIME_WAIT
tcp 0 1 120.136.23.56:80 183.35.149.94:2414 FIN_WAIT1
tcp 0 26963 120.136.23.56:80 124.160.125.8:8274 LAST_ACK
tcp 0 0 120.136.23.93:80 61.153.27.172:16350 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.229:64907 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4116 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.102:32937 TIME_WAIT
tcp 0 0 120.136.23.56:80 218.59.137.178:52731 FIN_WAIT2
tcp 0 0 120.136.23.56:80 123.125.66.53:31474 ESTABLISHED
tcp 0 8950 120.136.23.56:80 221.194.136.245:21574 ESTABLISHED
tcp 0 0 120.136.23.56:80 216.7.175.100:36922 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.7.175.100:36923 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.106:41386 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:62681 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:1639 ESTABLISHED
tcp 0 0 120.136.23.56:80 219.131.92.53:4103 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.231:44007 TIME_WAIT
tcp 0 0 120.136.23.93:80 61.153.27.172:15026 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.125:59521 TIME_WAIT
tcp 0 660 120.136.23.56:80 113.16.37.24:62921 FIN_WAIT1
tcp 0 0 120.136.23.56:80 220.181.94.229:54767 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4148 ESTABLISHED
tcp 0 0 120.136.23.93:80 202.104.103.210:2423 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4149 ESTABLISHED
tcp 0 0 120.136.23.56:80 219.131.
おそらくこれはあなたに少し役立ちます:
# for i in $(sort /tmp/ips | uniq); do geoiplookup $i ;done | sort | uniq -c
4 GeoIP Country Edition: AU, Australia
83 GeoIP Country Edition: CN, China
13 GeoIP Country Edition: --, N/A
1 GeoIP Country Edition: NZ, New Zealand
1 GeoIP Country Edition: SE, Sweden
21 GeoIP Country Edition: US, United States
いくつかは「通常の」クモ(百度など)からのものであることがわかりました。
次のようなものを実行してみてください。
netstat -ntu | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
IPごとの接続数が大まかにわかり、不正使用の発見/ブロックが容易になります。
tail -f /var/log/httpd/access_logその攻撃(または何か)が発生するたびに教えてください。または、後でログを読んだだけの場合、どのURLにヒットしましたか?
MaxClientsの設定は何ですか?この設定に到達しているようです。その場合、Apacheはリクエストの処理を停止し、既存のクライアントの1つが接続を閉じます。これが発生している間、他のサービスは引き続きリクエストを受け入れます。
サーバーステータスページを有効にしている場合は、クライアントが何をしているかをほぼリアルタイムで確認できます。ただし、サーバーステータスを特定のIPアドレスのみにロックするか、他の形式の認証を使用することをお勧めします。
これらすべてのIPアドレスからのトラフィックに関しては、トラフィックの送信元を確認する必要がある場合は、通常、Perlを使用してアクセスログをリッピングします。私はあなたのログにアクセスできないので、これはあなたのnetstatコマンドからの出力を取得する迅速で汚いPerlプログラムであり、これらのIPアドレスがどこから来ているのかを決定するために再帰的なDNSルックアップを実行します。 「junk」と呼ばれるファイルでnetstatの内容を見つけることを期待しています。
お役に立てれば。
#!/usr/bin/Perl -w
use strict;
our %iph = ();
sub recDNS ( $ ) {
my $arpa = shift;
$arpa =~ s/^\d+\.//;
print "+++++ $arpa +++++\n";
my $retVal = system ( "Host", "-a", "$arpa" );
if ( $retVal != 0 ) {
recDNS ( $arpa );
}
}
sub makeArpa ( $ ) {
my $ip = shift;
my @ipParts = split ( /\./, $ip );
my $arpa = "";
while ( $#ipParts > -1 ) {
my $part = pop ( @ipParts );
$arpa .= "$part.";
}
$arpa .= "in-addr.arpa";
recDNS ( $arpa );
}
open ( RD, "junk" );
while ( <RD> ) {
chomp;
my @nparts = split ( /\s+/, $_ );
my $ip = $nparts[4];
# print "$_\n";
$ip =~ s/:\d+$//;
# print "$ip\n";
$iph{$ip} = 0 unless ( defined ( $iph{$ip} ) );
$iph{$ip}++;
}
close ( RD );
foreach my $ip (sort keys %iph) {
print "----- $ip: count->$iph{$ip} -----\n";
my $retVal = system ( "Host", "-a", "$ip" );
if ( $retVal != 0 ) {
makeArpa ( $ip );
}
}
Slowloris かもしれません。