TCP洪水攻擊(SYN_SENT)的診斷和處理
TCP洪水攻擊(SYN_SENT)的診斷和處理
SYN攻擊原理
SYN攻擊屬於DOS攻擊的一種,它利用TCP協議缺陷,透過傳送大量的半連線請求,耗費伺服器CPU和記憶體資源.SYN攻擊聊了能影響主機外,還可以危 害路由器,防火牆等網路系統,事實上SYN攻擊並不管目標是什麼系統,只要這些系統開啟TCP服務就可以實施.
我們知道,在網路中兩臺電腦建立TCP連線 時需要進行三次握手過程,客戶端首先向伺服器發關TCP SYN資料包,接著伺服器會向客戶端發關相應的SYN ACK資料包,
最後客戶端會以ACK進行響應.從而建立正常的握手過程.在具體的連線細節中,伺服器最早接受到SYN包時,在TCP協議棧中會將相應的半 連線記錄新增到佇列中,之後等待接受下面準備握手的資料包,
如果握手成功,那麼這個半連線記錄將從佇列中刪除.或者當伺服器未收到客戶端的確認包時,會重 發請求包,一直到超時才將此條目從未連線佇列刪除.但是,
在伺服器中的TCP協議棧中儲存的半連線記錄是有限的,當伺服器受到SYN型的DOS攻擊後,隊 列會很快處於充滿狀態,客戶端在短時間內偽造大量不存在的IP地址,向伺服器不斷地傳送SYN包,
伺服器回覆確認包,並等待客戶的確認,由於源地址是不存 在的,伺服器需要不斷的重發直至超時,這些偽造的SYN包將長時間佔用未連線佇列,正常的SYN請求被丟棄,目標系統執行緩慢嚴重者引起網路堵塞甚至系統 癱瘓,
伺服器隨後就不再接受新的網路連線,從而造成正常的客戶端無法訪問伺服器的情況發生.
原因:
Linux syn攻擊是一種駭客攻擊,如何處理和減少這種攻擊是系統管理員比較重要的工作,怎麼才能出色的完成這項工作,希望透過本文能給你一啟發,讓你在以後工作中能輕鬆完成抵禦Linux syn攻擊的任務。
虛擬主機服務商在運營過程中可能會受到駭客攻擊,常見的攻擊方式有SYN,DDOS等。透過更換IP,查詢被攻擊的站點可能避開攻擊,但是中斷服務的時間比較長。比較徹底的解決方法是添置硬體防火牆。
不過,硬體防火牆價格比較昂貴。可以考慮利用Linux 系統本身提供的防火牆功能來防禦。
抵禦SYN SYN攻擊是利用TCP/IP協議3次握手的原理,傳送大量的建立連線的網路包,但不實際建立連線,最終導致被攻擊伺服器的網路佇列被佔滿,無法被正常使用者訪問
[root@smsplatform01 ~]# su - oracle
su: /bin/bash: Resource temporarily unavailable #提示資源臨時不可用
#用網路監控命令檢視有很多22埠連結IP其它國家主要發起端squid64這個程式發起
[root@smsplatform01 ~]# [root@smsplatform01 ~]# netstat -antp|grep squid64
tcp 0 1 172.20.1.134:58209 200.217.145.158:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:20789 33.242.44.139:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:15980 223.227.215.142:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:16990 102.207.43.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:59686 61.215.164.153:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:40245 205.141.32.222:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:29689 122.241.55.233:22 ESTABLISHED 43610/squid64
tcp 0 296 172.20.1.134:37535 54.191.35.1:22 ESTABLISHED 44042/squid64
tcp 0 52 172.20.1.134:52042 79.0.92.57:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:21707 33.26.124.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:57264 214.188.32.139:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:46389 208.187.162.71:22 ESTABLISHED 43826/squid64
tcp 0 0 172.20.1.134:29847 202.56.193.174:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:37320 184.228.7.212:22 SYN_SENT 43394/squid64
tcp 0 296 172.20.1.134:13625 64.128.45.90:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:64599 216.5.205.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:16193 249.85.249.207:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:13796 53.23.42.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:19435 131.189.129.175:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:36747 193.64.23.143:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:34676 190.132.208.232:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:42500 101.140.28.143:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24853 135.179.0.146:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:41595 165.23.184.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:44990 123.185.99.139:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:22224 130.112.2.216:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:10973 190.33.160.114:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:12045 122.53.239.185:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:21348 152.213.87.139:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:19364 216.235.103.81:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:38790 141.149.29.63:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:46745 158.126.14.139:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:32463 59.9.148.78:22 ESTABLISHED 43178/squid64
tcp 0 144 172.20.1.134:23853 62.212.67.15:22 ESTABLISHED 44042/squid64
tcp 0 100 172.20.1.134:56824 159.8.5.23:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25329 62.213.239.160:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:23790 26.119.32.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:47709 24.131.194.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:57355 12.154.46.145:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:13161 93.29.182.142:22 SYN_SENT 44258/squid64
tcp 0 0 172.20.1.134:61727 46.32.11.170:22 ESTABLISHED 43610/squid64
tcp 0 144 172.20.1.134:31645 123.63.233.122:22 ESTABLISHED 43826/squid64
tcp 0 21 172.20.1.134:55400 79.189.146.174:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:52072 184.209.211.141:22 SYN_SENT 43394/squid64
tcp 0 68 172.20.1.134:28481 217.153.226.1:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:49363 165.249.225.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:25959 53.106.146.241:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:29432 56.20.240.144:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:15148 31.186.3.10:22 ESTABLISHED 44906/squid64
tcp 0 68 172.20.1.134:46411 131.225.69.16:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:54383 154.64.250.146:22 SYN_SENT 43394/squid64
tcp 0 0 172.20.1.134:45631 204.116.2.103:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:19355 205.127.56.198:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:43248 47.27.254.184:22 SYN_SENT 43826/squid64
tcp 0 1 172.20.1.134:42572 49.19.129.16:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38291 153.179.80.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:22144 74.76.109.143:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:58670 202.143.48.139:22 SYN_SENT 45122/squid64
tcp 0 84 172.20.1.134:20175 85.28.121.127:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:46255 80.1.163.39:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:26598 80.161.36.203:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25358 185.38.118.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:25336 168.134.139.138:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:24206 23.20.20.7:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:48502 92.54.74.137:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:39932 213.20.43.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:27193 195.86.21.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:11553 33.168.251.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:38739 31.9.75.22:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:43241 22.11.72.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:55495 112.32.80.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:39681 67.162.84.146:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:61338 212.246.164.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:46043 240.58.96.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:49139 223.161.203.111:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:38652 115.183.231.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:54673 108.111.127.84:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:12225 62.67.192.19:22 ESTABLISHED 44474/squid64
tcp 0 1 172.20.1.134:26521 211.194.130.160:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:64612 107.48.81.169:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:10240 242.53.50.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:44335 135.1.230.222:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24008 215.77.226.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:26003 200.54.190.151:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:43079 60.49.69.80:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:54381 250.75.231.159:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:62181 161.77.42.6:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:54711 45.161.11.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:39407 206.166.145.139:22 SYN_SENT 44258/squid64
tcp 0 68 172.20.1.134:45399 177.74.142.13:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:60591 251.223.10.143:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:11944 16.117.225.138:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:21943 193.124.139.193:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38289 12.159.3.136:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:33696 219.115.92.44:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28309 191.11.116.186:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:57329 44.197.18.148:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:40800 87.217.131.164:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:54820 68.97.123.64:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:19332 169.99.154.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:54248 67.160.160.143:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:25337 222.49.63.141:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:52700 143.141.195.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:54373 160.214.67.132:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:51312 100.214.63.139:22 SYN_SENT 43610/squid64
tcp 0 21 172.20.1.134:64673 46.63.208.30:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:29803 75.90.52.148:22 SYN_SENT 43178/squid64
tcp 0 21 172.20.1.134:9473 88.150.168.7:22 ESTABLISHED 44258/squid64
tcp 0 0 172.20.1.134:18228 188.12.54.152:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:55657 22.131.63.158:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:49334 109.61.148.109:22 SYN_SENT 43178/squid64
tcp 0 296 172.20.1.134:60369 66.230.213.52:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25079 177.96.74.61:22 SYN_SENT 44042/squid64
tcp 0 0 172.20.1.134:38317 157.14.177.182:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28946 156.59.111.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:59798 116.9.3.179:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:28662 197.213.143.149:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:27550 93.227.15.155:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:47295 67.73.144.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:46309 221.217.70.170:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:61482 84.133.244.44:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:57965 147.103.152.139:22 SYN_SENT 44258/squid64
#發現這個程式發起來1941連結
[root@smsplatform01 ~]# netstat -antp|grep squid64|wc -l
1941
#發現啟動6程式
[root@smsplatform01 ~]# ps -ef|grep squid64
root 11360 7701 0 10:00 pts/8 00:00:00 grep squid64
oracle 43178 1 1 08:07 ? 00:01:13 /tmp/squid64
oracle 43394 1 0 08:07 ? 00:00:53 /tmp/squid64
oracle 43610 1 1 08:07 ? 00:01:54 /tmp/squid64
oracle 43826 1 1 08:07 ? 00:01:39 /tmp/squid64
oracle 44042 1 1 08:07 ? 00:01:43 /tmp/squid64
oracle 44258 1 1 08:07 ? 00:01:31 /tmp/squid64
oracle 44474 1 1 08:07 ? 00:01:47 /tmp/squid64
oracle 44690 1 1 08:07 ? 00:01:45 /tmp/squid64
oracle 44906 1 1 08:07 ? 00:01:44 /tmp/squid64
oracle 45122 1 0 08:07 ? 00:01:02 /tmp/squid64/
#結束掉這個6個程式
[root@smsplatform01 ~]# kill 45122
[root@smsplatform01 ~]# kill 44906
[root@smsplatform01 ~]# kill 44690
[root@smsplatform01 ~]# kill 44474
[root@smsplatform01 ~]# kill 44258
[root@smsplatform01 ~]# kill 44042
[root@smsplatform01 ~]# kill 43826
[root@smsplatform01 ~]# kill 43610
[root@smsplatform01 ~]# kill 43394
[root@smsplatform01 ~]# kill 43178
發起程式路徑存放在/tmp/squid64
[oracle@smsplatform01 tmp]$ ls
gnome-system-monitor.root.964379377 libldr.so pulse-DggD1giPYz4n virtual-root.AD4yLJ virtual-root.YN7KRT
hsperfdata_smsplatform memcached.pid pulse-fTKg7U9LzL89 virtual-root.Tf4i2a
keyring-J5hfNT orbit-gdm squid64 virtual-root.xIkwex
把squid64刪除
[oracle@smsplatform01 tmp]$ rm -rf squid64
------------------------------THE END---------------------------------
SYN攻擊原理
SYN攻擊屬於DOS攻擊的一種,它利用TCP協議缺陷,透過傳送大量的半連線請求,耗費伺服器CPU和記憶體資源.SYN攻擊聊了能影響主機外,還可以危 害路由器,防火牆等網路系統,事實上SYN攻擊並不管目標是什麼系統,只要這些系統開啟TCP服務就可以實施.
我們知道,在網路中兩臺電腦建立TCP連線 時需要進行三次握手過程,客戶端首先向伺服器發關TCP SYN資料包,接著伺服器會向客戶端發關相應的SYN ACK資料包,
最後客戶端會以ACK進行響應.從而建立正常的握手過程.在具體的連線細節中,伺服器最早接受到SYN包時,在TCP協議棧中會將相應的半 連線記錄新增到佇列中,之後等待接受下面準備握手的資料包,
如果握手成功,那麼這個半連線記錄將從佇列中刪除.或者當伺服器未收到客戶端的確認包時,會重 發請求包,一直到超時才將此條目從未連線佇列刪除.但是,
在伺服器中的TCP協議棧中儲存的半連線記錄是有限的,當伺服器受到SYN型的DOS攻擊後,隊 列會很快處於充滿狀態,客戶端在短時間內偽造大量不存在的IP地址,向伺服器不斷地傳送SYN包,
伺服器回覆確認包,並等待客戶的確認,由於源地址是不存 在的,伺服器需要不斷的重發直至超時,這些偽造的SYN包將長時間佔用未連線佇列,正常的SYN請求被丟棄,目標系統執行緩慢嚴重者引起網路堵塞甚至系統 癱瘓,
伺服器隨後就不再接受新的網路連線,從而造成正常的客戶端無法訪問伺服器的情況發生.
原因:
Linux syn攻擊是一種駭客攻擊,如何處理和減少這種攻擊是系統管理員比較重要的工作,怎麼才能出色的完成這項工作,希望透過本文能給你一啟發,讓你在以後工作中能輕鬆完成抵禦Linux syn攻擊的任務。
虛擬主機服務商在運營過程中可能會受到駭客攻擊,常見的攻擊方式有SYN,DDOS等。透過更換IP,查詢被攻擊的站點可能避開攻擊,但是中斷服務的時間比較長。比較徹底的解決方法是添置硬體防火牆。
不過,硬體防火牆價格比較昂貴。可以考慮利用Linux 系統本身提供的防火牆功能來防禦。
抵禦SYN SYN攻擊是利用TCP/IP協議3次握手的原理,傳送大量的建立連線的網路包,但不實際建立連線,最終導致被攻擊伺服器的網路佇列被佔滿,無法被正常使用者訪問
[root@smsplatform01 ~]# su - oracle
su: /bin/bash: Resource temporarily unavailable #提示資源臨時不可用
#用網路監控命令檢視有很多22埠連結IP其它國家主要發起端squid64這個程式發起
[root@smsplatform01 ~]# [root@smsplatform01 ~]# netstat -antp|grep squid64
tcp 0 1 172.20.1.134:58209 200.217.145.158:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:20789 33.242.44.139:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:15980 223.227.215.142:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:16990 102.207.43.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:59686 61.215.164.153:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:40245 205.141.32.222:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:29689 122.241.55.233:22 ESTABLISHED 43610/squid64
tcp 0 296 172.20.1.134:37535 54.191.35.1:22 ESTABLISHED 44042/squid64
tcp 0 52 172.20.1.134:52042 79.0.92.57:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:21707 33.26.124.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:57264 214.188.32.139:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:46389 208.187.162.71:22 ESTABLISHED 43826/squid64
tcp 0 0 172.20.1.134:29847 202.56.193.174:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:37320 184.228.7.212:22 SYN_SENT 43394/squid64
tcp 0 296 172.20.1.134:13625 64.128.45.90:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:64599 216.5.205.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:16193 249.85.249.207:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:13796 53.23.42.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:19435 131.189.129.175:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:36747 193.64.23.143:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:34676 190.132.208.232:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:42500 101.140.28.143:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24853 135.179.0.146:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:41595 165.23.184.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:44990 123.185.99.139:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:22224 130.112.2.216:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:10973 190.33.160.114:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:12045 122.53.239.185:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:21348 152.213.87.139:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:19364 216.235.103.81:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:38790 141.149.29.63:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:46745 158.126.14.139:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:32463 59.9.148.78:22 ESTABLISHED 43178/squid64
tcp 0 144 172.20.1.134:23853 62.212.67.15:22 ESTABLISHED 44042/squid64
tcp 0 100 172.20.1.134:56824 159.8.5.23:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25329 62.213.239.160:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:23790 26.119.32.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:47709 24.131.194.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:57355 12.154.46.145:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:13161 93.29.182.142:22 SYN_SENT 44258/squid64
tcp 0 0 172.20.1.134:61727 46.32.11.170:22 ESTABLISHED 43610/squid64
tcp 0 144 172.20.1.134:31645 123.63.233.122:22 ESTABLISHED 43826/squid64
tcp 0 21 172.20.1.134:55400 79.189.146.174:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:52072 184.209.211.141:22 SYN_SENT 43394/squid64
tcp 0 68 172.20.1.134:28481 217.153.226.1:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:49363 165.249.225.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:25959 53.106.146.241:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:29432 56.20.240.144:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:15148 31.186.3.10:22 ESTABLISHED 44906/squid64
tcp 0 68 172.20.1.134:46411 131.225.69.16:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:54383 154.64.250.146:22 SYN_SENT 43394/squid64
tcp 0 0 172.20.1.134:45631 204.116.2.103:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:19355 205.127.56.198:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:43248 47.27.254.184:22 SYN_SENT 43826/squid64
tcp 0 1 172.20.1.134:42572 49.19.129.16:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38291 153.179.80.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:22144 74.76.109.143:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:58670 202.143.48.139:22 SYN_SENT 45122/squid64
tcp 0 84 172.20.1.134:20175 85.28.121.127:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:46255 80.1.163.39:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:26598 80.161.36.203:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25358 185.38.118.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:25336 168.134.139.138:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:24206 23.20.20.7:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:48502 92.54.74.137:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:39932 213.20.43.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:27193 195.86.21.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:11553 33.168.251.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:38739 31.9.75.22:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:43241 22.11.72.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:55495 112.32.80.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:39681 67.162.84.146:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:61338 212.246.164.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:46043 240.58.96.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:49139 223.161.203.111:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:38652 115.183.231.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:54673 108.111.127.84:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:12225 62.67.192.19:22 ESTABLISHED 44474/squid64
tcp 0 1 172.20.1.134:26521 211.194.130.160:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:64612 107.48.81.169:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:10240 242.53.50.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:44335 135.1.230.222:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24008 215.77.226.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:26003 200.54.190.151:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:43079 60.49.69.80:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:54381 250.75.231.159:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:62181 161.77.42.6:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:54711 45.161.11.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:39407 206.166.145.139:22 SYN_SENT 44258/squid64
tcp 0 68 172.20.1.134:45399 177.74.142.13:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:60591 251.223.10.143:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:11944 16.117.225.138:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:21943 193.124.139.193:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38289 12.159.3.136:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:33696 219.115.92.44:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28309 191.11.116.186:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:57329 44.197.18.148:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:40800 87.217.131.164:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:54820 68.97.123.64:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:19332 169.99.154.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:54248 67.160.160.143:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:25337 222.49.63.141:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:52700 143.141.195.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:54373 160.214.67.132:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:51312 100.214.63.139:22 SYN_SENT 43610/squid64
tcp 0 21 172.20.1.134:64673 46.63.208.30:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:29803 75.90.52.148:22 SYN_SENT 43178/squid64
tcp 0 21 172.20.1.134:9473 88.150.168.7:22 ESTABLISHED 44258/squid64
tcp 0 0 172.20.1.134:18228 188.12.54.152:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:55657 22.131.63.158:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:49334 109.61.148.109:22 SYN_SENT 43178/squid64
tcp 0 296 172.20.1.134:60369 66.230.213.52:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25079 177.96.74.61:22 SYN_SENT 44042/squid64
tcp 0 0 172.20.1.134:38317 157.14.177.182:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28946 156.59.111.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:59798 116.9.3.179:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:28662 197.213.143.149:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:27550 93.227.15.155:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:47295 67.73.144.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:46309 221.217.70.170:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:61482 84.133.244.44:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:57965 147.103.152.139:22 SYN_SENT 44258/squid64
#發現這個程式發起來1941連結
[root@smsplatform01 ~]# netstat -antp|grep squid64|wc -l
1941
#發現啟動6程式
[root@smsplatform01 ~]# ps -ef|grep squid64
root 11360 7701 0 10:00 pts/8 00:00:00 grep squid64
oracle 43178 1 1 08:07 ? 00:01:13 /tmp/squid64
oracle 43394 1 0 08:07 ? 00:00:53 /tmp/squid64
oracle 43610 1 1 08:07 ? 00:01:54 /tmp/squid64
oracle 43826 1 1 08:07 ? 00:01:39 /tmp/squid64
oracle 44042 1 1 08:07 ? 00:01:43 /tmp/squid64
oracle 44258 1 1 08:07 ? 00:01:31 /tmp/squid64
oracle 44474 1 1 08:07 ? 00:01:47 /tmp/squid64
oracle 44690 1 1 08:07 ? 00:01:45 /tmp/squid64
oracle 44906 1 1 08:07 ? 00:01:44 /tmp/squid64
oracle 45122 1 0 08:07 ? 00:01:02 /tmp/squid64/
#結束掉這個6個程式
[root@smsplatform01 ~]# kill 45122
[root@smsplatform01 ~]# kill 44906
[root@smsplatform01 ~]# kill 44690
[root@smsplatform01 ~]# kill 44474
[root@smsplatform01 ~]# kill 44258
[root@smsplatform01 ~]# kill 44042
[root@smsplatform01 ~]# kill 43826
[root@smsplatform01 ~]# kill 43610
[root@smsplatform01 ~]# kill 43394
[root@smsplatform01 ~]# kill 43178
發起程式路徑存放在/tmp/squid64
[oracle@smsplatform01 tmp]$ ls
gnome-system-monitor.root.964379377 libldr.so pulse-DggD1giPYz4n virtual-root.AD4yLJ virtual-root.YN7KRT
hsperfdata_smsplatform memcached.pid pulse-fTKg7U9LzL89 virtual-root.Tf4i2a
keyring-J5hfNT orbit-gdm squid64 virtual-root.xIkwex
把squid64刪除
[oracle@smsplatform01 tmp]$ rm -rf squid64
------------------------------THE END---------------------------------
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29065182/viewspace-1756485/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- SYN洪水攻擊原理
- tcp的半連線攻擊和全連線攻擊--TCP DEFER ACCEPTTCP
- 【DDOS】巧用iptables 幾招搞定 SYN洪水攻擊!
- 如何處理ARP的攻擊技巧
- tcp三次握手和SYN攻擊TCP
- TCP 重置攻擊的工作原理TCP
- 一次烏龍的SSH攻擊處理
- TCP/IP協議的SYN攻擊TCP協議
- TCP協議三次握手連線四次握手斷開和DOS攻擊TCP協議
- 伺服器被攻擊的基本處理辦法伺服器
- Oracle 系統效能變慢常規處理診斷及定位處理方法Oracle
- 中斷和中斷處理程式
- 基於TCP反射DDoS攻擊分析TCP反射
- 伺服器遭受攻擊後怎麼處理伺服器
- 【實驗】【LOCK】“鎖等待”模擬、診斷及處理方法
- 5種常見的 DNS 故障診斷及問題處理方法DNS
- CC攻擊和DD攻擊的區別在哪裡
- MSSQL隱碼攻擊時對中文字元的處理方法SQL字元
- 供應鏈攻擊是什麼?應該如何處理?
- laravel8 防止XSS攻擊 預防處理方案Laravel
- 從TCP協議的原理論rst復位攻擊TCP協議
- Linux 核心中斷和中斷處理(1)Linux
- android處理單擊雙擊和滑動事件Android事件
- sql 預處理為什麼可以放置SQL隱碼攻擊SQL
- 中斷機制和中斷描述符表、中斷和異常的處理
- 學習心得 TCP/IP攻擊原理分析總結TCP
- C# 優雅的處理TCP資料(心跳,超時,粘包斷包,SSL加密 ,資料處理等)C#TCP加密
- 中斷處理和GIC-V2
- 問題診斷和PLSQL方面SQL
- 攻擊不斷!QNAP 警告利用0day漏洞Deadbolt 勒索軟體攻擊
- 網路攻擊中主動攻擊和被動攻擊有什麼區別?
- 伺服器被挖礦木馬攻擊該怎麼處理伺服器
- 網站安全公司對於網站XSS攻擊處理方案網站
- Linux安全之三大攻擊(SYN,DDOS,CC)原理及處理Linux
- TCP 的三次握手和四次揮手,瞭解泛洪攻擊麼TCP
- 從TCP協議的原理來談談RST復位攻擊TCP協議
- Linux核心實現中斷和中斷處理(一)Linux
- XSS攻擊和CSRF攻擊有什麼區別?