大家有空帮看一下是否可能受到攻击

quakelee

原帖由 "kinux" 发表：
   
haha!!! just stand there and look the system being attack and going to die...  
^_^!!

   

that server seems not log the snmp, I think we should log it.
but I scaned that server not found available snmp from outside

kinux

原帖由 "quakelee" 发表：
   

that server seems not log the snmp, I think we should log it.
but I scaned that server not found available snmp from outside

   

if your snmp is not open to public, i don't think it need to log, as it will use a lot of CPU resources..
so check BIND

i2era

$dig @your-dns-server-ip >; db.cache     
$grep DiG db.cache

kinux

原帖由 "bsdxp" 发表：
我这种情况从上周五就发现啦，一台机器的80连接无端端高达100 个同时连接，可就是没记录的，后来查找根源，发现是病毒！！（赶紧去找找你的连接机器吧，好象是一种什么新病毒（具体还没查出来）

不过freebsd倒没..........

   

Port80 是用tcp連接, 不是用udp連接...
如果quakelee被攻击的机是网关, 也许是內网的机中毒引致..

安裝snort会方便一点找出真凶...

i2era

原帖由 "kinux" 发表：
   

Port80 是用tcp連接, 不是用udp連接...

no,no
udp also have port 80

kinux

原帖由 "i2era" 发表：

no,no
udp also have port 80

   

what service...

kinux

我看了log..
主要还是code-red...
[Fri Jun 27 23:01:25 2003] [error] [client 219.140.129.178] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 00:09:52 2003] [error] [client 202.159.52.39] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 04:00:54 2003] [error] [client 202.138.177.27] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 04:29:11 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 05:21:56 2003] [error] [client 202.75.96.11] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 08:01:41 2003] [error] [client 202.88.152.11] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 10:09:49 2003] [error] [client 61.167.60.211] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 10:31:05 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 11:16:15 2003] [error] [client 61.50.142.26] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 12:14:48 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 12:48:14 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 14:06:08 2003] [error] [client 202.84.39.97] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 14:16:10 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 19:01:23 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 20:58:34 2003] [error] [client 202.165.245.13] File does not exist: /usr/local/www/data/default.ida
[Sat Jun 28 22:55:16 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 02:07:47 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 02:24:10 2003] [error] [client 202.59.200.194] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 06:57:51 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 07:36:09 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 07:48:37 2003] [error] [client 202.41.10.25] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 08:26:47 2003] [error] [client 218.91.254.114] File does not exist: /usr/local/www/data/scripts/..%5c%5c../winnt/s
ystem32/cmd.exe
[Sun Jun 29 13:13:38 2003] [error] [client 202.85.76.212] File does not exist: /usr/local/www/data/default.ida
[Sun Jun 29 15:17:19 2003] [error] [client 202.105.197.171] File does not exist: /usr/local/www/data/default.ida

i2era

原帖由 "kinux" 发表：
   

what service...

   
if u like,any service be able to use udp port 80.
well,all of us know tcp or udp have the port 0-65535.
so, if u only know the port num,u could not opinion it was used by tcp or udp,that is why.