- 论坛徽章:
- 0
|
小弟搞个站点,发现大量mysql的
: 3436942 : unauthenticated user : 192.168.0.52:49607 : : Connect : : login :
: 3436943 : unauthenticated user : 192.168.0.52:49608 : : Connect : : login :
然后,在netstat -ano
发现大量的IP连接到80
tcp 0 0 ::ffff:208.101.147.122:80 ::ffff:61.170.178.139:4736 TIME_WAIT timewait (27.17/0/0)
tcp 0 0 ::ffff:208.101.147.222:80 ::ffff:124.115.0.169:59795 TIME_WAIT timewait (22.45/0/0)
tcp 0 0 ::ffff:208.101.147.122:80 ::ffff:61.170.178.139:4737 TIME_WAIT timewait (27.22/0/0)
tcp 1 0 ::ffff:208.101.147.230:80 ::ffff:38.99.13.124:43419 CLOSE_WAIT keepalive (7139.48/0/0)
tcp 0 0 ::ffff:208.101.147.206:80 ::ffff:220.173.62.43:21273 TIME_WAIT timewait (29.81/0/0)
tcp 0 0 ::ffff:208.101.147.122:80 ::ffff:61.170.178.139:4742 TIME_WAIT timewait (27.45/0/0)
tcp 0 0 ::ffff:208.101.147.122:80 ::ffff:61.170.178.139:4743 TIME_WAIT timewait (28.45/0/0)
tcp 0 0 ::ffff:208.101.147.122:80 ::ffff:61.170.178.139:4740 TIME_WAIT timewait (27.26/0/0)
tcp 0 0 ::ffff:208.101.147.122:80 ::ffff:61.170.178.139:4741 TIME_WAIT timewait (27.34/0/0)
tcp 0 0 ::ffff:208.101.147.222:80 ::ffff:220.181.34.177:1643 TIME_WAIT timewait (40.94/0/0)
tcp 0 0 ::ffff:208.101.147.206:80 ::ffff:220.173.62.43:5477 TIME_WAIT timewait (29.56/0/0)
tcp 0 0 ::ffff:208.101.147.222:80 ::ffff:124.115.0.169:59112 TIME_WAIT timewait (19.44/0/0)
tcp 0 0 ::ffff:208.101.147.227:80 ::ffff:60.168.194.174:20426 TIME_WAIT timewait (14.63/0/0)
tcp 0 0 ::ffff:208.101.147.221:80 ::ffff:221.130.185.7:59123 TIME_WAIT timewait (45.85/0/0)
tcp 0 0 ::ffff:208.101.147.222:80 ::ffff:124.115.0.169:59113 TIME_WAIT timewait (19.44/0/0)
tcp 0 0 ::ffff:208.101.147.227:80 ::ffff:221.225.64.122:6184 TIME_WAIT timewait (7.82/0/0)
然后用iptables限制了下80端口
iptables -I INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j REJECT
但是,仍然有许多timewait的连接.还是老样子.
有大侠能指点一条明路吗? |
|
免费注册
发表于 2007-08-25 11:15