- 论坛徽章:
- 0
|
一个客户的网站down了,只是apache不能正常使用其他的都是OK的.用SSH进去看一下TCP栈,发现TCP栈的情形如下.CPU和内存都不过载.从下面信息能看出是不是给DOS攻击呢?为什么标识了 CLOSE_WAIT 的IP一直占着TCP栈不放呢.请高手们指点一下.如果我把apache重启一下,就好了.有什么解决方法吗?Thanks!!!!!!!!!!
tcp 1 0 10.20.0.165:80 24.163.54.147:40935 CLOSE_WAIT 802/httpd
tcp 0 0 10.20.0.165:80 70.160.230.163:3084 TIME_WAIT -
tcp 1 0 10.20.0.165:80 24.163.54.147:40936 CLOSE_WAIT 440/httpd
tcp 1 36233 10.20.0.165:80 156.153.255.202:57213 LAST_ACK -
tcp 1 0 10.20.0.165:80 141.154.140.73:2714 CLOSE_WAIT 3701/httpd
tcp 1 0 10.20.0.165:80 141.154.140.73:2716 CLOSE_WAIT 3702/httpd
tcp 0 0 10.20.0.165:80 24.49.127.150:39925 TIME_WAIT -
tcp 1 0 10.20.0.165:80 63.193.251.82:1688 CLOSE_WAIT 5174/httpd
tcp 1 0 10.20.0.165:80 70.38.91.182:1430 CLOSE_WAIT 2237/httpd
tcp 1 0 10.20.0.165:80 70.38.91.182:1431 CLOSE_WAIT 31661/httpd
tcp 1 0 10.20.0.165:80 24.163.54.147:41029 CLOSE_WAIT 31716/httpd
tcp 1 0 10.20.0.165:80 24.163.54.147:41028 CLOSE_WAIT 419/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3846 CLOSE_WAIT 3711/httpd
tcp 0 0 10.20.0.165:80 72.231.135.55:3641 CLOSE_WAIT 2072/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3643 CLOSE_WAIT 3414/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3645 CLOSE_WAIT 3334/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3647 CLOSE_WAIT 3337/httpd
tcp 1 0 10.20.0.165:80 65.32.211.175:50113 CLOSE_WAIT 2115/httpd
tcp 1 0 10.20.0.165:80 65.32.211.175:50112 CLOSE_WAIT 2083/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3639 CLOSE_WAIT 3288/httpd
tcp 1 0 10.20.0.165:80 65.32.211.175:50109 CLOSE_WAIT 2240/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3657 CLOSE_WAIT 3652/httpd
tcp 1 0 10.20.0.165:80 65.32.211.175:50108 CLOSE_WAIT 31724/httpd
tcp 1 0 10.20.0.165:80 65.32.211.175:50111 CLOSE_WAIT 1807/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3659 CLOSE_WAIT 3685/httpd
tcp 1 0 10.20.0.165:80 65.32.211.175:50110 CLOSE_WAIT 2092/httpd
tcp 1 0 10.20.0.165:80 69.142.23.79:1484 CLOSE_WAIT 473/httpd
tcp 1 0 10.20.0.165:80 69.142.23.79:1485 CLOSE_WAIT 448/httpd
tcp 1 0 10.20.0.165:80 69.142.23.79:1486 CLOSE_WAIT 3286/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3649 CLOSE_WAIT 3643/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3651 CLOSE_WAIT 2732/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3653 CLOSE_WAIT 32115/httpd
tcp 1 0 10.20.0.165:80 69.142.23.79:1478 CLOSE_WAIT 1301/httpd
tcp 1 0 10.20.0.165:80 72.231.135.55:3655 CLOSE_WAIT 3386/httpd
tcp 1 0 10.20.0.165:80 69.142.23.79:1479 CLOSE_WAIT 3272/httpd
tcp 1 0 10.20.0.165:80 71.35.198.74:3151 CLOSE_WAIT 31727/httpd
tcp 1 0 10.20.0.165:80 24.206.228.104:60888 CLOSE_WAIT 2239/httpd
tcp 1 0 10.20.0.165:80 24.206.228.104:60889 CLOSE_WAIT 3696/httpd
tcp 1 0 10.20.0.165:80 24.206.228.104:60891 CLOSE_WAIT 3716/httpd
tcp 1 0 10.20.0.165:80 207.69.249.210:1501 CLOSE_WAIT 31715/httpd
tcp 1 0 10.20.0.165:80 24.147.164.135:1083 CLOSE_WAIT 4585/httpd
tcp 0 0 10.20.0.165:80 221.217.143.104:43524 TIME_WAIT -
tcp 0 0 10.20.0.165:80 221.217.143.104:43517 TIME_WAIT -
tcp 0 0 10.20.0.165:80 66.249.66.5:64106 TIME_WAIT -
tcp 1 0 10.20.0.165:80 67.169.185.162:10185 CLOSE_WAIT 31728/httpd
tcp 1 0 10.20.0.165:80 66.249.66.5:43068 CLOSE_WAIT 4528/httpd
tcp 1 0 10.20.0.165:80 66.48.160.55:1281 CLOSE_WAIT 3779/httpd
tcp 1 0 10.20.0.165:80 24.31.100.202:60694 CLOSE_WAIT 5336/httpd
tcp 0 0 10.20.0.165:80 67.161.118.172:62717 TIME_WAIT -
tcp 1 0 10.20.0.165:80 74.107.117.155:60784 CLOSE_WAIT 1102/httpd
tcp 1 0 10.20.0.165:80 74.107.117.155:60537 CLOSE_WAIT 32257/httpd
tcp 1 0 10.20.0.165:80 74.107.117.155:60538 CLOSE_WAIT 32260/httpd
tcp 1 0 10.20.0.165:80 74.107.117.155:60539 CLOSE_WAIT 31714/httpd
tcp 0 7392 10.20.0.165:22 221.232.118.244:3925 ESTABLISHED 5766/sshd: dlnx1027
tcp 1 0 10.20.0.165:80 204.108.96.18:40337 CLOSE_WAIT 3782/httpd
tcp 1 0 10.20.0.165:80 64.43.10.20:56766 CLOSE_WAIT 4604/httpd
tcp 1 0 10.20.0.165:80 74.107.117.155:60612 CLOSE_WAIT 31733/httpd
tcp 1 0 10.20.0.165:80 74.107.117.155:60613 CLOSE_WAIT 32134/httpd
tcp 1 0 10.20.0.165:80 74.107.117.155:60611 CLOSE_WAIT 31444/httpd
[ 本帖最后由 jacky_hui888 于 2006-10-12 15:41 编辑 ] |
|
免费注册
发表于 2006-09-30 13:35
发表于 2006-10-01 23:48
