当前位置:  技术问答>linux和unix

大神求助:服务器疑是被攻击,netstat命令看到连接有很多国外IP

    来源: 互联网  发布时间:2017-04-17

    本文导语:  使用命令netstat -aop | grep 62013 > ~/netstat-aop-62013.log文件 文件内容如下: tcp        0      0 *:62013                     *:*                         LISTEN      14530/ssh           off (0.00/0/... 



使用命令netstat -aop | grep 62013 > ~/netstat-aop-62013.log文件

文件内容如下:


tcp        0      0 *:62013                     *:*                         LISTEN      14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  43.148.51.119.adsl-po:18121 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  104.47.48.119.adsl-po:12595 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  3.168.17.175.adsl-poo:51707 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:38611 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  238.165.17.175.adsl-p:55066 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:11475 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:13057 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:13058 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:29648 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  3.168.17.175.adsl-poo:55286 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  22.47.48.119.adsl-poo:22853 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:37340 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  146.171.17.175.adsl-p:34406 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  22.47.48.119.adsl-pool:5184 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  65.44.48.119.adsl-poo:16660 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:13577 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  14.47.48.119.adsl-poo:24665 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  165.166.17.175.adsl-p:20569 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  146.171.17.175.adsl-p:vstat ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  55.168.17.175.adsl-po:22980 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  246.171.17.17:gxs-data-port ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  165.166.17.175.adsl-p:16965 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-pool:dwf ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:12459 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  146.171.17.175.adsl-p:61054 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:13072 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  54.169.17.175.adsl-po:21214 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:32451 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  219.170.17.175.adsl-p:17715 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:13074 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  65.44.48.119.ads:lm-sserver ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  3.168.17.175.adsl-poo:55271 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  165.166.17.175.adsl-p:57166 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  104.47.48.119.adsl-po:29480 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  54.169.17.175.adsl-po:22224 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  246.171.17.175.adsl-p:11284 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  43.148.51.119.adsl-po:30423 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  165.166.17.175.a:tarantella ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  104.47.48.119.adsl-poo:6189 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  146.171.17.175.adsl-p:61042 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:11160 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  65.44.48.119.adsl-pool:9784 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  165.166.17.175.adsl-p:51319 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:13093 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  22.47.48.119.adsl-poo:18029 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:11676 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-poo:6812 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  51.168.17.175.:bex-webadmin ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:18333 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  ::ffff:124.235.120.15:53609 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:18334 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  165.166.17.175.adsl-p:39280 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  130.167.17.175.adsl-p:11353 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  246.171.17.175.adsl-po:6945 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  51.168.17.175.adsl-poo:6119 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:28414 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  246.171.17.175.adsl-po:7712 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  51.168.17.175.adsl-poo:6118 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:11153 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  22.47.48.119.adsl-poo:18789 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  51.168.17.175.adsl-poo:6117 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  104.47.48.119.adsl-po:10520 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  227.46.48.119.adsl-po:16530 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  22.47.48.119.adsl-poo:18016 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:40955 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  43.148.51.119.adsl-po:61924 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  22.47.48.119.adsl-pool.:cbt ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  104.47.48.119.ad:trellisagt ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  246.171.17.175.adsl-p:10553 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  104.47.48.119.adsl-poo:8706 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:10036 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  146.171.17.175.:tw-auth-key ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  142.45.48.119.adsl-po:47077 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  94.47.48.119.adsl-poo:12848 FIN_WAIT2   14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  14.47.48.119.adsl-poo:19040 ESTABLISHED 14530/ssh           off (0.00/0/0)

tcp        0      0 ::ffff:192.168.10.21:62013  65.44.48.119.adsl-pool:9773 ESTABLISHED 

其中头几个IP都是国外的,而此服务器是给国内特定用户使用的.
不知道这种情况是属于被攻击中还是正常现象???
由于长度限制只贴出了前几行的网络连接信息,
62013端口的连接文本有93KB大小, 774行(连接)
请大神解释.

|

如果是给内网,就在iptables上面做规则,允许内网网段

    
 
 
 
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。












  • 相关文章推荐
  • 大神们好! yum install gcc出现错误,请大神指点!
  • 求助~~哪位大神晓得如何固定tuxedo客户端与通信端的端口呀?
  • 请教各位大神 linux安装的步骤!
  • [FreeBSD] 大神,求解,control socket : can‘t to any socket
  • 一个很简单的liunx的问题。。。希望大神给个指点
  • 我的D盘不见了。。求大神。。。
  • 用U盘装红帽9,怎么装 ?求大神!!!!
  • ubuntu kde,神奇的输入法问题,求解,求大神显灵
  • 求大神赐教 关于brctl
  • 哪位大神给解释一下repo init和git chone的区别
  • 大神们帮我看看这个死机的原因
  • 急!跪求大神赐教。fedora16 grub文件丢失
  • 求助 crontab -l & crontab -e 报错,谢各位大神先~~
  • 菜鸟求大神指导?
  • Java做Web开发,想学习下Linux,不知用什么版本的好,望各位大神们指点
  • 求大神详细讲解下KDbg的使用方法
  • linux装载刚编译2.6.38.8内核,错误了, 那个大神帮帮小白
  • 求各位大神给一个 进程 自启动脚本
  • 在VMware中安装Fedora中出现错误mount:special device /dev/hda does not exist,求大神解决
  • 关于postfix的问题,求大神进来看下


    • 站内导航:


    特别声明:169IT网站部分信息来自互联网,如果侵犯您的权利,请及时告知,本站将立即删除!

    ©2012-2021,