1. Accueil
  2. Question et réponse
  3. lecture netstat d'Ubuntu AWS EC2 exemple

lecture netstat d'Ubuntu AWS EC2 exemple

2015-09-29 6 views
-1

netstat:lecture netstat d'Ubuntu AWS EC2 exemple

[email protected]:/$ netstat 
Active Internet connections (w/o servers) 
Proto Recv-Q Send-Q Local Address   Foreign Address   State 
tcp  0 187 ip-172-31-60-232.:51044 unknown.prolexic.c:http ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51045 unknown.prolexic.c:http ESTABLISHED 
tcp  0  0 ip-172-31-60-232.ec:ssh rrcs-71-43-133-18:50725 ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51048 unknown.prolexic.c:http ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51046 unknown.prolexic.c:http ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51047 unknown.prolexic.c:http ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51050 unknown.prolexic.c:http ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51049 unknown.prolexic.c:http ESTABLISHED 
tcp  0 187 ip-172-31-60-232.:51043 unknown.prolexic.c:http ESTABLISHED 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:45931 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:43103 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:46224 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:51975 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:45529 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:52326 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:46529 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:35851 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:42878 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:44822 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:45080 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:51681 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.199-s:54884 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.8.68.54-stati:53652 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:51548 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.8.68.54-stati:39783 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.199-s:58173 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:45439 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.199-s:55093 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:46086 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:46085 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.199-s:35563 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:45901 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:45727 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.199-s:52116 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.196-s:46065 CLOSE_WAIT 
tcp6  0  0 ip-172-31-60-232.e:http 159.122.120.199-s:45937 CLOSE_WAIT 
Active UNIX domain sockets (w/o servers) 
Proto RefCnt Flags  Type  State   I-Node Path 
unix 2  [ ]   DGRAM     8617  /var/spool/postfix/dev/log 
unix 9  [ ]   DGRAM     8615  /dev/log 
unix 3  [ ]   STREAM  CONNECTED  101130 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  101043 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9394 
unix 3  [ ]   STREAM  CONNECTED  100999 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9448 
unix 3  [ ]   STREAM  CONNECTED  101072 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9409 
unix 3  [ ]   STREAM  CONNECTED  100993 /var/run/mysqld/mysqld.sock 
unix 2  [ ]   DGRAM     8862 
unix 3  [ ]   STREAM  CONNECTED  101134 
unix 3  [ ]   STREAM  CONNECTED  101083 
unix 3  [ ]   STREAM  CONNECTED  101054 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9450 
unix 3  [ ]   STREAM  CONNECTED  8571 
unix 3  [ ]   STREAM  CONNECTED  101000 
unix 2  [ ]   DGRAM     35035 
unix 3  [ ]   STREAM  CONNECTED  9436 
unix 3  [ ]   STREAM  CONNECTED  101112 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  7997 
unix 3  [ ]   STREAM  CONNECTED  9385 
unix 3  [ ]   STREAM  CONNECTED  9438 
unix 3  [ ]   STREAM  CONNECTED  9387 
unix 3  [ ]   STREAM  CONNECTED  101049 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9442 
unix 3  [ ]   STREAM  CONNECTED  9414 
unix 3  [ ]   STREAM  CONNECTED  13189 
unix 3  [ ]   STREAM  CONNECTED  9457 
unix 3  [ ]   STREAM  CONNECTED  9453 
unix 3  [ ]   STREAM  CONNECTED  9405 
unix 3  [ ]   STREAM  CONNECTED  100996 
unix 3  [ ]   STREAM  CONNECTED  9444 
unix 3  [ ]   STREAM  CONNECTED  9396 
unix 3  [ ]   STREAM  CONNECTED  8519 
unix 3  [ ]   STREAM  CONNECTED  101117 
unix 3  [ ]   DGRAM     7633 
unix 3  [ ]   STREAM  CONNECTED  101001 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9375 
unix 3  [ ]   STREAM  CONNECTED  101111 
unix 3  [ ]   STREAM  CONNECTED  9412 
unix 3  [ ]   STREAM  CONNECTED  9430 
unix 3  [ ]   STREAM  CONNECTED  101129 
unix 3  [ ]   STREAM  CONNECTED  101045 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9432 
unix 3  [ ]   STREAM  CONNECTED  7593  @/com/ubuntu/upstart 
unix 3  [ ]   STREAM  CONNECTED  100997 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9415 
unix 3  [ ]   STREAM  CONNECTED  100995 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  100986 
unix 3  [ ]   STREAM  CONNECTED  13190 
unix 3  [ ]   STREAM  CONNECTED  101113 
unix 3  [ ]   STREAM  CONNECTED  9374 
unix 3  [ ]   STREAM  CONNECTED  101046 
unix 3  [ ]   STREAM  CONNECTED  9371 
unix 3  [ ]   STREAM  CONNECTED  101115 
unix 3  [ ]   STREAM  CONNECTED  8639 
unix 3  [ ]   STREAM  CONNECTED  9418 
unix 3  [ ]   STREAM  CONNECTED  9370 
unix 2  [ ]   DGRAM     8619 
unix 3  [ ]   STREAM  CONNECTED  9420 
unix 3  [ ]   STREAM  CONNECTED  101108 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  101071 
unix 3  [ ]   STREAM  CONNECTED  101062 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   DGRAM     7634 
unix 3  [ ]   STREAM  CONNECTED  101135 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  101119 
unix 3  [ ]   STREAM  CONNECTED  9377 
unix 3  [ ]   STREAM  CONNECTED  9426 
unix 3  [ ]   STREAM  CONNECTED  9424 
unix 3  [ ]   STREAM  CONNECTED  101044 
unix 3  [ ]   STREAM  CONNECTED  9445 
unix 3  [ ]   STREAM  CONNECTED  8567 
unix 3  [ ]   STREAM  CONNECTED  9378 
unix 3  [ ]   STREAM  CONNECTED  100987 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  101120 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9447 
unix 3  [ ]   STREAM  CONNECTED  100994 
unix 3  [ ]   STREAM  CONNECTED  9451 
unix 3  [ ]   STREAM  CONNECTED  8572  /var/run/dbus/system_bus_socket 
unix 3  [ ]   STREAM  CONNECTED  101084 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9381 
unix 3  [ ]   STREAM  CONNECTED  9403 
unix 3  [ ]   STREAM  CONNECTED  101048 
unix 3  [ ]   STREAM  CONNECTED  9391 
unix 3  [ ]   STREAM  CONNECTED  100998 
unix 3  [ ]   STREAM  CONNECTED  101068 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9382 
unix 3  [ ]   STREAM  CONNECTED  101078 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  13197 /var/run/dbus/system_bus_socket 
unix 3  [ ]   STREAM  CONNECTED  8008  @/com/ubuntu/upstart 
unix 3  [ ]   STREAM  CONNECTED  100990 
unix 3  [ ]   STREAM  CONNECTED  9411 
unix 3  [ ]   STREAM  CONNECTED  9384 
unix 2  [ ]   DGRAM     9468 
unix 3  [ ]   STREAM  CONNECTED  101109 
unix 2  [ ]   DGRAM     9463 
unix 3  [ ]   STREAM  CONNECTED  9439 
unix 3  [ ]   STREAM  CONNECTED  8640  /var/run/dbus/system_bus_socket 
unix 3  [ ]   STREAM  CONNECTED  9406 
unix 3  [ ]   STREAM  CONNECTED  100989 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9441 
unix 3  [ ]   STREAM  CONNECTED  9400 
unix 3  [ ]   STREAM  CONNECTED  8568 
unix 3  [ ]   STREAM  CONNECTED  9456 
unix 3  [ ]   STREAM  CONNECTED  9388 
unix 3  [ ]   STREAM  CONNECTED  9408 
unix 3  [ ]   STREAM  CONNECTED  101047 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  101110 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9454 
unix 3  [ ]   STREAM  CONNECTED  9390 
unix 3  [ ]   STREAM  CONNECTED  9402 
unix 3  [ ]   STREAM  CONNECTED  9397 
unix 3  [ ]   STREAM  CONNECTED  9367 
unix 3  [ ]   STREAM  CONNECTED  101107 
unix 3  [ ]   STREAM  CONNECTED  9427 
unix 3  [ ]   STREAM  CONNECTED  100988 
unix 3  [ ]   STREAM  CONNECTED  101077 
unix 3  [ ]   STREAM  CONNECTED  9429 
unix 3  [ ]   STREAM  CONNECTED  101114 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  101042 
unix 2  [ ]   DGRAM     12906 
unix 3  [ ]   STREAM  CONNECTED  13196 
unix 3  [ ]   STREAM  CONNECTED  9435 
unix 3  [ ]   STREAM  CONNECTED  9433 
unix 3  [ ]   STREAM  CONNECTED  101067 
unix 2  [ ]   DGRAM     9344 
unix 3  [ ]   STREAM  CONNECTED  7582 
unix 3  [ ]   STREAM  CONNECTED  101118 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9417 
unix 3  [ ]   STREAM  CONNECTED  101053 
unix 3  [ ]   STREAM  CONNECTED  8545  @/com/ubuntu/upstart 
unix 3  [ ]   STREAM  CONNECTED  9421 
unix 3  [ ]   STREAM  CONNECTED  9399 
unix 3  [ ]   STREAM  CONNECTED  100991 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9393 
unix 3  [ ]   STREAM  CONNECTED  101061 
unix 3  [ ]   STREAM  CONNECTED  9423 
unix 3  [ ]   STREAM  CONNECTED  100992 
unix 3  [ ]   STREAM  CONNECTED  101116 /var/run/mysqld/mysqld.sock 
unix 3  [ ]   STREAM  CONNECTED  9368 
[email protected]:/$

Je crois que quelqu'un est ddosing mon serveur

Je pense que le 159.122.120.196 IP est le coupable, mais je suis pas entièrement sûr. mon serveur s'est à présent réactivé. Ce n'est pas mon domaine d'expertise, donc tout conseil que vous pouvez me donner serait grandement apprécié.

Source

2015-09-29 wooper clooper

+0

Ne laissez pas netstat résoudre les adresses pour vous. Vous n'avez aucun moyen de savoir interpréter ces noms d'hôte, qui ressemblent à des adresses, mais vous ne savez pas s'ils sont corrects, et certaines entrées DNS inverses inversent l'ordre des octets. Utilisez 'netstat -n' à la place. –

Répondre

0

Je recevais du trafic malveillant de cette même adresse IP ce soir, assez pour que cela produise un apache2 si rapide que mon noyau serveur a paniqué. Dans mon cas, c'était l'une des trois adresses IP qui tapaient xmlrpc.php sur un site Wordpress plusieurs fois par seconde. J'ai laissé tomber le trafic avec iptables - de retour dans les affaires.

Si votre question se résume à "159.122.120.199 une mauvaise adresse IP d'acteur?", La réponse semble être oui.

Source

2015-09-30 04:29:28

 Questions connexes

  • Aucun problème connexe^_^