这是一个创建于 579 天前的主题,其中的信息可能已经有所发展或是发生改变。
手头有台服务器最近一直被攻击,被攻击的时候服务器会直接断网,最奇怪的是局域网内都无法访问,只能拔掉网线再插上才能恢复。 想请教一下这是什么情况,外网无法访问我可以理解,是什么原因造成了局域网也无法访问?
- dmesg
[Fri Apr 14 10:29:11 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2415. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:13 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2416. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:16 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2417. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:18 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2418. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:21 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2419. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:23 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2420. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:26 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2421. Dropping request. Check SNMP counters.
[Fri Apr 14 10:29:28 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2422.
- netstat
Ip:
Forwarding: 1
7714599460 total packets received
0 forwarded
0 incoming packets discarded
7714349931 incoming packets delivered
8749439270 requests sent out
47366 outgoing packets dropped
6063 dropped because of missing route
4922 reassemblies required
1017 packets reassembled ok
Icmp:
532003 ICMP messages received
11114 input ICMP message failed
ICMP input histogram:
destination unreachable: 515032
timeout in transit: 16821
echo requests: 138
echo replies: 12
265248 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 265068
echo requests: 42
echo replies: 138
IcmpMsg:
InType0: 12
InType3: 515032
InType8: 138
InType11: 16821
OutType0: 138
OutType3: 265068
OutType8: 42
Tcp:
1686409 active connection openings
1958453 passive connection openings
74282 failed connection attempts
210363 connection resets received
321 connections established
318181058 segments received
358256736 segments sent out
2329101 segments retransmitted
108 bad segments received
423496 resets sent
Udp:
7390711649 packets received
1011670 packets to unknown port received
4116888 packet receive errors
8447404689 packets sent
4102479 receive buffer errors
0 send buffer errors
InCsumErrors: 14407
IgnoredMulti: 204368
UdpLite:
TcpExt:
6 invalid SYN cookies received
1442 resets received for embryonic SYN_RECV sockets
802 ICMP packets dropped because they were out-of-window
1484500 TCP sockets finished time wait in fast timer
6773 time wait sockets recycled by time stamp
1379 packetes rejected in established connections because of timestamp
5473870 delayed acks sent
1978 delayed acks further delayed because of locked socket
Quick ack mode was activated 312653 times
592 SYNs to LISTEN sockets dropped
175469000 packet headers predicted
25983181 acknowledgments not containing data payload received
120956447 predicted acknowledgments
49 times recovered from packet loss due to fast retransmit
TCPSackRecovery: 70000
TCPSACKReneging: 3
Detected reordering 130693 times using SACK
Detected reordering 118 times using reno fast retransmit
Detected reordering 140 times using time stamp
409 congestion windows fully recovered without slow start
88 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 3108
1052 congestion windows recovered without slow start after partial ack
TCPLostRetransmit: 987758
13 timeouts after reno fast retransmit
TCPSackFailures: 426
2228 timeouts in loss state
1143021 fast retransmits
27493 retransmits in slow start
TCPTimeouts: 1103548
TCPLossProbes: 81461
TCPLossProbeRecovery: 3149
TCPRenoRecoveryFail: 19
TCPSackRecoveryFail: 4040
TCPBacklogCoalesce: 479989
TCPDSACKOldSent: 312029
TCPDSACKOfoSent: 433
TCPDSACKRecv: 299965
TCPDSACKOfoRecv: 40446
283950 connections reset due to unexpected data
12739 connections reset due to early user close
8746 connections aborted due to timeout
1 times unable to send RST due to no memory
TCPSACKDiscard: 140077
TCPDSACKIgnoredOld: 1113
TCPDSACKIgnoredNoUndo: 43299
TCPSpuriousRTOs: 203
TCPSackShifted: 2101142
TCPSackMerged: 1698981
TCPSackShiftFallback: 962368
TCPReqQFullDrop: 592
TCPRcvCoalesce: 12741549
TCPOFOQueue: 2138714
TCPOFOMerge: 401
TCPChallengeACK: 1166
TCPSYNChallenge: 115
TCPFastOpenCookieReqd: 99534
TCPSpuriousRtxHostQueues: 14684
TCPAutoCorking: 522777
TCPFromZeroWindowAdv: 5170
TCPToZeroWindowAdv: 5171
TCPWantZeroWindowAdv: 83550
TCPSynRetrans: 973914
TCPOrigDataSent: 250418873
TCPACKSkippedSynRecv: 60
TCPACKSkippedPAWS: 900
TCPACKSkippedSeq: 11425
TCPACKSkippedTimeWait: 220
TCPACKSkippedChallenge: 1044
TCPWinProbe: 1341
TCPKeepAlive: 3440624
TCPDelivered: 251602231
TCPAckCompressed: 1026994
TcpTimeoutRehash: 1075931
TcpDuplicateDataRehash: 52105
TCPDSACKRecvSegs: 69626
TCPDSACKIgnoredDubious: 276551
IpExt:
InMcastPkts: 2459135
OutMcastPkts: 841350
InBcastPkts: 521993
OutBcastPkts: 350186
InOctets: 816678687796
OutOctets: 2671968340361
InMcastOctets: 713887838
OutMcastOctets: 161067690
InBcastOctets: 49305467
OutBcastOctets: 33314198
InNoECTPkts: 7752006802
InECT1Pkts: 162368
InECT0Pkts: 4595
InCEPkts: 1518
 |
1
artnowben 2023-04-15 23:17:29 +08:00
|
 |
2
kwh 2023-04-15 23:18:07 +08:00
顺便问问有没有大佬知道,存不存在 浏览器发出的 http 请求服务端和客户端同时断开。
|
 |
3
YaakovZiv 2023-04-15 23:21:10 +08:00
估计和我笔记本电脑类似情况,电脑接交换机,服务器大量流量转发我电脑,我电脑网络跑满,接收大量数据包,突然 CPU 和内存占用异常,电脑死机,只能拔掉网线访问。
虽然是我这个电脑使用者不在乎的网络数据,但电脑居然都处理,并且消耗很多硬件资源,直接出现了系统卡死。 |
 |
4
ProjectSky OP @YaakovZiv 我的情况是本地登陆后系统占用并无异常,就是所有的内部 /外部网络连接都挂了。
当然不排除被攻击的时候资源占用异常,因为每次都是被攻击后才登陆服务器。 |
Select Language