서버가 해킹당한것 같아요..
작성자 정보
- 리눅스 초짜 작성
- 작성일
컨텐츠 정보
- 2,780 조회
- 0 추천
- 목록
본문
안녕하세요...
netstat -na하면 아래와 같은 메시지가 나타납니다.
그래서 보안관련 커널파라미터를 책에서 찾아서
전부 적용시켰습니다..
서버를 리부팅하고, 아파치를 죽였다 다시 살려도
아래와 같은 메시지가 안지워집니다..
또한 martian관련 로그메시지도 계속해서 나타납니다.
os : centos 4.4
kernel : 2.6.9-42.ELsmp 입니다. 80포트로 접속하는것 같은데 아파치를 죽여도
아래 메시지는 계속 남아 있습니다..
질문 1 : established 가 너무 많은데 왜 이와같이 많은거죠?
질문 2 : SYN_RECV관련 커널파라미터를 변경하였는데.왜 리부팅해도 아래메시지가 남아있는거죠?
아래와 같은 커넥션을 어떻케하면 사라지게 할수 있나요
답변부탁드립니다.
감사합니다.
0 0 xxx.xxx.xxx.xxx:80 124.243.13.88:53368 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 58.234.3.50:4139 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.204.177.227:1773 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.204.177.227:1770 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 59.15.8.219:32868 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.204.177.227:1796 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.204.177.227:1769 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 220.83.252.172:1130 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 61.76.29.99:4439 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 218.159.88.123:16769 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 24.70.95.205:34574 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.204.177.227:1793 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 59.12.251.157:25991 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 218.239.133.75:1780 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 124.199.29.165:3529 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.210.24.146:20953 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 35.11.158.96:3368 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 218.238.63.163:4804 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 211.55.114.67:2845 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 222.106.230.180:37797 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 59.21.210.96:2101 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 61.85.202.39:17011 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xxx:80 61.83.194.82:43803 SYN_RECV
tcp 0 12084 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:121.1.88.82:2464 ESTABLISHED
tcp 0 12029 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:61.38.84.68:38044 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.105.232.20:63262 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.195.118.222:2872 ESTABLISHED
tcp 0 12029 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:121.1.88.82:2471 ESTABLISHED
tcp 0 5797 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:121.140.102.46:2154 FIN_WAIT1
tcp 0 11869 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:220.76.84.246:2688 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:220.117.188.200:2415 ESTABLISHED
tcp 470 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:220.86.26.104:3255 ESTABLISHED
tcp 0 12085 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:222.111.215.99:2377 ESTABLISHED
tcp 0 603 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.236.138.212:2779 FIN_WAIT1
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:124.63.14.30:3001 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:122.44.117.39:3812 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:218.154.132.26:3486 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.233.1.133:3855 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:203.84.241.233:4142 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.233.1.133:3854 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.233.1.133:3853 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:210.107.37.101:34996 ESTABLISHED
tcp 341 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.213.72.194:5152 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.203.152.36:2039 ESTABLISHED
tcp 337 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:220.76.84.246:2708 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:222.111.215.99:2398 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:121.172.109.245:2239 ESTABLISHED
tcp 0 0 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:211.169.196.2:41243 ESTABLISHED
tcp 0 11680 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:143.248.245.43:1105 ESTABLISHED
tcp 0 12029 ::ffff:xxx.xxx.xxx.xxx:80 ::ffff:220.122.245.165:3746 ESTABLISHED
관련자료
-
이전
-
다음
