TCP洪水攻击(SYN_SENT)的诊断和处理
TCP洪水攻击(SYN_SENT)的诊断和处理
SYN攻击原理
SYN攻击属于DOS攻击的一种,它利用TCP协议缺陷,通过发送大量的半连接请求,耗费服务器CPU和内存资源.SYN攻击聊了能影响主机外,还可以危 害路由器,防火墙等网络系统,事实上SYN攻击并不管目标是什么系统,只要这些系统打开TCP服务就可以实施.
我们知道,在网络中两台电脑建立TCP连接 时需要进行三次握手过程,客户端首先向服务器发关TCP SYN数据包,接着服务器会向客户端发关相应的SYN ACK数据包,
最后客户端会以ACK进行响应.从而建立正常的握手过程.在具体的连接细节中,服务器最早接受到SYN包时,在TCP协议栈中会将相应的半 连接记录添加到队列中,之后等待接受下面准备握手的数据包,
如果握手成功,那么这个半连接记录将从队列中删除.或者当服务器未收到客户端的确认包时,会重 发请求包,一直到超时才将此条目从未连接队列删除.但是,
在服务器中的TCP协议栈中存储的半连接记录是有限的,当服务器受到SYN型的DOS攻击后,队 列会很快处于充满状态,客户端在短时间内伪造大量不存在的IP地址,向服务器不断地发送SYN包,
服务器回复确认包,并等待客户的确认,由于源地址是不存 在的,服务器需要不断的重发直至超时,这些伪造的SYN包将长时间占用未连接队列,正常的SYN请求被丢弃,目标系统运行缓慢严重者引起网络堵塞甚至系统 瘫痪,
服务器随后就不再接受新的网络连接,从而造成正常的客户端无法访问服务器的情况发生.
原因:
Linux syn攻击是一种黑客攻击,如何处理和减少这种攻击是系统管理员比较重要的工作,怎么才能出色的完成这项工作,希望通过本文能给你一启发,让你在以后工作中能轻松完成抵御Linux syn攻击的任务。
虚拟主机服务商在运营过程中可能会受到黑客攻击,常见的攻击方式有SYN,DDOS等。通过更换IP,查找被攻击的站点可能避开攻击,但是中断服务的时间比较长。比较彻底的解决方法是添置硬件防火墙。
不过,硬件防火墙价格比较昂贵。可以考虑利用Linux 系统本身提供的防火墙功能来防御。
抵御SYN SYN攻击是利用TCP/IP协议3次握手的原理,发送大量的建立连接的网络包,但不实际建立连接,最终导致被攻击服务器的网络队列被占满,无法被正常用户访问
[root@smsplatform01 ~]# su - oracle
su: /bin/bash: Resource temporarily unavailable #提示资源临时不可用
#用网络监控命令查看有很多22端口链接IP其它国家主要发起端squid64这个程序发起
[root@smsplatform01 ~]# [root@smsplatform01 ~]# netstat -antp|grep squid64
tcp 0 1 172.20.1.134:58209 200.217.145.158:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:20789 33.242.44.139:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:15980 223.227.215.142:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:16990 102.207.43.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:59686 61.215.164.153:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:40245 205.141.32.222:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:29689 122.241.55.233:22 ESTABLISHED 43610/squid64
tcp 0 296 172.20.1.134:37535 54.191.35.1:22 ESTABLISHED 44042/squid64
tcp 0 52 172.20.1.134:52042 79.0.92.57:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:21707 33.26.124.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:57264 214.188.32.139:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:46389 208.187.162.71:22 ESTABLISHED 43826/squid64
tcp 0 0 172.20.1.134:29847 202.56.193.174:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:37320 184.228.7.212:22 SYN_SENT 43394/squid64
tcp 0 296 172.20.1.134:13625 64.128.45.90:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:64599 216.5.205.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:16193 249.85.249.207:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:13796 53.23.42.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:19435 131.189.129.175:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:36747 193.64.23.143:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:34676 190.132.208.232:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:42500 101.140.28.143:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24853 135.179.0.146:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:41595 165.23.184.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:44990 123.185.99.139:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:22224 130.112.2.216:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:10973 190.33.160.114:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:12045 122.53.239.185:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:21348 152.213.87.139:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:19364 216.235.103.81:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:38790 141.149.29.63:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:46745 158.126.14.139:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:32463 59.9.148.78:22 ESTABLISHED 43178/squid64
tcp 0 144 172.20.1.134:23853 62.212.67.15:22 ESTABLISHED 44042/squid64
tcp 0 100 172.20.1.134:56824 159.8.5.23:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25329 62.213.239.160:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:23790 26.119.32.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:47709 24.131.194.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:57355 12.154.46.145:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:13161 93.29.182.142:22 SYN_SENT 44258/squid64
tcp 0 0 172.20.1.134:61727 46.32.11.170:22 ESTABLISHED 43610/squid64
tcp 0 144 172.20.1.134:31645 123.63.233.122:22 ESTABLISHED 43826/squid64
tcp 0 21 172.20.1.134:55400 79.189.146.174:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:52072 184.209.211.141:22 SYN_SENT 43394/squid64
tcp 0 68 172.20.1.134:28481 217.153.226.1:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:49363 165.249.225.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:25959 53.106.146.241:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:29432 56.20.240.144:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:15148 31.186.3.10:22 ESTABLISHED 44906/squid64
tcp 0 68 172.20.1.134:46411 131.225.69.16:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:54383 154.64.250.146:22 SYN_SENT 43394/squid64
tcp 0 0 172.20.1.134:45631 204.116.2.103:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:19355 205.127.56.198:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:43248 47.27.254.184:22 SYN_SENT 43826/squid64
tcp 0 1 172.20.1.134:42572 49.19.129.16:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38291 153.179.80.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:22144 74.76.109.143:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:58670 202.143.48.139:22 SYN_SENT 45122/squid64
tcp 0 84 172.20.1.134:20175 85.28.121.127:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:46255 80.1.163.39:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:26598 80.161.36.203:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25358 185.38.118.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:25336 168.134.139.138:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:24206 23.20.20.7:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:48502 92.54.74.137:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:39932 213.20.43.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:27193 195.86.21.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:11553 33.168.251.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:38739 31.9.75.22:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:43241 22.11.72.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:55495 112.32.80.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:39681 67.162.84.146:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:61338 212.246.164.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:46043 240.58.96.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:49139 223.161.203.111:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:38652 115.183.231.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:54673 108.111.127.84:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:12225 62.67.192.19:22 ESTABLISHED 44474/squid64
tcp 0 1 172.20.1.134:26521 211.194.130.160:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:64612 107.48.81.169:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:10240 242.53.50.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:44335 135.1.230.222:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24008 215.77.226.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:26003 200.54.190.151:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:43079 60.49.69.80:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:54381 250.75.231.159:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:62181 161.77.42.6:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:54711 45.161.11.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:39407 206.166.145.139:22 SYN_SENT 44258/squid64
tcp 0 68 172.20.1.134:45399 177.74.142.13:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:60591 251.223.10.143:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:11944 16.117.225.138:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:21943 193.124.139.193:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38289 12.159.3.136:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:33696 219.115.92.44:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28309 191.11.116.186:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:57329 44.197.18.148:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:40800 87.217.131.164:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:54820 68.97.123.64:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:19332 169.99.154.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:54248 67.160.160.143:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:25337 222.49.63.141:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:52700 143.141.195.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:54373 160.214.67.132:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:51312 100.214.63.139:22 SYN_SENT 43610/squid64
tcp 0 21 172.20.1.134:64673 46.63.208.30:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:29803 75.90.52.148:22 SYN_SENT 43178/squid64
tcp 0 21 172.20.1.134:9473 88.150.168.7:22 ESTABLISHED 44258/squid64
tcp 0 0 172.20.1.134:18228 188.12.54.152:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:55657 22.131.63.158:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:49334 109.61.148.109:22 SYN_SENT 43178/squid64
tcp 0 296 172.20.1.134:60369 66.230.213.52:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25079 177.96.74.61:22 SYN_SENT 44042/squid64
tcp 0 0 172.20.1.134:38317 157.14.177.182:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28946 156.59.111.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:59798 116.9.3.179:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:28662 197.213.143.149:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:27550 93.227.15.155:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:47295 67.73.144.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:46309 221.217.70.170:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:61482 84.133.244.44:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:57965 147.103.152.139:22 SYN_SENT 44258/squid64
#发现这个程序发起来1941链接
[root@smsplatform01 ~]# netstat -antp|grep squid64|wc -l
1941
#发现启动6程序
[root@smsplatform01 ~]# ps -ef|grep squid64
root 11360 7701 0 10:00 pts/8 00:00:00 grep squid64
oracle 43178 1 1 08:07 ? 00:01:13 /tmp/squid64
oracle 43394 1 0 08:07 ? 00:00:53 /tmp/squid64
oracle 43610 1 1 08:07 ? 00:01:54 /tmp/squid64
oracle 43826 1 1 08:07 ? 00:01:39 /tmp/squid64
oracle 44042 1 1 08:07 ? 00:01:43 /tmp/squid64
oracle 44258 1 1 08:07 ? 00:01:31 /tmp/squid64
oracle 44474 1 1 08:07 ? 00:01:47 /tmp/squid64
oracle 44690 1 1 08:07 ? 00:01:45 /tmp/squid64
oracle 44906 1 1 08:07 ? 00:01:44 /tmp/squid64
oracle 45122 1 0 08:07 ? 00:01:02 /tmp/squid64/
#结束掉这个6个程序
[root@smsplatform01 ~]# kill 45122
[root@smsplatform01 ~]# kill 44906
[root@smsplatform01 ~]# kill 44690
[root@smsplatform01 ~]# kill 44474
[root@smsplatform01 ~]# kill 44258
[root@smsplatform01 ~]# kill 44042
[root@smsplatform01 ~]# kill 43826
[root@smsplatform01 ~]# kill 43610
[root@smsplatform01 ~]# kill 43394
[root@smsplatform01 ~]# kill 43178
发起程序路径存放在/tmp/squid64
[oracle@smsplatform01 tmp]$ ls
gnome-system-monitor.root.964379377 libldr.so pulse-DggD1giPYz4n virtual-root.AD4yLJ virtual-root.YN7KRT
hsperfdata_smsplatform memcached.pid pulse-fTKg7U9LzL89 virtual-root.Tf4i2a
keyring-J5hfNT orbit-gdm squid64 virtual-root.xIkwex
把squid64删除
[oracle@smsplatform01 tmp]$ rm -rf squid64
------------------------------THE END---------------------------------
SYN攻击原理
SYN攻击属于DOS攻击的一种,它利用TCP协议缺陷,通过发送大量的半连接请求,耗费服务器CPU和内存资源.SYN攻击聊了能影响主机外,还可以危 害路由器,防火墙等网络系统,事实上SYN攻击并不管目标是什么系统,只要这些系统打开TCP服务就可以实施.
我们知道,在网络中两台电脑建立TCP连接 时需要进行三次握手过程,客户端首先向服务器发关TCP SYN数据包,接着服务器会向客户端发关相应的SYN ACK数据包,
最后客户端会以ACK进行响应.从而建立正常的握手过程.在具体的连接细节中,服务器最早接受到SYN包时,在TCP协议栈中会将相应的半 连接记录添加到队列中,之后等待接受下面准备握手的数据包,
如果握手成功,那么这个半连接记录将从队列中删除.或者当服务器未收到客户端的确认包时,会重 发请求包,一直到超时才将此条目从未连接队列删除.但是,
在服务器中的TCP协议栈中存储的半连接记录是有限的,当服务器受到SYN型的DOS攻击后,队 列会很快处于充满状态,客户端在短时间内伪造大量不存在的IP地址,向服务器不断地发送SYN包,
服务器回复确认包,并等待客户的确认,由于源地址是不存 在的,服务器需要不断的重发直至超时,这些伪造的SYN包将长时间占用未连接队列,正常的SYN请求被丢弃,目标系统运行缓慢严重者引起网络堵塞甚至系统 瘫痪,
服务器随后就不再接受新的网络连接,从而造成正常的客户端无法访问服务器的情况发生.
原因:
Linux syn攻击是一种黑客攻击,如何处理和减少这种攻击是系统管理员比较重要的工作,怎么才能出色的完成这项工作,希望通过本文能给你一启发,让你在以后工作中能轻松完成抵御Linux syn攻击的任务。
虚拟主机服务商在运营过程中可能会受到黑客攻击,常见的攻击方式有SYN,DDOS等。通过更换IP,查找被攻击的站点可能避开攻击,但是中断服务的时间比较长。比较彻底的解决方法是添置硬件防火墙。
不过,硬件防火墙价格比较昂贵。可以考虑利用Linux 系统本身提供的防火墙功能来防御。
抵御SYN SYN攻击是利用TCP/IP协议3次握手的原理,发送大量的建立连接的网络包,但不实际建立连接,最终导致被攻击服务器的网络队列被占满,无法被正常用户访问
[root@smsplatform01 ~]# su - oracle
su: /bin/bash: Resource temporarily unavailable #提示资源临时不可用
#用网络监控命令查看有很多22端口链接IP其它国家主要发起端squid64这个程序发起
[root@smsplatform01 ~]# [root@smsplatform01 ~]# netstat -antp|grep squid64
tcp 0 1 172.20.1.134:58209 200.217.145.158:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:20789 33.242.44.139:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:15980 223.227.215.142:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:16990 102.207.43.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:59686 61.215.164.153:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:40245 205.141.32.222:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:29689 122.241.55.233:22 ESTABLISHED 43610/squid64
tcp 0 296 172.20.1.134:37535 54.191.35.1:22 ESTABLISHED 44042/squid64
tcp 0 52 172.20.1.134:52042 79.0.92.57:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:21707 33.26.124.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:57264 214.188.32.139:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:46389 208.187.162.71:22 ESTABLISHED 43826/squid64
tcp 0 0 172.20.1.134:29847 202.56.193.174:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:37320 184.228.7.212:22 SYN_SENT 43394/squid64
tcp 0 296 172.20.1.134:13625 64.128.45.90:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:64599 216.5.205.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:16193 249.85.249.207:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:13796 53.23.42.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:19435 131.189.129.175:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:36747 193.64.23.143:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:34676 190.132.208.232:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:42500 101.140.28.143:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24853 135.179.0.146:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:41595 165.23.184.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:44990 123.185.99.139:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:22224 130.112.2.216:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:10973 190.33.160.114:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:12045 122.53.239.185:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:21348 152.213.87.139:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:19364 216.235.103.81:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:38790 141.149.29.63:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:46745 158.126.14.139:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:32463 59.9.148.78:22 ESTABLISHED 43178/squid64
tcp 0 144 172.20.1.134:23853 62.212.67.15:22 ESTABLISHED 44042/squid64
tcp 0 100 172.20.1.134:56824 159.8.5.23:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25329 62.213.239.160:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:23790 26.119.32.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:47709 24.131.194.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:57355 12.154.46.145:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:13161 93.29.182.142:22 SYN_SENT 44258/squid64
tcp 0 0 172.20.1.134:61727 46.32.11.170:22 ESTABLISHED 43610/squid64
tcp 0 144 172.20.1.134:31645 123.63.233.122:22 ESTABLISHED 43826/squid64
tcp 0 21 172.20.1.134:55400 79.189.146.174:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:52072 184.209.211.141:22 SYN_SENT 43394/squid64
tcp 0 68 172.20.1.134:28481 217.153.226.1:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:49363 165.249.225.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:25959 53.106.146.241:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:29432 56.20.240.144:22 SYN_SENT 44042/squid64
tcp 0 100 172.20.1.134:15148 31.186.3.10:22 ESTABLISHED 44906/squid64
tcp 0 68 172.20.1.134:46411 131.225.69.16:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:54383 154.64.250.146:22 SYN_SENT 43394/squid64
tcp 0 0 172.20.1.134:45631 204.116.2.103:22 ESTABLISHED 44690/squid64
tcp 0 1 172.20.1.134:19355 205.127.56.198:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:43248 47.27.254.184:22 SYN_SENT 43826/squid64
tcp 0 1 172.20.1.134:42572 49.19.129.16:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38291 153.179.80.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:22144 74.76.109.143:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:58670 202.143.48.139:22 SYN_SENT 45122/squid64
tcp 0 84 172.20.1.134:20175 85.28.121.127:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:46255 80.1.163.39:22 ESTABLISHED 43610/squid64
tcp 0 0 172.20.1.134:26598 80.161.36.203:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25358 185.38.118.139:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:25336 168.134.139.138:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:24206 23.20.20.7:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:48502 92.54.74.137:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:39932 213.20.43.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:27193 195.86.21.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:11553 33.168.251.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:38739 31.9.75.22:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:43241 22.11.72.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:55495 112.32.80.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:39681 67.162.84.146:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:61338 212.246.164.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:46043 240.58.96.139:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:49139 223.161.203.111:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:38652 115.183.231.139:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:54673 108.111.127.84:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:12225 62.67.192.19:22 ESTABLISHED 44474/squid64
tcp 0 1 172.20.1.134:26521 211.194.130.160:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:64612 107.48.81.169:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:10240 242.53.50.139:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:44335 135.1.230.222:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:24008 215.77.226.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:26003 200.54.190.151:22 SYN_SENT 43826/squid64
tcp 0 0 172.20.1.134:43079 60.49.69.80:22 ESTABLISHED 44258/squid64
tcp 0 1 172.20.1.134:54381 250.75.231.159:22 SYN_SENT 44042/squid64
tcp 0 68 172.20.1.134:62181 161.77.42.6:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:54711 45.161.11.139:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:39407 206.166.145.139:22 SYN_SENT 44258/squid64
tcp 0 68 172.20.1.134:45399 177.74.142.13:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:60591 251.223.10.143:22 SYN_SENT 43178/squid64
tcp 0 1 172.20.1.134:11944 16.117.225.138:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:21943 193.124.139.193:22 SYN_SENT 44258/squid64
tcp 0 1 172.20.1.134:38289 12.159.3.136:22 SYN_SENT 45122/squid64
tcp 0 0 172.20.1.134:33696 219.115.92.44:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28309 191.11.116.186:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:57329 44.197.18.148:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:40800 87.217.131.164:22 SYN_SENT 44474/squid64
tcp 0 0 172.20.1.134:54820 68.97.123.64:22 ESTABLISHED 43394/squid64
tcp 0 1 172.20.1.134:19332 169.99.154.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:54248 67.160.160.143:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:25337 222.49.63.141:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:52700 143.141.195.139:22 SYN_SENT 43610/squid64
tcp 0 1 172.20.1.134:54373 160.214.67.132:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:51312 100.214.63.139:22 SYN_SENT 43610/squid64
tcp 0 21 172.20.1.134:64673 46.63.208.30:22 ESTABLISHED 43826/squid64
tcp 0 1 172.20.1.134:29803 75.90.52.148:22 SYN_SENT 43178/squid64
tcp 0 21 172.20.1.134:9473 88.150.168.7:22 ESTABLISHED 44258/squid64
tcp 0 0 172.20.1.134:18228 188.12.54.152:22 ESTABLISHED 43610/squid64
tcp 0 1 172.20.1.134:55657 22.131.63.158:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:49334 109.61.148.109:22 SYN_SENT 43178/squid64
tcp 0 296 172.20.1.134:60369 66.230.213.52:22 ESTABLISHED 44906/squid64
tcp 0 1 172.20.1.134:25079 177.96.74.61:22 SYN_SENT 44042/squid64
tcp 0 0 172.20.1.134:38317 157.14.177.182:22 ESTABLISHED 43178/squid64
tcp 0 1 172.20.1.134:28946 156.59.111.139:22 SYN_SENT 43394/squid64
tcp 0 1 172.20.1.134:59798 116.9.3.179:22 SYN_SENT 45122/squid64
tcp 0 1 172.20.1.134:28662 197.213.143.149:22 SYN_SENT 44474/squid64
tcp 0 1 172.20.1.134:27550 93.227.15.155:22 SYN_SENT 44690/squid64
tcp 0 1 172.20.1.134:47295 67.73.144.139:22 SYN_SENT 44906/squid64
tcp 0 1 172.20.1.134:46309 221.217.70.170:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:61482 84.133.244.44:22 SYN_SENT 44042/squid64
tcp 0 1 172.20.1.134:57965 147.103.152.139:22 SYN_SENT 44258/squid64
#发现这个程序发起来1941链接
[root@smsplatform01 ~]# netstat -antp|grep squid64|wc -l
1941
#发现启动6程序
[root@smsplatform01 ~]# ps -ef|grep squid64
root 11360 7701 0 10:00 pts/8 00:00:00 grep squid64
oracle 43178 1 1 08:07 ? 00:01:13 /tmp/squid64
oracle 43394 1 0 08:07 ? 00:00:53 /tmp/squid64
oracle 43610 1 1 08:07 ? 00:01:54 /tmp/squid64
oracle 43826 1 1 08:07 ? 00:01:39 /tmp/squid64
oracle 44042 1 1 08:07 ? 00:01:43 /tmp/squid64
oracle 44258 1 1 08:07 ? 00:01:31 /tmp/squid64
oracle 44474 1 1 08:07 ? 00:01:47 /tmp/squid64
oracle 44690 1 1 08:07 ? 00:01:45 /tmp/squid64
oracle 44906 1 1 08:07 ? 00:01:44 /tmp/squid64
oracle 45122 1 0 08:07 ? 00:01:02 /tmp/squid64/
#结束掉这个6个程序
[root@smsplatform01 ~]# kill 45122
[root@smsplatform01 ~]# kill 44906
[root@smsplatform01 ~]# kill 44690
[root@smsplatform01 ~]# kill 44474
[root@smsplatform01 ~]# kill 44258
[root@smsplatform01 ~]# kill 44042
[root@smsplatform01 ~]# kill 43826
[root@smsplatform01 ~]# kill 43610
[root@smsplatform01 ~]# kill 43394
[root@smsplatform01 ~]# kill 43178
发起程序路径存放在/tmp/squid64
[oracle@smsplatform01 tmp]$ ls
gnome-system-monitor.root.964379377 libldr.so pulse-DggD1giPYz4n virtual-root.AD4yLJ virtual-root.YN7KRT
hsperfdata_smsplatform memcached.pid pulse-fTKg7U9LzL89 virtual-root.Tf4i2a
keyring-J5hfNT orbit-gdm squid64 virtual-root.xIkwex
把squid64删除
[oracle@smsplatform01 tmp]$ rm -rf squid64
------------------------------THE END---------------------------------
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29065182/viewspace-1756485/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/29065182/viewspace-1756485/