在我的一台服务器上,当我输入 netstat -n 时,我得到了一个巨大的输出,大约有 400 个 httpd 条目。服务器的带宽不高,所以我搞不清楚是什么原因造成的。我怀疑是一次攻击,但不确定。
偶尔,Web 服务器会停止响应。发生这种情况时,所有其他服务(如 ping、ftp)均正常运行。系统负载也正常。
我认为唯一不正常的是“netstat -n”输出。
你们能看看我能做些什么吗?我已经安装了 APF,但不确定应该制定哪些规则来缓解这个问题。
顺便说一句,我正在运行带有 Apache 2 的 CentOS 5 Linux。
root@linux [/backup/stuff/apf-9.7-1]# netstat -n|grep :80
tcp 0 0 120.136.23.56:80 220.181.94.220:48397 TIME_WAIT
tcp 0 0 120.136.23.56:80 218.86.49.153:1734 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:48316 TIME_WAIT
tcp 0 0 120.136.23.56:80 208.80.193.33:54407 TIME_WAIT
tcp 0 0 120.136.23.56:80 65.49.2.180:46768 TIME_WAIT
tcp 0 0 120.136.23.56:80 120.0.70.180:9414 FIN_WAIT2
tcp 0 0 120.136.23.56:80 221.130.177.101:43386 TIME_WAIT
tcp 0 0 120.136.23.92:80 220.181.7.112:51601 TIME_WAIT
tcp 0 0 120.136.23.94:80 220.181.94.215:53097 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.188.236:53203 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:62297 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:64345 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.115.105:36600 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1743 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:35107 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:61801 TIME_WAIT
tcp 0 0 120.136.23.56:80 66.249.69.155:57641 TIME_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:17204 CLOSING
tcp 0 0 120.136.23.93:80 119.235.237.85:45355 TIME_WAIT
tcp 0 0 120.136.23.56:80 217.212.224.182:45195 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.189.10.170:1556 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.102:35701 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1745 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1749 TIME_WAIT
tcp 0 0 120.136.23.56:80 118.77.25.129:1748 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.195.76.250:26635 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.239:58417 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.218.116.164:53370 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.236:56168 TIME_WAIT
tcp 0 0 120.136.23.93:80 120.136.23.93:36947 TIME_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:16991 CLOSING
tcp 0 305 120.136.23.56:80 59.58.149.147:1881 ESTABLISHED
tcp 0 0 120.136.23.56:80 61.186.48.148:1405 ESTABLISHED
tcp 0 0 120.136.23.56:80 123.125.66.46:26703 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4814 TIME_WAIT
tcp 0 0 120.136.23.56:80 218.86.49.153:1698 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4813 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4810 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.236:60508 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4811 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:43991 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:52182 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4806 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:56024 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4805 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.89.251.167:2133 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:48340 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:63543 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:39544 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:48066 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4822 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.113.253:55817 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.141.124.130:11316 FIN_WAIT2
tcp 0 0 120.136.23.56:80 222.84.58.254:4820 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4816 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.140:40743 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.125.71:60979 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29255 LAST_ACK
tcp 0 0 120.136.23.56:80 117.36.231.149:4078 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29251 LAST_ACK
tcp 0 0 120.136.23.56:80 117.36.231.149:4079 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29260 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.236:51379 TIME_WAIT
tcp 0 0 120.136.23.56:80 114.237.16.26:1363 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29263 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.220:63106 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.101:45795 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.224.115.203:46315 ESTABLISHED
tcp 0 0 120.136.23.56:80 66.249.69.5:35081 ESTABLISHED
tcp 0 0 120.136.23.56:80 203.209.252.26:51590 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29268 LAST_ACK
tcp 0 0 120.136.23.80:80 216.7.175.100:54555 TIME_WAIT
tcp 0 0 120.136.23.92:80 220.181.7.38:47180 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:64467 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29265 LAST_ACK
tcp 0 0 120.136.23.92:80 220.181.7.110:46593 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29276 LAST_ACK
tcp 0 0 120.136.23.56:80 117.36.231.149:4080 TIME_WAIT
tcp 0 0 120.136.23.56:80 117.36.231.149:4081 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:50215 TIME_WAIT
tcp 0 101505 120.136.23.56:80 111.166.41.15:1315 ESTABLISHED
tcp 0 2332 120.136.23.56:80 221.180.12.66:29274 LAST_ACK
tcp 0 0 120.136.23.56:80 222.84.58.254:4878 TIME_WAIT
tcp 0 1 120.136.23.93:80 58.33.226.66:4715 FIN_WAIT1
tcp 0 0 120.136.23.56:80 222.84.58.254:4877 TIME_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:17062 CLOSING
tcp 0 2332 120.136.23.56:80 221.180.12.66:29280 LAST_ACK
tcp 0 0 120.136.23.56:80 222.84.58.254:4874 TIME_WAIT
tcp 0 0 120.136.23.93:80 124.115.0.28:59777 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4872 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4870 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:50449 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.84.58.254:4868 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.107:37579 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.114.238:34255 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.105:35530 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:43960 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.229:41667 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.220:52669 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.239:56779 TIME_WAIT
tcp 1 16560 120.136.23.56:80 210.13.118.102:43675 CLOSE_WAIT
tcp 0 1009 120.136.23.56:80 114.249.218.24:17084 CLOSING
tcp 0 0 120.136.23.56:80 221.130.177.105:33501 TIME_WAIT
tcp 0 0 120.136.23.93:80 123.116.230.132:9703 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:49414 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.168.66.48:3360 ESTABLISHED
tcp 0 0 120.136.23.56:80 220.168.66.48:3361 FIN_WAIT2
tcp 0 0 120.136.23.56:80 220.168.66.48:3362 ESTABLISHED
tcp 0 0 120.136.23.80:80 66.249.68.183:39813 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:51569 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.129.119.11:58377 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.111.229:41914 TIME_WAIT
tcp 0 0 120.136.23.56:80 60.213.146.54:33921 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:50287 TIME_WAIT
tcp 0 0 120.136.23.56:80 61.150.84.6:2094 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.218.116.166:33262 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.101:38064 TIME_WAIT
tcp 0 0 120.136.23.56:80 110.75.167.223:39895 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.99:48991 TIME_WAIT
tcp 1 16560 120.136.23.56:80 210.13.118.102:61893 CLOSE_WAIT
tcp 0 0 120.136.23.93:80 61.152.250.144:42832 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.174:37484 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:63403 TIME_WAIT
tcp 0 0 120.136.23.56:80 119.119.247.249:62121 TIME_WAIT
tcp 0 0 120.136.23.56:80 66.249.69.155:62189 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.80:60303 TIME_WAIT
tcp 0 363 120.136.23.56:80 123.89.153.157:39067 ESTABLISHED
tcp 0 0 127.0.0.1:80 127.0.0.1:49406 TIME_WAIT
tcp 0 0 120.136.23.92:80 66.249.65.226:61423 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.136.173.33:19652 TIME_WAIT
tcp 0 2332 120.136.23.56:80 221.180.12.66:29243 LAST_ACK
tcp 0 0 120.136.23.56:80 122.136.173.33:19653 FIN_WAIT2
tcp 0 0 120.136.23.56:80 122.86.41.132:5061 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.179.90:51318 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5060 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:54333 TIME_WAIT
tcp 0 1 120.136.23.56:80 122.86.41.132:5062 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.229:42547 ESTABLISHED
tcp 0 0 120.136.23.56:80 123.125.66.135:39557 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5057 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.127.20.37:17012 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.127.20.37:17013 ESTABLISHED
tcp 0 0 120.136.23.93:80 222.190.105.186:4641 FIN_WAIT2
tcp 0 0 120.136.23.56:80 122.86.41.132:5059 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.127.20.37:17014 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64078 ESTABLISHED
tcp 0 0 120.136.23.56:80 122.86.41.132:5058 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.127.20.37:17015 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64079 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.127.20.37:17016 ESTABLISHED
tcp 0 0 120.136.23.56:80 67.195.113.224:53092 TIME_WAIT
tcp 0 1 120.136.23.56:80 122.86.41.132:5065 LAST_ACK
tcp 0 0 120.136.23.56:80 122.86.41.132:5064 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5067 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5066 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:58200 TIME_WAIT
tcp 0 27544 120.136.23.56:80 124.160.125.8:8189 LAST_ACK
tcp 0 0 120.136.23.56:80 123.125.66.27:30477 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.102:60019 TIME_WAIT
tcp 0 0 120.136.23.56:80 60.169.49.238:64080 FIN_WAIT2
tcp 0 0 120.136.23.56:80 220.181.94.229:37673 TIME_WAIT
tcp 0 26136 120.136.23.56:80 60.169.49.238:64081 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.127.20.37:17002 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64082 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64083 ESTABLISHED
tcp 0 0 120.136.23.56:80 60.169.49.238:64084 FIN_WAIT2
tcp 0 0 120.136.23.56:80 60.169.49.238:64085 FIN_WAIT2
tcp 0 0 120.136.23.56:80 219.131.92.53:4084 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4085 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4086 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:42269 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56911 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56910 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4081 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:34606 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4082 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:25451 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4083 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.100:55875 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.100:51522 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49650 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4088 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4089 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18753 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18752 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18755 TIME_WAIT
tcp 0 0 120.136.23.56:80 66.249.69.2:43954 ESTABLISHED
tcp 0 0 120.136.23.56:80 124.224.63.144:18754 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.231:48903 TIME_WAIT
tcp 0 0 120.136.23.56:80 121.0.29.194:61655 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56915 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56914 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:16247 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56913 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:59909 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:48389 TIME_WAIT
tcp 0 0 120.136.23.56:80 125.238.149.46:56912 TIME_WAIT
tcp 0 0 120.136.23.93:80 222.190.105.186:4635 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.106:44326 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1812 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1810 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.104:36898 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:39033 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.231:58229 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1822 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1820 TIME_WAIT
tcp 0 0 120.136.23.56:80 121.206.183.172:2214 FIN_WAIT2
tcp 0 0 120.136.23.56:80 220.181.94.221:54341 TIME_WAIT
tcp 0 0 120.136.23.56:80 222.170.217.26:1818 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18751 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18750 TIME_WAIT
tcp 0 0 120.136.23.56:80 61.177.143.210:4226 TIME_WAIT
tcp 0 0 120.136.23.56:80 116.9.9.250:55700 TIME_WAIT
tcp 0 39599 120.136.23.93:80 125.107.166.221:3083 ESTABLISHED
tcp 0 0 120.136.23.56:80 120.86.215.180:62554 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.100:48442 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34199 TIME_WAIT
tcp 0 69227 120.136.23.93:80 125.107.166.221:3084 ESTABLISHED
tcp 0 0 120.136.23.56:80 220.181.94.231:53605 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34196 TIME_WAIT
tcp 0 0 120.136.23.56:80 120.86.215.180:62556 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34203 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.104:40252 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34202 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18731 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34201 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34200 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49538 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.57:49229 TIME_WAIT
tcp 0 0 120.136.23.56:80 124.224.63.144:18734 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.150.182.221:34204 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:2517 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.229:59728 TIME_WAIT
tcp 0 0 120.136.23.56:80 116.20.61.208:50598 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5031 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5030 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.191.255.196:46290 FIN_WAIT2
tcp 0 0 120.136.23.56:80 122.86.41.132:5037 TIME_WAIT
tcp 0 1 120.136.23.56:80 122.86.41.132:5036 LAST_ACK
tcp 0 0 120.136.23.80:80 115.56.48.140:38058 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5039 TIME_WAIT
tcp 0 0 120.136.23.80:80 115.56.48.140:38057 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5038 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:45862 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5033 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5032 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5034 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49582 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:38777 TIME_WAIT
tcp 0 0 120.136.23.56:80 123.125.66.15:27007 TIME_WAIT
tcp 0 0 120.136.23.56:80 67.195.37.98:59848 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5040 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:14651 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:58495 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:2765 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5053 TIME_WAIT
tcp 0 0 120.136.23.56:80 120.86.215.180:62578 ESTABLISHED
tcp 0 0 120.136.23.56:80 202.160.179.58:36715 TIME_WAIT
tcp 0 0 120.136.23.56:80 122.86.41.132:5048 TIME_WAIT
tcp 0 0 120.136.23.93:80 61.153.27.172:4889 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:1995 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.9.9.224:49501 TIME_WAIT
tcp 0 12270 120.136.23.56:80 119.12.4.49:49551 ESTABLISHED
tcp 0 6988 120.136.23.56:80 119.12.4.49:49550 ESTABLISHED
tcp 0 0 120.136.23.56:80 66.249.67.106:60516 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.179.76:56301 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.178.41:32907 TIME_WAIT
tcp 0 0 120.136.23.93:80 61.153.27.172:24811 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.155:35617 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.229:50081 TIME_WAIT
tcp 0 3650 120.136.23.56:80 119.12.4.49:49555 ESTABLISHED
tcp 0 0 120.136.23.56:80 116.9.9.250:55632 TIME_WAIT
tcp 0 4590 120.136.23.56:80 119.12.4.49:49554 ESTABLISHED
tcp 0 823 120.136.23.56:80 119.12.4.49:49553 ESTABLISHED
tcp 0 778 120.136.23.56:80 119.12.4.49:49552 ESTABLISHED
tcp 0 31944 120.136.23.93:80 222.67.49.170:52229 ESTABLISHED
tcp 0 0 120.136.23.93:80 219.219.127.2:44661 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.102:38602 TIME_WAIT
tcp 0 0 120.136.23.56:80 61.177.143.210:4208 TIME_WAIT
tcp 0 0 120.136.23.56:80 117.23.111.2:3297 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:2079 TIME_WAIT
tcp 0 0 120.136.23.92:80 220.181.7.49:44133 TIME_WAIT
tcp 0 0 120.136.23.80:80 125.46.48.20:38627 TIME_WAIT
tcp 0 660 120.136.23.56:80 113.16.37.24:62908 LAST_ACK
tcp 0 0 120.136.23.56:80 220.181.94.231:62850 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.235:33423 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.129.119.40:53331 TIME_WAIT
tcp 0 0 120.136.23.56:80 116.248.65.32:2580 ESTABLISHED
tcp 0 0 120.136.23.56:80 61.177.143.210:4199 TIME_WAIT
tcp 0 0 120.136.23.93:80 125.107.166.221:3052 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.7.175.100:36933 TIME_WAIT
tcp 0 1 120.136.23.56:80 183.35.149.94:2414 FIN_WAIT1
tcp 0 26963 120.136.23.56:80 124.160.125.8:8274 LAST_ACK
tcp 0 0 120.136.23.93:80 61.153.27.172:16350 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.229:64907 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4116 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.102:32937 TIME_WAIT
tcp 0 0 120.136.23.56:80 218.59.137.178:52731 FIN_WAIT2
tcp 0 0 120.136.23.56:80 123.125.66.53:31474 ESTABLISHED
tcp 0 8950 120.136.23.56:80 221.194.136.245:21574 ESTABLISHED
tcp 0 0 120.136.23.56:80 216.7.175.100:36922 TIME_WAIT
tcp 0 0 120.136.23.56:80 216.7.175.100:36923 TIME_WAIT
tcp 0 0 120.136.23.56:80 221.130.177.106:41386 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.221:62681 TIME_WAIT
tcp 0 0 120.136.23.56:80 111.72.156.95:1639 ESTABLISHED
tcp 0 0 120.136.23.56:80 219.131.92.53:4103 TIME_WAIT
tcp 0 0 120.136.23.56:80 220.181.94.231:44007 TIME_WAIT
tcp 0 0 120.136.23.93:80 61.153.27.172:15026 TIME_WAIT
tcp 0 0 120.136.23.56:80 202.160.180.125:59521 TIME_WAIT
tcp 0 660 120.136.23.56:80 113.16.37.24:62921 FIN_WAIT1
tcp 0 0 120.136.23.56:80 220.181.94.229:54767 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4148 ESTABLISHED
tcp 0 0 120.136.23.93:80 202.104.103.210:2423 TIME_WAIT
tcp 0 0 120.136.23.56:80 219.131.92.53:4149 ESTABLISHED
tcp 0 0 120.136.23.56:80 219.131.
答案1
也许这对你有点帮助:
# for i in $(sort /tmp/ips | uniq); do geoiplookup $i ;done | sort | uniq -c
4 GeoIP Country Edition: AU, Australia
83 GeoIP Country Edition: CN, China
13 GeoIP Country Edition: --, N/A
1 GeoIP Country Edition: NZ, New Zealand
1 GeoIP Country Edition: SE, Sweden
21 GeoIP Country Edition: US, United States
我发现有些是来自“常规”蜘蛛(百度等)。
答案2
可能慢蜂。
答案3
尝试运行如下命令:
netstat -ntu | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
它会粗略地告诉您每个 IP 有多少个连接,这可能使您更容易发现滥用/阻止它们。
答案4
您的 MaxClients 设置是多少?听起来您已经达到了这个设置。当发生这种情况时,Apache 会停止处理请求,现有客户端之一会关闭连接。在这种情况下,其他服务将继续接受请求。
如果您启用了服务器状态页面,您可以近乎实时地查看客户端正在做什么。但是,我建议将服务器状态锁定为特定 IP 地址,或者使用其他形式的身份验证。
至于来自所有这些 IP 地址的流量,当我需要查看流量来自何处时,我通常会使用 Perl 查看访问日志。由于我无法访问您的日志,因此这里有一个快速而简单的 Perl 程序,它获取 netstat 命令的输出,并执行递归 DNS 查找以尝试确定这些 IP 地址来自何处。它期望在名为“junk”的文件中查找 netstat 的内容。
希望这可以帮助。
#!/usr/bin/perl -w
use strict;
our %iph = ();
sub recDNS ( $ ) {
my $arpa = shift;
$arpa =~ s/^\d+\.//;
print "+++++ $arpa +++++\n";
my $retVal = system ( "host", "-a", "$arpa" );
if ( $retVal != 0 ) {
recDNS ( $arpa );
}
}
sub makeArpa ( $ ) {
my $ip = shift;
my @ipParts = split ( /\./, $ip );
my $arpa = "";
while ( $#ipParts > -1 ) {
my $part = pop ( @ipParts );
$arpa .= "$part.";
}
$arpa .= "in-addr.arpa";
recDNS ( $arpa );
}
open ( RD, "junk" );
while ( <RD> ) {
chomp;
my @nparts = split ( /\s+/, $_ );
my $ip = $nparts[4];
# print "$_\n";
$ip =~ s/:\d+$//;
# print "$ip\n";
$iph{$ip} = 0 unless ( defined ( $iph{$ip} ) );
$iph{$ip}++;
}
close ( RD );
foreach my $ip (sort keys %iph) {
print "----- $ip: count->$iph{$ip} -----\n";
my $retVal = system ( "host", "-a", "$ip" );
if ( $retVal != 0 ) {
makeArpa ( $ip );
}
}