在 netstat 上,我看到我的端口 22 与 122.225.97.99 连接。这是否意味着有人正在访问 ssh .. 或者这只是与 ubuntu 有关的东西
user@ubuntu:~$ netstat -ntu
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 100.72.4.xxx:22 122.225.97.99:14202 ESTABLISHED
tcp 0 0 100.72.4.xxx:22 122.225.97.99:3781 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:8581 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:5110 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:49039 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:53793 TIME_WAIT
tcp 0 432 100.72.4.xxx:22 202.88.235.123:54092 ESTABLISHED
tcp 0 0 100.72.4.xxx:22 202.88.235.123:54090 ESTABLISHED
tcp 0 0 100.72.4.xxx:22 122.225.97.99:56696 TIME_WAIT
tcp 0 0 100.72.4.xxx:59777 100.72.4.2:80 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:55110 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:10338 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 202.88.235.123:53856 ESTABLISHED
tcp 0 0 100.72.4.xxx:22 122.225.97.99:2304 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:16170 ESTABLISHED
tcp 0 0 100.72.4.xxx:22 122.225.97.99:14990 ESTABLISHED
tcp 0 0 100.72.4.xxx:22 122.225.97.99:9504 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:47099 TIME_WAIT
tcp 0 0 100.72.4.xxx:22 122.225.97.99:47966 TIME_WAIT
tcp 0 0 100.72.4.xxx:59779 100.72.4.2:80 TIME_WAIT
General information and location of 122.225.97.99
IPv4 address:122.225.97.99
Reverse DNS:122.225.97.99
RIR:APNIC
Country:China
RBL Status:Listed in CBL
Thread:No threats detected
答案1
这意味着有人反复连接 ssh。查看您的系统日志(可能是 /var/log/auth.log)。如果 ssh 向互联网开放,这种情况很常见。确保您设置了良好的密码,并且不允许 root 登录。您可以使用 fail2ban 和大量其他工具自动阻止它们。您还可以使用 iptables 来限制对您预期 ssh 源自的网络的访问。