|
本帖最后由 shenyz 于 2017-9-11 08:54 编辑
固件用的您的https://www.right.com.cn/forum/thread-252795-1-1.html X64
硬件是J1900四口软路由
每次重启路由,然后ssh路由,用netstat -an
发现adbyby数量超多的连接,从wan口ip连接一个固定的ip,此时,cpu被占用3%,30分钟wan口显示流量已经接受了1.2G
查过219.159.84.227的IP,是先前adbyby的域名绑定过该IP。
只要在web界面点击重启adbyby,连接就会慢慢消失。是不是这样算是造成攻击?
机油们也可以看下是不是有这个情况
tcp 0 0 114.228.241.13:59800 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59760 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59698 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59882 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59762 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59702 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59712 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59770 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59838 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59658 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59646 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59774 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59652 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59706 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59804 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59758 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59668 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59742 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59644 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59750 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59870 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59854 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59768 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59700 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59784 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59716 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59820 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59826 219.159.84.227:80 TIME_WAIT
tcp 0 0 114.228.241.13:59676 219.159.84.227:80 TIME_WAIT
|
|