Home | 簡體中文 | 繁體中文 | 雜文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 作品與服務 | Email

網絡故障分析

Mr. Neo Chen (陳景峯), netkiller, BG7NYT


中國廣東省深圳市龍華新區民治街道溪山美地
518131
+86 13113668890


版權聲明

轉載請與作者聯繫,轉載時請務必標明文章原始出處和作者信息及本聲明。

文檔出處:
http://netkiller.github.io
http://netkiller.sourceforge.net

微信掃瞄二維碼進入 Netkiller 微信訂閲號

QQ群:128659835 請註明“讀者”

摘要

快速響應


目錄

1. 網絡

網絡排查步驟

1.1. Ping

$ sudo ping -f -c 100 www.example.com
			

1.2. DNS

通過dig/nslookup 檢查域名情況

dig any www.example.com
dig a www.example.com
			

1.3. CDN

curl -I http://www.example.com/ | grep cache

Cache-Control: no-store, no-cache
Pragma: no-cache
			

如果HTTP頭含有no-cache將不會緩存

1.4. Firewall

ciscoasa# sh conn count 
24566 in use, 96715 most used
			
ciscoasa# sh processes memory

--------------------------------------------------------------
Allocs   Allocated       Frees         Freed           Process
          (bytes)                      (bytes)
--------------------------------------------------------------
0        0               0             0               *System Main*
5858     26689794        3234          1197494         Init Thread
0        0               0             0               PTHREAD-562
0        0               0             0               PTHREAD-563
0        0               0             0               PTHREAD-564
49       1818            4             1098            DATAPATH-0-565
0        0               0             0               RADIUS Proxy Event Daemon
0        0               0             0               tcp_thread
31947887 13900097341     31949842      13766093055     Dispatch Unit
4        4208            0             0               RADIUS Proxy Listener
63       1008            63            1512            npshim_thread
0        0               0             0               pci_nt_bridge
0        0               0             0               RADIUS Proxy Time Keeper
81950655 5936345273      81938669      5913942729      snmp
2        152             0             0               CF OIR
7        14163           3             8356            Integrity FW Task
0        0               0             0               lina_int
0        0               0             0               Chunk Manager
0        0               0             0               TLS Proxy Inspector
25       16444           0             0               ci/console
0        0               519           1519316         ssm4ge_cfg_poll_thread
1        5242924         6             16712           PIX Garbage Collector
0        0               0             0               emweb/cifs_timer
65       330668          16            10851           fover_thread
0        0               0             0               IP Address Assign
3        8356            0             0               netfs_mount_handler
8        1424854         0             0               lu_ctl
5716     11040501        9208          12204861        vpnfol_thread_msg
1        640             0             0               Reload Control Thread
0        0               0             0               QoS Support Module
2        32              458           91856           arp_timer
0        0               0             0               update_cpu_usage
12879656 748246700       12879659      748279632       vpnfol_thread_timer
0        0               70            2466            ssh/timer
204      11577           265           13285           aaa
0        0               0             0               Client Update Task
0        0               0             0               arp_forward_thread
0        0               0             0               health_check
44       117004          2             20              vpnfol_thread_sync
30       1713931         5             33004           UserFromCert Thread
0        0               0             0               Checkheaps
0        0               0             0               Lic TMR
0        0               0             0               vpnfol_thread_unsent
0        0               0             0               tcp_fast
276      36356           80            23188           NIC status poll
0        0               0             0               Integrity Fw Timer Thread
0        0               0             0               CMGR Server Process
0        0               0             0               tcp_slow
1        24              0             0               EAPoUDP-sock
0        0               0             0               CMGR Timer Process
4        1472            0             0               Quack process
0        0               0             0               udp_timer
0        0               0             0               EAPoUDP
0        0               0             0               Session Manager
0        0               0             0               CTCP Timer process
0        0               2             336             fover_rx
0        0               0             0               vPif_stats_cleaner
0        0               0             0               L2TP data daemon
0        0               0             0               fover_tx
3        2591535         0             0               uauth
0        0               0             0               L2TP mgmt daemon
0        0               0             0               fover_tx_2
0        0               0             0               Uauth_Proxy
0        0               0             0               ppp_timer_thread
159      47085           20            223             fover_ip
0        0               0             0               dbgtrace
0        0               0             0               vpnlb_timer_thread
262      1240512         251           1239700         fover_rep
2        641084          0             0               IPsec message handler
7384     3572119         4560          2771973         fover_parse
107498   4529120         96214         4340128         ssh
0        0               0             0               SSL
18104    1285263         15172         1033048         CTM message handler
0        0               0             0               fover_ifc_test
0        0               0             0               SMTP
0        0               0             0               NAT security-level reconfiguration
2        268             0             0               fover_health_monitoring_thread
0        0               0             0               netfs_vnode_reclaim
0        0               3             8356            557mcfix
1        36              1             36              Logger
0        0               0             0               ICMP event handler
0        0               0             0               ha_trans_ctl_tx
0        0               0             0               557statspoll
0        0               0             0                Syslog Retry Thread 
0        0               0             0               Dynamic Filter VC Housekeeper
0        0               0             0               ha_trans_data_tx
0        0               0             0               Thread Logger
0        0               8             1088            IP Background
295      129951          166           46926           fover_FSM_thread
27       75204           10            160             listen/telnet
2496     616744          4497          1226008         tmatch compile thread
3711     1675346         3             676             lu_rx
162      451224          56            896             listen/ssh
0        0               0             0               Crypto PKI RECV
0        0               0             0               lu_dynamic_sync
0        0               0             0               Crypto CA
1953     184753          2129          124421          SNMP Notify Thread
0        0               0             0               CERT API
283      6824377         120           4312334         rtcli async executor process
0        0               0             0               uauth_urlb clean
0        0               0             0               IP Thread
0        0               0             0               pm_timer_thread
51       5692            2             336             ARP Thread
3        8356            0             0               vpnlb_thread
0        0               0             0               IKE Timekeeper
2        2560            0             0               icmp_thread
2        5664            0             0               block_diag
30       908491          0             0               netfs_thread_init
21       42270           0             0               IKE Daemon
0        0               0             0               udp_thread			
			
ciscoasa# sh processes cpu-usage 
PC         Thread       5Sec     1Min     5Min   Process
0805520c   1c5afdf8     0.0%     0.0%     0.0%   block_diag
081a86c4   1c5afa08    26.6%    21.5%    35.4%   Dispatch Unit
083b6b35   1c5af618     0.0%     0.0%     0.0%   CF OIR
08a5ef60   1c5af420     0.0%     0.0%     0.0%   lina_int
08bfd46c   1c5af228     0.9%     0.9%     0.8%   ssm4ge_cfg_poll_thread
08069f06   1c5aee38     0.0%     0.0%     0.0%   Reload Control Thread
08072196   1c5aec40     0.0%     0.0%     0.0%   aaa
08c73c5d   1c5aea48     0.0%     0.0%     0.0%   UserFromCert Thread
080a6f36   1c5ae658     0.0%     0.0%     0.0%   CMGR Server Process
080a7445   1c5ae460     0.0%     0.0%     0.0%   CMGR Timer Process
081a7aec   1c5ada88     0.0%     0.0%     0.0%   dbgtrace
0844d35c   1c5ad2a8     0.0%     0.0%     0.0%   557mcfix
0844d17e   1c5ad0b0     0.0%     0.0%     0.0%   557statspoll
08c73c5d   1c5abef8     0.0%     0.0%     0.0%   netfs_thread_init
09311e85   1c5ab520     0.0%     0.0%     0.0%   Chunk Manager
088e2cbe   1c5ab328     0.0%     0.0%     0.0%   PIX Garbage Collector
088d6084   1c5ab130     0.0%     0.0%     0.0%   IP Address Assign
08ab0196   1c5aaf38     0.0%     0.0%     0.0%   QoS Support Module
0895273f   1c5aad40     0.0%     0.0%     0.0%   Client Update Task
09361e8a   1c5aab48     0.0%     0.0%     0.0%   Checkheaps
08ab46c5   1c5aa560     0.0%     0.0%     0.0%   Quack process
08b0c232   1c5aa368     0.0%     0.0%     0.0%   Session Manager
08c1f4b5   1c5a9f78     0.0%     0.0%     0.0%   uauth
08bbdaf5   1c5a9d80     0.0%     0.0%     0.0%   Uauth_Proxy
08bf419e   1c5a9798     0.0%     0.0%     0.0%   SSL
08c1d446   1c5a95a0     0.0%     0.0%     0.0%   SMTP
08c15df6   1c5a93a8     0.0%     0.0%     0.0%   Logger
08c166a8   1c5a91b0     0.0%     0.0%     0.0%    Syslog Retry Thread 
08c1066e   1c5a8fb8     0.0%     0.0%     0.0%   Thread Logger
08e448a2   1c5a81f0     0.0%     0.0%     0.0%   vpnlb_thread
08f0bb35   1c5a7a10     0.0%     0.0%     0.0%   pci_nt_bridge
08279c1d   1c5a7620     0.0%     0.0%     0.0%   TLS Proxy Inspector
08b25ed3   1c5a7428     0.0%     0.0%     0.0%   emweb/cifs_timer
0869fa57   1c5a7230     0.0%     0.0%     0.0%   netfs_mount_handler
08535028   1c5a7038     0.0%     0.0%     0.0%   arp_timer
0853cdac   1c5a6e40     0.0%     0.0%     0.0%   arp_forward_thread
085acbc5   1c5a6c48     0.0%     0.0%     0.0%   Lic TMR
08c22491   1c5a6a50     0.0%     0.0%     0.0%   tcp_fast
08c255f0   1c5a6858     0.0%     0.0%     0.0%   tcp_slow
08c50bc9   1c5a6660     0.0%     0.0%     0.0%   udp_timer
080fd9f8   1c5a6468     0.0%     0.0%     0.0%   CTCP Timer process
08df3493   1c5a6270     0.0%     0.0%     0.0%   L2TP data daemon
08df4263   1c5a6078     0.0%     0.0%     0.0%   L2TP mgmt daemon
08de05f8   1c5a5e80     0.0%     0.0%     0.0%   ppp_timer_thread
08e44d77   1c5a5c88     0.0%     0.0%     0.0%   vpnlb_timer_thread
08114d7f   1c5a5a90     0.0%     0.0%     0.0%   IPsec message handler
0812904c   1c5a5898     0.0%     0.0%     0.0%   CTM message handler
089b1589   1c5a56a0     0.0%     0.0%     0.0%   NAT security-level reconfiguration
08ae0068   1c5a54a8     0.0%     0.0%     0.0%   ICMP event handler
08dafa74   1c5a52b0     0.0%     0.0%     0.0%   Dynamic Filter VC Housekeeper
08837353   1c5a50b8     0.0%     0.0%     0.0%   IP Background
08190627   1c5a4ec0     0.0%     0.0%     0.0%   tmatch compile thread
089e0f75   1c5a4cc8     0.0%     0.0%     0.0%   Crypto PKI RECV
089e44aa   1c5a4ad0     0.0%     0.0%     0.0%   Crypto CA
08a1b8e3   1c5a48d8     0.0%     0.0%     0.0%   CERT API
088f4e48   1c5a46e0     0.0%     0.0%     0.0%   uauth_urlb clean
088dc0bf   1c5a44e8     0.0%     0.0%     0.0%   pm_timer_thread
084c3609   1c5a42f0     0.0%     0.0%     0.0%   IKE Timekeeper
084b6fa1   1c5a40f8     0.0%     0.0%     0.0%   IKE Daemon
08bd096a   1c5a3f00     0.0%     0.0%     0.0%   RADIUS Proxy Event Daemon
08b9f28b   1c5a3d08     0.0%     0.0%     0.0%   RADIUS Proxy Listener
08bcf567   1c5a3b10     0.0%     0.0%     0.0%   RADIUS Proxy Time Keeper
08523ff5   1c5a3918     0.0%     0.0%     0.0%   Integrity FW Task
081c065b   1c5a3720     0.0%     0.0%     0.0%   ci/console
083f1e25   1c5a3528     0.0%     0.0%     0.0%   fover_thread
08dc8595   1c5a3330     0.0%     0.0%     0.0%   lu_ctl
0891511c   1c5a3138     0.0%     0.0%     0.0%   update_cpu_usage
0890e89c   1c5a2f40     0.0%     0.0%     0.0%   health_check
0891047a   1c5a2b50     0.0%     0.0%     0.0%   NIC status poll
083df75c   1c5a2568     0.0%     0.0%     0.0%   fover_rx
083da51d   1c5a2370     0.0%     0.0%     0.0%   fover_tx
083da51d   1c5a2178     0.0%     0.0%     0.0%   fover_tx_2
083ea450   1c5a1f80     0.0%     0.0%     0.0%   fover_ip
083f29a1   1c5a1d88     0.0%     0.0%     0.0%   fover_rep
083e9ab1   1c5a1b90     0.0%     0.0%     0.0%   fover_parse
083c954e   1c5a1998     0.0%     0.0%     0.0%   fover_ifc_test
083ccbfc   1c5a17a0     0.0%     0.0%     0.0%   fover_health_monitoring_thread
08405637   1c5a15a8     0.0%     0.0%     0.0%   ha_trans_ctl_tx
08405637   1c5a13b0     0.0%     0.0%     0.0%   ha_trans_data_tx
083fcef7   1c5a11b8     0.0%     0.0%     0.0%   fover_FSM_thread
08dc7c23   1c5a0fc0     0.0%     0.0%     0.0%   lu_rx
08dc7aec   1c5a0dc8     0.0%     0.0%     0.0%   lu_dynamic_sync
08b5865b   1c5a0bd0     0.0%     0.0%     0.0%   SNMP Notify Thread
08c73c5d   1c5a09d8     0.0%     0.0%     0.0%   rtcli async executor process
0852cfa6   1c5a07e0     0.0%     0.0%     0.0%   IP Thread
085345ae   1c5a05e8     0.0%     0.0%     0.0%   ARP Thread
08452e20   1c5a03f0     0.0%     0.0%     0.0%   icmp_thread
08c51b46   1c5a01f8     0.0%     0.0%     0.0%   udp_thread
08c275cc   1c5a0000     0.0%     0.0%     0.0%   tcp_thread
08c314e3   1c59fe08     0.0%     0.0%     0.0%   npshim_thread
08c50c78   1c59fc10     0.0%     0.0%     0.0%   snmp
08e2446d   1c59f430     0.0%     0.0%     0.0%   vpnfol_thread_msg
08e2adc2   1c59f238     0.0%     0.0%     0.0%   vpnfol_thread_timer
08e28fe2   1c59f040     0.0%     0.0%     0.0%   vpnfol_thread_sync
08e2a8cc   1c59ee48     0.0%     0.0%     0.0%   vpnfol_thread_unsent
08520388   1c59ec50     0.0%     0.0%     0.0%   Integrity Fw Timer Thread
08b9f28b   1c59ea58     0.0%     0.0%     0.0%   EAPoUDP-sock
081e7585   1c59e860     0.0%     0.0%     0.0%   EAPoUDP
0869fb3c   1c59d8a0     0.0%     0.0%     0.0%   netfs_vnode_reclaim
08c32604   1c5993b8     0.0%     0.0%     0.0%   listen/telnet
08c32604   1c5991c0     0.0%     0.0%     0.0%   listen/ssh
08be4fcb   1c593538     0.0%     0.0%     0.0%   ssh/timer
0894478f   1c58ea68     0.0%     0.0%     0.0%   vPif_stats_cleaner
08bde96c   1c58e090     0.1%     0.1%     0.0%   ssh

			

1.5. Switch

#sh processes cpu          
Core 0: CPU utilization for five seconds: 45%; one minute: 48%; five minutes: 48%
Core 1: CPU utilization for five seconds: 65%; one minute: 67%; five minutes: 65%
PID     Runtime(ms) Invoked   uSecs  5Sec 1Min 5Min TTY   Process
1       913         819       111558 0.00 0.00 0.00 0     init               
2       0           79        10683  0.00 0.00 0.00 0     kthreadd           
3       539         89135     6050   0.00 0.00 0.00 0     migration/0        
4       61          7014      8702   0.00 0.00 0.00 0     ksoftirqd/0        
5       427         69673     6138   0.00 0.00 0.00 0     migration/1        
6       270         25742     10514  0.00 0.00 0.00 0     ksoftirqd/1        
7       83620       4003799   503    0.00 0.00 0.00 0     events/0           
8       92461       4041828   560    0.00 0.00 0.00 0     events/1           
9       5           638       9235   0.00 0.00 0.00 0     khelper            
61      17938       4541      167018 0.00 0.00 0.00 0     kblockd/0          
62      13034       3381      44183  0.00 0.00 0.00 0     kblockd/1          
75      0           21        1285   0.00 0.00 0.00 0     khubd              
78      0           23        652    0.00 0.00 0.00 0     kseriod            
83      7           26        271961 0.00 0.00 0.00 0     kmmcd              
120     16          63        264634 0.00 0.00 0.00 0     pdflush            
121     6643        526691    4459   0.00 0.00 0.00 0     pdflush            
122     0           29        206    0.00 0.00 0.00 0     kswapd0            
123     0           31        161    0.00 0.00 0.00 0     aio/0              
124     0           33        121    0.00 0.00 0.00 0     aio/1              
291     0           35        171    0.00 0.00 0.00 0     kpsmoused          
309     0           37        162    0.00 0.00 0.00 0     rpciod/0           
310     0           39        128    0.00 0.00 0.00 0     rpciod/1           
354     70          417       168637 0.00 0.00 0.00 0     udevd              
709     107         3272      32827  0.00 0.00 0.00 0     loop1              
725     0           55        1072   0.00 0.00 0.00 0     loop2              
741     163         3951      41297  0.00 0.00 0.00 0     loop3              
2191    84          623       135617 0.00 0.00 0.00 0     dbus-daemon        
2527    0           418       2040   0.00 0.00 0.00 0     portmap            
			
4507R-A#sh processes mem
System memory  : 2011676K total, 804381K used, 1207295K free, 85476K kernel reserved
Lowest(b)      : 658784256
PID     Text         Data      Stack     Dynamic   RSS       Total     Process
1       252          448       84        412       1616      3616      init               
2       0            0         0         0         0         0         kthreadd           
3       0            0         0         0         0         0         migration/0        
4       0            0         0         0         0         0         ksoftirqd/0        
5       0            0         0         0         0         0         migration/1        
6       0            0         0         0         0         0         ksoftirqd/1        
7       0            0         0         0         0         0         events/0           
8       0            0         0         0         0         0         events/1           
9       0            0         0         0         0         0         khelper            
61      0            0         0         0         0         0         kblockd/0          
62      0            0         0         0         0         0         kblockd/1          
75      0            0         0         0         0         0         khubd              
78      0            0         0         0         0         0         kseriod            
83      0            0         0         0         0         0         kmmcd              
120     0            0         0         0         0         0         pdflush            
121     0            0         0         0         0         0         pdflush            
122     0            0         0         0         0         0         kswapd0            
123     0            0         0         0         0         0         aio/0              
124     0            0         0         0         0         0         aio/1              
291     0            0         0         0         0         0         kpsmoused          
309     0            0         0         0         0         0         rpciod/0           
310     0            0         0         0         0         0         rpciod/1           
354     92           180       84        136       484       2188      udevd              
709     0            0         0         0         0         0         loop1              
725     0            0         0         0         0         0         loop2              
741     0            0         0         0         0         0         loop3              
2191    424          164       84        132       1172      3180      dbus-daemon        
2527    76           160       84        132       532       1788      portmap            
2533    76           160       84        132       532       1788      portmap            
2571    196          320       84        132       748       2964      xinetd             
2575    196          320       84        132       748       2964      xinetd             
4302    96           172       84        132       704       2032      vsi work/0         
4303    88           168       84        132       360       1700      vsi work/1         
4438    72           160       84        132       580       1676      watchdog           
4667    84           160       84        132       484       2436      sleep              
4988    848          272       84        212       1508      3108      app_printf.sh      
5038    148          44512     84        1056      5228      57316     slproc             
5254    848          272       84        212       1508      3108      app_printf.sh      
5343    212          225496    84        1960      10492     255560    ha_mgr             
5349    196          132852    84        708       5868      148024    oscore_p           
5353    848          456       84        396       1740      3292      btrace_rotate.s    
5358    144          149724    84        1216      5520      166472    hwcontrol          
5362    80           124612    84        692       4960      136840    ns_oir_proxy       
5365    80           157472    84        728       6124      172312    sysmgr             
5371    152          132852    84        708       5812      147884    profiled           
5379    308          135128    84        992       9092      154612    os_info_p          
5383    620          691456    84        5128      22816     729672    eicored            
5387    1132         233692    84        4632      30240     309096    ffm                
5397    100          241144    84        1140      8672      261576    plogd              
5474    88           166648    84        704       6220      182276    pdsd               
5515    104          158864    84        1064      7336      178840    iifd               
7968    848          276       84        216       1512      3112      app_printf.sh      
7989    848          276       84        216       1512      3112      app_printf.sh      
7993    848          276       84        216       1512      3112      app_printf.sh      
7996    848          276       84        216       1512      3112      app_printf.sh      
7998    848          276       84        216       1512      3112      app_printf.sh      
8002    848          276       84        216       1512      3112      app_printf.sh      
8005    848          276       84        216       1512      3112      app_printf.sh      
8007    848          276       84        216       1512      3112      app_printf.sh      
8018    848          272       84        212       1508      3108      app_printf.sh      
8021    848          276       84        216       1512      3112      app_printf.sh      
8047    848          276       84        216       1512      3112      app_printf.sh      
8067    848          276       84        216       1512      3112      app_printf.sh      
8079    168          265572    84        1240      8856      290468    installer          
8107    228          177096    84        1820      10780     195264    snmp_subagent      
8171    84           236       84        132       560       1852      inotifywait        
8176    124          132852    84        704       5880      147868    ngdumper_provid    
8202    144          231844    84        8308      18244     252956    cli_agent          
8219    68           233732    84        1172      8192      254488    dtmgr              
8905    848          452       84        392       1732      3288      rollback_timer.    
9131    84           236       84        132       588       1852      inotifywait        
9438    848          276       84        216       1512      3112      app_printf.sh      
9447    848          276       84        216       1512      3112      app_printf.sh      
9449    848          276       84        216       1512      3112      app_printf.sh      
9479    848          276       84        216       1512      3112      app_printf.sh      
9513    848          276       84        216       1512      3112      app_printf.sh      
9612    84           124788    84        868       5348      138596    netd               
10016   1048         298392    84        1208      12920     330740    licensed           
10050   65284        798780    84        244       955940    1013012   iosd               
10078   848          276       84        216       1512      3112      app_printf.sh      
10374   92           116416    84        684       5048      129620    liin_tap           
10544   848          276       84        216       1512      3112      app_printf.sh      
10803   848          276       84        216       1512      3112      app_printf.sh      
10910   848          500       84        440       1828      3336      oom_poll.sh        
10912   160          141252    84        700       7284      227852    cpumemd            
10916   264          257528    84        1268      10492     291216    licenseagentd      
11353   848          276       84        216       1512      3112      app_printf.sh      
11357   848          276       84        216       1512      3112      app_printf.sh      
11411   848          276       84        216       1512      3112      app_printf.sh      
11586   88           168       84        132       500       1700      klogd              
11792   848          276       84        216       1512      3112      app_printf.sh 
			

2. Server

2.1. TCP/IP

查看TCP狀態

			
# netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'
TIME_WAIT 	 352
CLOSE_WAIT 	 2
FIN_WAIT1 	 150
FIN_WAIT2 	 25
ESTABLISHED 	 97
SYN_RECV 	 40
CLOSING 	 2
LAST_ACK 	 24
			
			

連結IP統計

			
# netstat -ant |awk -F: '{print $8}'|sort |sed '/^$/d'|uniq -c |sort -nr|head -10
     89 113.128.130.75
     30 183.0.7.92
     24 203.93.27.94
     19 222.218.106.25
     14 113.205.162.59
     13 183.39.147.50
     13 114.224.155.226
     12 123.126.50.77
     12 113.106.63.1
     11 172.16.1.2
     
# netstat -ant |awk -F: '{print $8}'|sort |sed '/^$/d'|uniq -c |sort -nr|head -10 | awk '{print $2}'
			
			

2.2. IPTABLES


			
			
for ip in $(netstat -ant |awk -F: '{print $8}'|sort |sed '/^$/d'|uniq -c |sort -nr|head -10 | gawk '{print $2}')
do
	echo $ip
	iptables -I INPUT -p tcp --dport 80 -s $ip -j DROP
done
			
			
			
#防止SYN攻擊 輕量級預防 
iptables -N syn-flood 
iptables -A INPUT -p tcp --syn -j syn-flood 
iptables -I syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -j RETURN 
iptables -A syn-flood -j REJECT

#防止DOS太多連接進來,可以允許外網網卡每個IP最多15個初始連接,超過的丟棄 
iptables -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 15 -j DROP 
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

#用Iptables抵禦DDOS (參數與上相同)
iptables -A INPUT  -p tcp --syn -m limit --limit 12/s --limit-burst 24 -j ACCEPT
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT				
			
			
iptables -A OUTPUT -p tcp --dport 2049 -j REJECT
iptables -A OUTPUT -p tcp -m multiport --dports 22,21 -j REJECT
iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "XXDD0S" -j DROP
iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "ChinaCache" -j DROP
iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "Baiduspider" -j DROP
iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "QQDownload" -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 80 --syn -m connlimit --connlimit-above 10 -j DROP
			

2.3. Web

Automatic Updates

http://your.server.name/server-status?refresh=N
			
			
<Location /directory/file.html>
	Order allow,deny
    #Allow from all
    Deny from all
</Location>

			
			

確認 Timeout 時間

grep Timeout /usr/local/apache/conf/extra/httpd-default.conf
			
			
			
#!/bin/bash			
########################################
# Homepage: http://netkiller.github.com
# Author: neo <openunix@163.com>
########################################
BLACK=/tmp/black.lst
PIPE=/tmp/pipe
pidfile=/tmp/firewall.pid
KEYWORD=XXDD0S
########################################
if [ -z $1 ]; then
	echo "$0 clear|fw|collect|process|close"
fi

if [ "$1" == "clear" ]; then
	rm -rf $BLACK
	rm -rf $PIPE
	echo "Clear OK!!!"
fi

if [ "$1" == "close" ]; then
        kill `cat $pidfile`
	echo > $pidfile
fi

if [ ! -f $BLACK ]; then
	touch $BLACK
fi

if [ ! -e $PIPE ]; then
	mkfifo $PIPE
fi

if [ "$1" == 'fw' ]; then
	iptables -A OUTPUT -p tcp --dport 2049 -j REJECT
	iptables -A OUTPUT -p tcp -m multiport --dports 22,21 -j REJECT
fi

if [ "$1" == "collect" ]; then
	killall tail 
	ACCESSLOG=/www/logs/www.example.com/access.$(date +'%Y-%m-%d').log
	for (( ; ; ))
	do
		tail -f $ACCESSLOG | grep $KEYWORD | cut -d ' ' -f1 > $PIPE
	done &
	echo $! > $pidfile
fi

if [ "$1" == "process" ]; then
for (( ; ; ))
do
	while read line 
	do
		grep $line ${BLACK}
		if [ $? -eq 1 ] ; then
			echo $line >> ${BLACK}	
			iptables -I INPUT -p tcp --dport 80 -s $line -j DROP	
		fi
	done < $PIPE
done &
echo $! >> $pidfile
fi

			
			
comments powered by Disqus