-
May23
-
今天,一个平时没多少访问量的站点数据库连接池在几分钟内爆满,导致不能正常访问
# netstat
tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:3024 TIME_WAIT
tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:3034 TIME_WAIT
tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:4342 TIME_WAIT
tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:1524 TIME_WAIT
……
netstat发现大量类似的连接信息,特征是:
1、都来自123.114.11.31
2、都处于TIME_WAIT状态
3、每个端口都不同,在1000-5000间浮动用netstat -p查看连接的pid,再用ps -aux,看到pid对应是resin的进程
怀疑遭到攻击
用iptables封掉该ip
# /sbin/iptables -A INPUT -s 123.114.17.31 -j REJECT再用netstat查看
tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:1626 LAST_ACK -tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:1115 LAST_ACK - tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:2139 LAST_ACK -tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:2118 LAST_ACK - tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:1606 LAST_ACK - tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:4934 LAST_ACK - tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:1092 LAST_ACK - tcp 1 11209 HOST.localdomai:http ::ffff:123.114.17.31:1356 LAST_ACK -
所有的TIME_WAIT变成了LAST_ACK,同时数据库连接池也恢复正常,网站恢复访问。
Related posts:
Categories
Recent
Comments
- 哈哈,早说你碰到这个问题了我告诉你嘛
- 把用户帐号启用...
- on 查询一天归档文件的大小很详细的代码,多谢共享!
- 很好的工具,多谢!
- 我的问题是:Error: Access Denied, user account disabled....
Archives
- August 2010
- July 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- July 2009
- June 2009
- May 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
Leave a comment | Trackback 这篇文章还没有评论.