V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
ProjectSky
V2EX  ›  问与答

请教一个关于网络的问题

  •  
  •   ProjectSky · 2023-04-15 23:10:25 +08:00 · 1064 次点击
    这是一个创建于 586 天前的主题,其中的信息可能已经有所发展或是发生改变。

    手头有台服务器最近一直被攻击,被攻击的时候服务器会直接断网,最奇怪的是局域网内都无法访问,只能拔掉网线再插上才能恢复。 想请教一下这是什么情况,外网无法访问我可以理解,是什么原因造成了局域网也无法访问?

    • dmesg
    [Fri Apr 14 10:29:11 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2415. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:13 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2416. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:16 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2417. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:18 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2418. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:21 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2419. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:23 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2420. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:26 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2421. Dropping request.  Check SNMP counters.
    [Fri Apr 14 10:29:28 2023] TCP: request_sock_TCP: Possible SYN flooding on port 2422. 
    
    • netstat
    Ip:
        Forwarding: 1
        7714599460 total packets received
        0 forwarded
        0 incoming packets discarded
        7714349931 incoming packets delivered
        8749439270 requests sent out
        47366 outgoing packets dropped
        6063 dropped because of missing route
        4922 reassemblies required
        1017 packets reassembled ok
    Icmp:
        532003 ICMP messages received
        11114 input ICMP message failed
        ICMP input histogram:
            destination unreachable: 515032
            timeout in transit: 16821
            echo requests: 138
            echo replies: 12
        265248 ICMP messages sent
        0 ICMP messages failed
        ICMP output histogram:
            destination unreachable: 265068
            echo requests: 42
            echo replies: 138
    IcmpMsg:
            InType0: 12
            InType3: 515032
            InType8: 138
            InType11: 16821
            OutType0: 138
            OutType3: 265068
            OutType8: 42
    Tcp:
        1686409 active connection openings
        1958453 passive connection openings
        74282 failed connection attempts
        210363 connection resets received
        321 connections established
        318181058 segments received
        358256736 segments sent out
        2329101 segments retransmitted
        108 bad segments received
        423496 resets sent
    Udp:
        7390711649 packets received
        1011670 packets to unknown port received
        4116888 packet receive errors
        8447404689 packets sent
        4102479 receive buffer errors
        0 send buffer errors
        InCsumErrors: 14407
        IgnoredMulti: 204368
    UdpLite:
    TcpExt:
        6 invalid SYN cookies received
        1442 resets received for embryonic SYN_RECV sockets
        802 ICMP packets dropped because they were out-of-window
        1484500 TCP sockets finished time wait in fast timer
        6773 time wait sockets recycled by time stamp
        1379 packetes rejected in established connections because of timestamp
        5473870 delayed acks sent
        1978 delayed acks further delayed because of locked socket
        Quick ack mode was activated 312653 times
        592 SYNs to LISTEN sockets dropped
        175469000 packet headers predicted
        25983181 acknowledgments not containing data payload received
        120956447 predicted acknowledgments
        49 times recovered from packet loss due to fast retransmit
        TCPSackRecovery: 70000
        TCPSACKReneging: 3
        Detected reordering 130693 times using SACK
        Detected reordering 118 times using reno fast retransmit
        Detected reordering 140 times using time stamp
        409 congestion windows fully recovered without slow start
        88 congestion windows partially recovered using Hoe heuristic
        TCPDSACKUndo: 3108
        1052 congestion windows recovered without slow start after partial ack
        TCPLostRetransmit: 987758
        13 timeouts after reno fast retransmit
        TCPSackFailures: 426
        2228 timeouts in loss state
        1143021 fast retransmits
        27493 retransmits in slow start
        TCPTimeouts: 1103548
        TCPLossProbes: 81461
        TCPLossProbeRecovery: 3149
        TCPRenoRecoveryFail: 19
        TCPSackRecoveryFail: 4040
        TCPBacklogCoalesce: 479989
        TCPDSACKOldSent: 312029
        TCPDSACKOfoSent: 433
        TCPDSACKRecv: 299965
        TCPDSACKOfoRecv: 40446
        283950 connections reset due to unexpected data
        12739 connections reset due to early user close
        8746 connections aborted due to timeout
        1 times unable to send RST due to no memory
        TCPSACKDiscard: 140077
        TCPDSACKIgnoredOld: 1113
        TCPDSACKIgnoredNoUndo: 43299
        TCPSpuriousRTOs: 203
        TCPSackShifted: 2101142
        TCPSackMerged: 1698981
        TCPSackShiftFallback: 962368
        TCPReqQFullDrop: 592
        TCPRcvCoalesce: 12741549
        TCPOFOQueue: 2138714
        TCPOFOMerge: 401
        TCPChallengeACK: 1166
        TCPSYNChallenge: 115
        TCPFastOpenCookieReqd: 99534
        TCPSpuriousRtxHostQueues: 14684
        TCPAutoCorking: 522777
        TCPFromZeroWindowAdv: 5170
        TCPToZeroWindowAdv: 5171
        TCPWantZeroWindowAdv: 83550
        TCPSynRetrans: 973914
        TCPOrigDataSent: 250418873
        TCPACKSkippedSynRecv: 60
        TCPACKSkippedPAWS: 900
        TCPACKSkippedSeq: 11425
        TCPACKSkippedTimeWait: 220
        TCPACKSkippedChallenge: 1044
        TCPWinProbe: 1341
        TCPKeepAlive: 3440624
        TCPDelivered: 251602231
        TCPAckCompressed: 1026994
        TcpTimeoutRehash: 1075931
        TcpDuplicateDataRehash: 52105
        TCPDSACKRecvSegs: 69626
        TCPDSACKIgnoredDubious: 276551
    IpExt:
        InMcastPkts: 2459135
        OutMcastPkts: 841350
        InBcastPkts: 521993
        OutBcastPkts: 350186
        InOctets: 816678687796
        OutOctets: 2671968340361
        InMcastOctets: 713887838
        OutMcastOctets: 161067690
        InBcastOctets: 49305467
        OutBcastOctets: 33314198
        InNoECTPkts: 7752006802
        InECT1Pkts: 162368
        InECT0Pkts: 4595
        InCEPkts: 1518
    
    4 条回复    2023-04-16 00:07:02 +08:00
    artnowben
        1
    artnowben  
       2023-04-15 23:17:29 +08:00
    是不是把 socket 耗尽了。
    可以用网络性能测试仪 dperf 去测试一下,dperf 可以建立很高的连接,看看能不能复现。
    https://github.com/baidu/dperf
    kwh
        2
    kwh  
       2023-04-15 23:18:07 +08:00
    顺便问问有没有大佬知道,存不存在 浏览器发出的 http 请求服务端和客户端同时断开。
    YaakovZiv
        3
    YaakovZiv  
       2023-04-15 23:21:10 +08:00
    估计和我笔记本电脑类似情况,电脑接交换机,服务器大量流量转发我电脑,我电脑网络跑满,接收大量数据包,突然 CPU 和内存占用异常,电脑死机,只能拔掉网线访问。
    虽然是我这个电脑使用者不在乎的网络数据,但电脑居然都处理,并且消耗很多硬件资源,直接出现了系统卡死。
    ProjectSky
        4
    ProjectSky  
    OP
       2023-04-16 00:07:02 +08:00
    @YaakovZiv 我的情况是本地登陆后系统占用并无异常,就是所有的内部 /外部网络连接都挂了。
    当然不排除被攻击的时候资源占用异常,因为每次都是被攻击后才登陆服务器。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1708 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 16:47 · PVG 00:47 · LAX 08:47 · JFK 11:47
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.