netstat查询网络状态,出现一百多行SYN_RECV状态的连接,重启也是一样,是什么原因?
netstat查询网络状态,出现一百多行SYN_RECV状态的连接,重启也是一样,是什么原因?
如下,这是其中一部分
[root@VM-20-191-centos ~]# netstat -anptu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.104.20.191:80 160.20.58.17:21923 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.203.170.91:57617 SYN_RECV -
tcp 0 0 10.104.20.191:80 45.135.47.218:27281 SYN_RECV -
tcp 0 0 10.104.20.191:80 43.225.157.52:43318 SYN_RECV -
tcp 0 0 10.104.20.191:80 103.100.208.88:65038 SYN_RECV -
tcp 0 0 10.104.20.191:80 103.100.209.111:47093 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.203.254.204:18586 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.86.6.124:27798 SYN_RECV -
tcp 0 0 10.104.20.191:80 109.248.24.240:54339 SYN_RECV -
tcp 0 0 10.104.20.191:80 39.109.122.96:23713 SYN_RECV -
tcp 0 0 10.104.20.191:80 202.43.237.165:8851 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.92.14.126:38008 SYN_RECV -
tcp 0 0 10.104.20.191:80 45.138.81.58:3022 SYN_RECV -
tcp 0 0 10.104.20.191:80 103.210.239.213:16978 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.221.22.233:43713 SYN_RECV -
tcp 0 0 10.104.20.191:80 118.193.54.41:49827 SYN_RECV -
tcp 0 0 10.104.20.191:80 196.63.177.33:34358 SYN_RECV -
tcp 0 0 10.104.20.191:80 196.63.150.68:36688 SYN_RECV -
tcp 0 0 10.104.20.191:80 118.184.92.89:6167 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.211.14.20:19317 SYN_RECV -
tcp 0 0 10.104.20.191:80 193.8.83.186:52358 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.221.18.22:1209 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.203.207.117:45523 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.223.144.173:20679 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.83.14.191:26167 SYN_RECV -
tcp 0 0 10.104.20.191:80 169.129.215.59:13386 SYN_RECV -
tcp 0 0 10.104.20.191:80 103.80.25.150:45368 SYN_RECV -
tcp 0 0 10.104.20.191:80 203.91.82.119:45379 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.203.188.232:30709 SYN_RECV -
tcp 0 0 10.104.20.191:80 156.238.60.61:11370 SYN_RECV -
tcp 0 0 10.104.20.191:80 156.241.143.56:16974 SYN_RECV -
tcp 0 0 10.104.20.191:80 156.240.38.30:38951 SYN_RECV -
tcp 0 0 10.104.20.191:80 156.241.186.167:13598 SYN_RECV -
tcp 0 0 10.104.20.191:80 185.23.200.19:58 SYN_RECV -
tcp 0 0 10.104.20.191:80 103.211.99.236:19915 SYN_RECV -
tcp 0 0 10.104.20.191:80 154.83.13.168:27156 SYN_RECV -
tcp 0 0 10.104.20.191:80 118.184.79.116:29039 SYN_RECV - 另外,查询apache的access_log,发现有很多 CONNECT 方法的请求,明显不是普通用户的访问请求,跟上面 SYN_RECV状态的连接 之间有没关系?
45.137.20.150 - - [15/Jul/2021:09:59:29 +0800] "CONNECT icanhazip.com:443 HTTP/1.1" 405 288
175.184.166.193 - - [15/Jul/2021:10:07:58 +0800] "HEAD http://110.242.68.4/ HTTP/1.1" 200 -
220.200.171.91 - - [15/Jul/2021:10:07:59 +0800] "GET http://www.soso.com/ HTTP/1.1" 200 766
123.245.24.124 - - [15/Jul/2021:10:08:01 +0800] "CONNECT cn.bing.com:443 HTTP/1.1" 405 286
118.81.237.204 - - [15/Jul/2021:10:08:01 +0800] "GET http://www.rfa.org/english/ HTTP/1.1" 404 257
171.36.245.195 - - [15/Jul/2021:10:08:02 +0800] "GET http://www.wujieliulan.com/ HTTP/1.1" 200 766
219.143.174.183 - - [15/Jul/2021:10:08:02 +0800] "GET http://dongtaiwang.com/ HTTP/1.1" 200 766
49.113.97.236 - - [15/Jul/2021:10:08:03 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 405 288
125.72.95.254 - - [15/Jul/2021:10:08:03 +0800] "CONNECT dnspod.qcloud.com:443 HTTP/1.1" 405 292
124.227.31.167 - - [15/Jul/2021:10:08:04 +0800] "GET http://www.minghui.org/ HTTP/1.1" 200 766
221.205.139.8 - - [15/Jul/2021:10:08:05 +0800] "CONNECT dnspod.qcloud.com:443 HTTP/1.1" 405 292
124.227.31.145 - - [15/Jul/2021:10:08:05 +0800] "CONNECT www.voanews.com:443 HTTP/1.1" 405 290
117.14.114.3 - - [15/Jul/2021:10:08:05 +0800] "CONNECT dnspod.qcloud.com:443 HTTP/1.1" 405 292
113.120.15.214 - - [15/Jul/2021:10:08:05 +0800] "CONNECT www.so.com:443 HTTP/1.1" 405 285
113.128.105.60 - - [15/Jul/2021:10:08:06 +0800] "GET http://www.epochtimes.com/ HTTP/1.1" 200 766
123.160.235.32 - - [15/Jul/2021:10:08:07 +0800] "CONNECT dnspod.qcloud.com:443 HTTP/1.1" 405 292
36.5.158.228 - - [15/Jul/2021:10:08:08 +0800] "CONNECT dnspod.qcloud.com:443 HTTP/1.1" 405 292如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
1:出现大量SYN_RECV状态
考虑是否SYN Flood (关于SYN Flood参考tcp三次握手)
2:大量CONNECT方法
代理服务器扫描 一般和SYN_RECV没有关系