【求助】帮我natstat结果分析啊，好像被攻击了！ bbs.ikaka.com

顽石no - 2005-10-21 16:52:00

C:\Documents and Settings\Administrator>netstat

Active Connections

Proto Local Address Foreign Address State
TCP computename:ms-sql-s ad1.sina.com.cn:1919 TIME_WAIT
TCP computename:ms-sql-s ad1.sina.com.cn:1920 ESTABLISHED
TCP computename:ms-sql-s ad1.sina.com.cn:1921 ESTABLISHED
TCP computename:ms-sql-s ad1.sina.com.cn:2032 ESTABLISHED
TCP computename:1920 ad1.sina.com.cn:ms-sql-s ESTABLISHED
TCP computename:1921 ad1.sina.com.cn:ms-sql-s ESTABLISHED
TCP computename:1922 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1923 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1924 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1925 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1926 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1927 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1928 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:1929 ad1.sina.com.cn:ms-sql-s TIME_WAIT
.....

TCP computename:2129 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2130 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2131 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2132 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2133 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2134 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2135 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2136 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2137 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2138 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2139 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2140 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2141 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2142 ad1.sina.com.cn:ms-sql-s TIME_WAIT
TCP computename:2143 ad1.sina.com.cn:ms-sql-s TIME_WAIT

顽石no - 2005-10-21 16:54:00

netstat -an的结果

TCP 127.0.0.1:1433 127.0.0.1:2032 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:2476 ESTABLISHED
TCP 127.0.0.1:1433 127.0.0.1:2477 ESTABLISHED
....
TCP 127.0.0.1:2643 127.0.0.1:1433 TIME_WAIT
TCP 127.0.0.1:2644 127.0.0.1:1433 TIME_WAIT

服务器操作系统2003 Server
安装SQL 2000 Sp4补丁（SP3补丁下也有这么多的连接，所以升级了下）
这个有时候占用了很多的服务器带宽
只要把SQL 2000停掉带宽立刻就会降下来
很奇怪

瑞星卡卡安全论坛