usr*_*ΛΩΝ 10 linux bandwidth-control
我被警告说我的服务器违反了传输限制。我认为我的 Tor 节点变得流行,所以我选择在本月禁用它(不是社区的最佳选择,但我需要关闭)。然后我注意到服务器今晚传输了大约 4GB。我已经使用 Awstats 检查了 Apache 日志,没有相关流量(而且我没有在那里托管如此受欢迎的站点)。我检查了邮件日志,没有人试图发送垃圾邮件。我检查了messages日志并发现了大量这些
Apr 29 10:17:53 marcus sshd[9281]: Did not receive identification string from 85.170.189.156
Apr 29 10:18:07 marcus sshd[9283]: Did not receive identification string from 86.208.123.132
Apr 29 10:18:24 marcus sshd[9298]: Did not receive identification string from 85.170.189.156
Apr 29 10:18:39 marcus sshd[9303]: Did not receive identification string from 86.208.123.132
Apr 29 10:18:56 marcus sshd[9306]: Did not receive identification string from 85.170.189.156
Apr 29 10:19:11 marcus sshd[9309]: Did not receive identification string from 86.208.123.132
Apr 29 10:19:18 marcus sshd[9312]: Did not receive identification string from 101.98.178.92
Apr 29 10:19:27 marcus sshd[9314]: Did not receive identification string from 85.170.189.156
Apr 29 10:19:41 marcus sshd[9317]: Did not receive identification string from 86.208.123.132
Apr 29 10:20:01 marcus sshd[9321]: Did not receive identification string from 85.170.189.156
Apr 29 10:20:13 marcus sshd[9324]: Did not receive identification string from 86.208.123.132
Apr 29 10:20:32 marcus sshd[9327]: Did not receive identification string from 85.170.189.156
Apr 29 10:20:48 marcus sshd[9331]: Did not receive identification string from 86.208.123.132
Apr 29 10:21:07 marcus sshd[9336]: Did not receive identification string from 85.170.189.156
Apr 29 10:21:20 marcus sshd[9338]: Did not receive identification string from 86.208.123.132
Apr 29 10:21:35 marcus sshd[9341]: Did not receive identification string from 85.170.189.156
Apr 29 10:21:51 marcus sshd[9344]: Did not receive identification string from 86.208.123.132
Apr 29 10:22:06 marcus sshd[9349]: Did not receive identification string from 85.170.189.156
Apr 29 10:22:23 marcus sshd[9353]: Did not receive identification string from 86.208.123.132
Apr 29 10:22:39 marcus sshd[9359]: Did not receive identification string from 85.170.189.156
Apr 29 10:22:54 marcus sshd[9361]: Did not receive identification string from 86.208.123.132
Apr 29 10:23:10 marcus sshd[9367]: Did not receive identification string from 85.170.189.156
Apr 29 10:23:29 marcus sshd[9369]: Did not receive identification string from 86.208.123.132
Apr 29 10:23:45 marcus sshd[9375]: Did not receive identification string from 85.170.189.156
Apr 29 10:24:10 marcus sshd[9387]: Did not receive identification string from 86.208.123.132
Apr 29 10:24:16 marcus sshd[9388]: Did not receive identification string from 85.170.189.156
每隔几秒钟就有一个机器人试图破解我的 SSH,这是不可能的,因为我需要公钥身份验证。我的问题是:在这个频率下,这种流量在 10 小时的连续攻击中是否可以消耗 4GB(假设为 3.5)?
我已经更改了我的 SSH 端口并阻止了这些攻击,但我不确定我的网络消耗。我没有运行失控的服务 - 我的防火墙有点限制 - 或者与滥用 P2P 或其他什么的人共享服务器。我担心的是低于 400GB/月。
有小费吗?
Luc*_*man 16
4 GB 是可能的,但考虑到攻击率,可能性很小。我建议安装 OSSEC,它会检测尝试中断并在一段时间内自动阻止 IP。
use*_*517 14
如果这些是带宽使用的原因,那么当您在系统上处理它们时,带宽已经被消耗掉了。您可以使用 iptraf 之类的工具为您提供每个接口/端口上发生的情况的细分,然后您可以根据事实采取适当的措施。