>ch2maguro# netstat >Active Internet connections >Proto Recv-Q Send-Q Local Address Foreign Address (state) >tcp4 0 0 ch2maguro.http 210.135.100.130.46582 SYN_RCVD >tcp4 0 0 ch2maguro.http 210.135.100.130.46576 SYN_RCVD >tcp4 0 0 ch2maguro.http 210.135.100.130.46570 SYN_RCVD >tcp4 0 0 ch2maguro.http 210.135.100.130.46564 SYN_RCVD >tcp4 0 0 ch2maguro.http 210.135.100.130.46575 SYN_RCVD >tcp4 0 0 ch2maguro.http 210.135.100.130.46567 SYN_RCVD >tcp4 36 0 ch2maguro.http 210.135.99.36.60588 ESTABLISHED >tcp4 0 0 ch2maguro.http 210.135.100.130.46542 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46541 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46538 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46517 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46500 TIME_WAIT >tcp4 0 635 ch2maguro.http e23.razil.jp.35134 FIN_WAIT_1 >tcp4 0 635 ch2maguro.http u.razil.jp.48052 FIN_WAIT_1 >tcp4 0 0 ch2maguro.http 210.135.100.130.46059 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46057 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46056 TIME_WAIT >tcp4 0 0 ch2maguro.http 219.net119083002.54274 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.46049 TIME_WAIT >tcp4 0 0 ch2maguro.http ir01.razil.jp.41138 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.45999 TIME_WAIT >tcp4 0 0 ch2maguro.http 210.135.100.130.45994 TIME_WAIT > >If, and if it's SYN flood attack, since only SYN_RCVD status in netstat whereas such should be observed, TIME_WAIT status are also output in the same log, you can see that it is a normal TCP connection. 0279動け動けウゴウゴ2ちゃんねる2014/05/24(土) 16:00:25.02ID:ni04+P+d0>>270 Jim-san
http://moritapo.jp/info.html >System: brazil_2f in >Maintainer: >Description:GigabitEther-0/6 >ifType:ethernetCsmacd (6) >ifName:GigabitEther 0/6 >Max Speed:125.0 MBytes/s >The statistics were last updated Thursday, 6 March 2014 at 14:05, >at which time 'brazil_2f' had been up for 19 days, 10:49:15. > >`Daily' Graph (5 Minute Average) http://moritapo.jp/images/210.png >Max In:5071.5 kb/s (0.5%) Average In:2647.4 kb/s (0.3%) Current In:25.2 kb/s (0.0%) >Max Out:26.6 Mb/s (2.7%) Average Out:12.3 Mb/s (1.2%) Current Out:46.9 kb/s (0.0%) > >`Weekly' Graph (30 Minute Average) http://moritapo.jp/images/210_002.png >Max In:5927.6 kb/s (0.6%) Average In:2935.4 kb/s (0.3%) Current In:36.4 kb/s (0.0%) >Max Out:27.0 Mb/s (2.7%) Average Out:16.7 Mb/s (1.7%) Current Out:50.6 kb/s (0.0%) > >`Monthly' Graph (2 Hour Average) http://moritapo.jp/images/210_004.png >Max In:5080.4 kb/s (0.5%) Average In:3364.6 kb/s (0.3%) Current In:31.6 kb/s (0.0%) >Max Out:26.1 Mb/s (2.6%) Average Out:19.4 Mb/s (1.9%) Current Out:48.2 kb/s (0.0%) > >There is no fact that traffic has increased to 47 minutes before and after 22 pm March 5, which is that there is an attack.