主页 / server / 问题 / 498979
Accepted
xpda
Asked: 2013-04-13 20:35:20 +0800 CST

数千个端口 25 连接

  • 772

今晚一些 IP 地址在邮件服务器的端口 25 上建立了近 2500 个连接。2500 是最大限制,50 个或更少的同时连接是正常的。一旦建立联系,他们什么也没做。IP 地址属于 Facebook 发送邮件服务器,但当然它们可能是伪造的。有没有人有过这样的经历?有什么好的方法可以防止它发生吗?

"TCPIP" 3808 "2013-04-12 21:37:19.787" "TCP - 66.220.155.135 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.787" "TCP - 66.220.155.137 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.819" "TCP - 66.220.144.163 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.819" "TCP - 66.220.144.137 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.850" "TCP - 69.171.232.166 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.850" "TCP - 66.220.155.138 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.850" "TCP - 66.220.155.154 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.850" "TCP - 66.220.144.150 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.865" "TCP - 66.220.155.161 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.865" "TCP - 66.220.155.157 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.865" "TCP - 69.171.232.142 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.865" "TCP - 66.220.155.152 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.928" "TCP - 66.220.155.147 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.928" "TCP - 66.220.155.139 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.928" "TCP - 66.220.155.161 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.943" "TCP - 66.220.155.154 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.943" "TCP - 66.220.155.159 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.959" "TCP - 66.220.144.166 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.975" "TCP - 66.220.144.155 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:19.990" "TCP - 69.171.232.163 connected to 12.186.192.3:25."
"TCPIP" 3808 "2013-04-12 21:37:20.006" "TCP - 66.220.155.147 connected to 12.186.192.3:25."
smtp

2 个回答

  1. Best Answer

    因为您可以知道服务器属于谁:

    1. 使用 tcpdump 显示连接建立和与您的邮件服务器的初始交换
    2. 写邮件给维护服务器的组织的滥用/技术联系人
    3. 将来自“麻烦的”服务器的传入连接速率限制为一个合理的值,这样它们就不会影响您接收其他邮件的能力
    4. 中断“挂起”的连接,例如通过重新启动邮件服务器
    5. 通知用户来自@facebook.com 的邮件可能会延迟到达或根本不会到达的事实,只要问题仍未解决
    • 2

  2. 看起来您的 smtp 服务器受到某种拒绝服务攻击,源 IP 很可能是伪造的,即欺骗(如果我要对服务器进行 DoS 攻击,我会这样做)。最好的策略是部署 IP 过滤来阻止这些地址,直到攻击消失。

    • 0

相关问题