首页 > 代码库 > 由于网络攻击导致路由器CPU 99% 网络时断时通
由于网络攻击导致路由器CPU 99% 网络时断时通
CPU Usage Stat. Cycle: 60 (Second)
CPU Usage : 99% Max: 99%
CPU Usage Stat. Time : 2016-12-10 19:37:01
Dec 10 2016 19:34:38 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/PORT_ATTACK(l)[0]:Port attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, AttackProtocol=TCP, AttackPackets=416 packets per second)
Dec 10 2016 19:34:38 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/USER_ATTACK(l)[1]:User attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, UserMacAddress=0010-f348-7037, AttackProtocol=TCP, AttackPackets=416 packets per second)
Dec 10 2016 19:34:05 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/SPECIFY_SIP_ATTACK(l)[2]:The specified source IP address attack occurred.(Slot=MPU, SourceAttackIP = 163.177.72.158, AttackProtocol=TCP, AttackPackets=144 packets per second)
Dec 10 2016 19:33:49 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/PORT_ATTACK(l)[3]:Port attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, AttackProtocol=ICMP, AttackPackets=224 packets per second)
Dec 10 2016 19:33:49 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/USER_ATTACK(l)[4]:User attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, UserMacAddress=0010-f348-7037, AttackProtocol=ICMP, AttackPackets=224 packets per second)
Dec 10 2016 19:29:38 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/PORT_ATTACK(l)[5]:Port attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, AttackProtocol=TCP, AttackPackets=320 packets per second)
Dec 10 2016 19:29:38 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/USER_ATTACK(l)[6]:User attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, UserMacAddress=0010-f348-7037, AttackProtocol=TCP, AttackPackets=320 packets per second)
Dec 10 2016 19:28:47 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/PORT_ATTACK(l)[7]:Port attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, AttackProtocol=ICMP, AttackPackets=144 packets per second)
Dec 10 2016 19:28:47 BEJ-ANF-AGG-9312-17.64 %%01SECE/4/USER_ATTACK(l)[8]:User attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet3/0/1, OuterVlan/InnerVlan=1904/0, UserMacAddress=0010-f348-7037, AttackProtocol=ICMP, AttackPackets=144 packets per second)
从log信息中可以看出大量的攻击数据包(tcp icmp)是从 XG 3/0/1 的vlan 1904进入,这个vlan是我到联通的互联,我的默认路由是通过vlan 1904到联通。
原因是我设备配置一个loopback接口,上面配置了一个联通给的IP ,攻击的目标始即为这个IP地址,将地址取消后 cpu降到正常范围。
CPU Usage Stat. Cycle: 60 (Second)
CPU Usage : 39% Max: 99%
CPU Usage Stat. Time : 2016-12-10 19:39:06
本文出自 “lihongweibj” 博客,请务必保留此出处http://lihongweibj.blog.51cto.com/6235038/1881541
由于网络攻击导致路由器CPU 99% 网络时断时通