在netstat,我看到我的端口22连接122.225.97.99。 这是否意味着某人正在访问SSH ..或者它只是与Ubuntu相关的东西
user@ubuntu:~$ netstat -ntu Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 100.72.4.xxx:22 122.225.97.99:14202 ESTABLISHED tcp 0 0 100.72.4.xxx:22 122.225.97.99:3781 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:8581 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:5110 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:49039 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:53793 TIME_WAIT tcp 0 432 100.72.4.xxx:22 202.88.235.123:54092 ESTABLISHED tcp 0 0 100.72.4.xxx:22 202.88.235.123:54090 ESTABLISHED tcp 0 0 100.72.4.xxx:22 122.225.97.99:56696 TIME_WAIT tcp 0 0 100.72.4.xxx:59777 100.72.4.2:80 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:55110 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:10338 TIME_WAIT tcp 0 0 100.72.4.xxx:22 202.88.235.123:53856 ESTABLISHED tcp 0 0 100.72.4.xxx:22 122.225.97.99:2304 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:16170 ESTABLISHED tcp 0 0 100.72.4.xxx:22 122.225.97.99:14990 ESTABLISHED tcp 0 0 100.72.4.xxx:22 122.225.97.99:9504 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:47099 TIME_WAIT tcp 0 0 100.72.4.xxx:22 122.225.97.99:47966 TIME_WAIT tcp 0 0 100.72.4.xxx:59779 100.72.4.2:80 TIME_WAIT General information and location of 122.225.97.99 IPv4 address:122.225.97.99 Reverse DNS:122.225.97.99 RIR:APNIC Country:China RBL Status:Listed in CBL Thread:No threats detected 这意味着有人连接到SSH重复。 看看你的系统日志(可能是/var/log/auth.log)。 如果ssh对互联网开放,这是相当普遍的。 确保你设置了好的密码,root不允许login。你可以使用fail2ban和其他无数工具来自动阻止它们。 您也可以使用iptables来限制您希望ssh来源的networking访问。