漏洞扫描导致机器宕机?

Linux系统,IBM HS22+7870刀片,漏洞扫描一扫就死,必须重启才可以恢复,求高手解答!!
Jul 25 17:56:31 hostwww xinetd[2179]: START: vopied pid=13758

from=::ffff:192.168.20.43
Jul 25 17:56:31 hostwww xinetd[13758]: warning: can't get client address: Connection

reset by peer
Jul 25 17:56:31 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13758 duration=0

(sec)
Jul 25 17:56:31 hostwww xinetd[2179]: START: bpjava-msvc pid=13760

from=::ffff:192.168.20.43
Jul 25 17:56:31 hostwww xinetd[13760]: warning: can't get client address: Connection

reset by peer
Jul 25 17:56:31 hostwww xinetd[2179]: EXIT: bpjava-msvc signal=13 pid=13760

duration=0(sec)
Jul 25 17:56:31 hostwww xinetd[2179]: START: bpcd pid=13762

from=::ffff:192.168.20.43
Jul 25 17:56:31 hostwww xinetd[13762]: warning: can't get client address: Connection

reset by peer
Jul 25 17:56:31 hostwww xinetd[2179]: EXIT: bpcd status=160 pid=13762 duration=0

(sec)
Jul 25 17:56:32 hostwww xinetd[2179]: START: vnetd pid=13764

from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: EXIT: vnetd status=43 pid=13764 duration=0

(sec)
Jul 25 17:56:32 hostwww xinetd[2179]: START: bpcd pid=13768

from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: START: bpjava-msvc pid=13769

from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: START: vnetd pid=13770

from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: START: vopied pid=13771

from=::ffff:192.168.20.43
Jul 25 17:56:32 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=13769

duration=0(sec)
Jul 25 17:56:32 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13771 duration=0

(sec)
Jul 25 17:56:35 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=13768 duration=3(sec)
Jul 25 17:56:43 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13770 duration=11

(sec)
Jul 25 17:56:43 hostwww xinetd[2179]: START: vnetd pid=13776

from=::ffff:192.168.20.43
Jul 25 17:56:48 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13776 duration=5(sec)
Jul 25 17:56:48 hostwww xinetd[2179]: START: vnetd pid=13779

from=::ffff:192.168.20.43
Jul 25 17:56:53 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13779 duration=5(sec)
Jul 25 17:56:53 hostwww xinetd[2179]: START: vnetd pid=13782

from=::ffff:192.168.20.43
Jul 25 17:56:53 hostwww xinetd[2179]: EXIT: vnetd status=1 pid=13782 duration=0(sec)
Jul 25 17:56:53 hostwww xinetd[2179]: START: vnetd pid=13783

from=::ffff:192.168.20.43
Jul 25 17:56:53 hostwww xinetd[2179]: EXIT: vnetd status=1 pid=13783 duration=0(sec)
Jul 25 17:57:04 hostwww xinetd[2179]: START: vopied pid=13786

from=::ffff:192.168.20.43
Jul 25 17:57:04 hostwww xinetd[2179]: START: bpcd pid=13787

from=::ffff:192.168.20.43
Jul 25 17:57:04 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13786 duration=0

(sec)
Jul 25 17:57:07 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=13787 duration=3(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: START: vnetd pid=13803

from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: vnetd status=9 pid=13803 duration=0(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: START: bpjava-msvc pid=13806

from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: START: vnetd pid=13807

from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: START: bpcd pid=13808

from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: START: vopied pid=13809

from=::ffff:192.168.20.43
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=13806

duration=0(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: vnetd status=1 pid=13807 duration=0(sec)
Jul 25 17:57:19 hostwww xinetd[2179]: EXIT: vopied status=7 pid=13809 duration=0

(sec)
Jul 25 17:57:22 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=13808 duration=3(sec)
Jul 25 17:57:27 hostwww kernel: possible SYN flooding on port 5989. Sending cookies.
Jul 25 18:10:25 hostwww xinetd[2179]: START: bpjava-msvc pid=14007

from=::ffff:192.168.20.43
Jul 25 18:10:25 hostwww xinetd[14007]: warning: can't get client address: Connection

reset by peer
Jul 25 18:10:25 hostwww xinetd[2179]: EXIT: bpjava-msvc signal=13 pid=14007

duration=0(sec)
Jul 25 18:10:27 hostwww xinetd[2179]: START: bpjava-msvc pid=14008

from=::ffff:192.168.20.43
Jul 25 18:10:27 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=14008

duration=0(sec)
Jul 25 18:11:00 hostwww xinetd[2179]: START: bpcd pid=14016

from=::ffff:192.168.20.43
Jul 25 18:11:00 hostwww xinetd[14016]: warning: can't get client address: Connection

reset by peer
Jul 25 18:11:00 hostwww xinetd[2179]: EXIT: bpcd status=160 pid=14016 duration=0

(sec)
Jul 25 18:11:20 hostwww xinetd[2179]: START: vopied pid=14020

from=::ffff:192.168.20.43
Jul 25 18:11:20 hostwww xinetd[14020]: warning: can't get client address: Connection

reset by peer
Jul 25 18:11:20 hostwww xinetd[2179]: EXIT: vopied status=7 pid=14020 duration=0

(sec)
Jul 25 18:12:34 hostwww qpidd[2285]: 2017-07-25 18:12:34 error Could not accept

socket: Transport endpoint is not connected (qpid/sys/posix/Socket.cpp:58)
Jul 25 18:13:01 hostwww xinetd[2179]: START: vopied pid=14047

from=::ffff:192.168.20.43
Jul 25 18:13:01 hostwww xinetd[14047]: warning: can't get client address: Connection

reset by peer
Jul 25 18:13:01 hostwww xinetd[2179]: EXIT: vopied status=7 pid=14047 duration=0

(sec)
Jul 25 18:13:25 hostwww xinetd[2179]: START: vnetd pid=14057

from=::ffff:192.168.20.43
Jul 25 18:13:25 hostwww xinetd[2179]: EXIT: vnetd status=43 pid=14057 duration=0

(sec)
Jul 25 18:14:22 hostwww xinetd[2179]: START: vnetd pid=14074

from=::ffff:192.168.20.43
Jul 25 18:14:22 hostwww xinetd[2179]: EXIT: vnetd status=43 pid=14074 duration=0

(sec)
Jul 25 18:14:51 hostwww xinetd[2179]: START: bpjava-msvc pid=14085

from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: START: bpcd pid=14087

from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: START: vnetd pid=14088

from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: START: vopied pid=14090

from=::ffff:192.168.20.43
Jul 25 18:14:51 hostwww xinetd[2179]: EXIT: bpjava-msvc status=127 pid=14085

duration=0(sec)
Jul 25 18:14:51 hostwww xinetd[2179]: EXIT: vopied status=7 pid=14090 duration=0

(sec)
Jul 25 18:14:54 hostwww xinetd[2179]: EXIT: bpcd status=1 pid=14087 duration=3(sec)
Jul 25 18:14:55 hostwww xinetd[2179]: START: bpcd pid=14093

from=::ffff:192.168.20.43
Jul 25 18:14:55 hostwww xinetd[14093]: warning: can't get client address: Connection

reset by peer
Jul 25 18:14:55 hostwww xinetd[2179]: EXIT: bpcd status=160 pid=14093 duration=0

(sec)
Jul 25 19:07:36 hostwww kernel: imklog 4.6.2, log source = /proc/kmsg started.

参与30

7同行回答

myciciymyciciy  IT顾问 , 某金融科技公司
linux太弱不禁风了不过也得问问漏扫厂商几个意思,扫一下就宕机,你这个环境没介绍清楚不好判断显示全部

linux太弱不禁风了
不过也得问问漏扫厂商几个意思,扫一下就宕机,你这个环境没介绍清楚不好判断

收起
银行 · 2017-08-01
wangxuefengwangxuefeng  系统运维工程师 , a
你追查下扫描操作,我遇到过把数据库扫描down机的,费点儿力气,不过可以分析出来。猜测应该是扫描器bug,没有很好控制操作,而到内核级别了,扫描器应该是指向哪里扫描那里,不应该随便乱扫。...显示全部

你追查下扫描操作,我遇到过把数据库扫描down机的,费点儿力气,不过可以分析出来。猜测应该是扫描器bug,没有很好控制操作,而到内核级别了,扫描器应该是指向哪里扫描那里,不应该随便乱扫。

收起
系统集成 · 2018-10-15
浏览4898
AcdanteAcdante  技术总监 , SHFY
这个得看这个漏扫软件的具体操作了,和他们的漏扫操作有关系。显示全部

这个得看这个漏扫软件的具体操作了,和他们的漏扫操作有关系。

收起
互联网服务 · 2017-08-02
798683133yj798683133yj  系统架构师 , 政务云某公司
换个漏扫软件呗显示全部

换个漏扫软件呗

收起
金融其它 · 2017-08-01
youyouwoxin888youyouwoxin888  IT顾问 , 深圳市深賽爾股份有限公司
你是用脚本在扫描吧,脚本扫描很慢哦显示全部

你是用脚本在扫描吧,脚本扫描很慢哦

收起
金融其它 · 2017-07-31
y18511664518y18511664518  技术总监 , 长城超云
除了Jul 25 18:10:25 hostwww xinetd[14007]: warning: can't get client address: Connection reset by peer这个报警没别的信息了,你用的硬漏扫还是软漏扫,还是用的脚本?显示全部

除了Jul 25 18:10:25 hostwww xinetd[14007]: warning: can't get client address: Connection reset by peer这个报警没别的信息了,你用的硬漏扫还是软漏扫,还是用的脚本?

收起
金融其它 · 2017-07-31
匿名用户匿名用户
扫描是不是太严格了!显示全部

扫描是不是太严格了!

收起
系统集成 · 2021-03-20
浏览2435

提问者

y453056108r
系统运维工程师某IT公司
擅长领域: 服务器AIXUnix

相关问题

相关资料

相关文章

问题状态

  • 发布时间:2017-07-26
  • 关注会员:7 人
  • 问题浏览:9398
  • 最近回答:2021-03-20
  • X社区推广