关于minifw3.7CUP居高不下的问题
最近由于ROS出现频繁掉线换成了minife3.7光盘版刚装上两天没有任何问题。网速也很稳定,中间试过一次QOS限速没设置好网页很慢,后来关了QOS。昨天晚上有人在网吧用了网络执法官之类的软件。所有电脑MAC地址一样,没人喊卡或掉线,刚从外面回来发现主机只要开网页就报毒,看了下ARP(IP/MAC)表怕了跳,迅速找到毒源,人家以结帐下面刚走。关机后一切常,晚上无事看了下http://aijun336.blog.163.com/blog/的minifw3.5使用小解--WEB内容过滤和MINIFW3.7--VPN的用法,开启了这两项服务,今天白天没什么人上网的时候CUP就很高97%左右以下是我的minifw内容(以开启VPN)在没有开启VPN和WEB内容过滤之前CUP最高%14- 内存文件系统剩余空间
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/root 193004 6036 186968 3% /
/dev/hda5 7823820 771076 705274410% /tmp1
内存使用
total used free shared buffers
Mem: 386516 374372 12144 0 68816
Swap: 0 0 0
Total: 386516 374372 12144
- 已加载的模块
Module SizeUsed by
ip_nat_pptp 1628 0 (unused)
ip_nat_proto_gre 760 0 (unused)
ip_conntrack_pptp 2072 1
ip_conntrack_proto_gre 1557 0
ipt_ipp2p 4948 1
8139too 11548 2
mii 1840 0
sch_sfq 2784 0 (unused)
sch_ingress 1088 0 (unused)
sch_htb 16320 0 (unused)
cls_u32 3832 0 (unused)
cls_fw 1940 0 (unused)
ipt_IMQ 480 0 (unused)
ipt_tos 224 0 (unused)
ipt_layer7 7480 0 (unused)
ipt_time 884 0 (unused)
ipt_iprange 356 2
ipt_connlimit 1032 0 (unused)
ip_nat_mms 2352 0 (unused)
ip_nat_h323 2020 0 (unused)
ip_nat_ftp 2192 0 (unused)
ip_conntrack_mms 2448 1
ip_conntrack_h323 1865 1
ip_conntrack_ftp 2992 1
softdog 1296 1
内核启动信息
Linux version 2.4.33-wuhuasan (root@debian) (gcc version 3.4.4) #1 Sat May 5 02:47:43 MDT 2007
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 00000000000a0000 (usable)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 0000000017ff0000 (usable)
BIOS-e820: 0000000017ff0000 - 0000000017ff3000 (ACPI NVS)
BIOS-e820: 0000000017ff3000 - 0000000018000000 (ACPI data)
BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
0MB HIGHMEM available.
383MB LOWMEM available.
On node 0 totalpages: 98288
zone(0): 4096 pages.
zone(1): 94192 pages.
zone(2): 0 pages.
Kernel command line: BOOT_IMAGE=linux append=load_ramdisk=1 initrd=root.tgz initrd_dyn=minix ramdisk_size=4096 root=/dev/ram0 boot=/dev/hda1,vfat
Initializing CPU#0
Detected 1996.638 MHz processor.
Console: colour VGA+ 80x25
Calibrating delay loop... 3984.58 BogoMIPS
Memory: 386008k/393152k available (1145k kernel code, 6760k reserved, 255k data, 80k init, 0k highmem)
Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Inode cache hash table entries: 32768 (order: 6, 262144 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
Page-cache hash table entries: 131072 (order: 7, 524288 bytes)
CPU: Trace cache: 12K uops, L1 D cache: 8K
CPU: L2 cache: 128K
CPU: After generic, caps: bfebfbff 00000000 00000000 00000000
CPU: Common caps: bfebfbff 00000000 00000000 00000000
CPU: Intel(R) Celeron(R) CPU 2.00GHz stepping 09
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
PCI: PCI BIOS revision 2.10 entry at 0xfb110, last bus=2
PCI: Using configuration type 1
PCI: Probing PCI hardware
PCI: Probing PCI hardware (bus 00)
Transparent bridge - PCI device 8086:244e
PCI: Using IRQ router PIIX/ICH at 00:1f.0
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0x03f8 (irq = 4) is a 16550A
ttyS01 at 0x02f8 (irq = 3) is a 16550A
Real Time Clock Driver v1.10f
FDC 0 is a post-1991 82077
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
PPP generic driver version 2.4.2
PPP Deflate Compression module registered
PPP BSD Compression module registered
MPPE/MPPC encryption/compression module registered
Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
ICH2: IDE controller at PCI slot 00:1f.1
ICH2: chipset revision 5
ICH2: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0xf000-0xf007, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0xf008-0xf00f, BIOS settings: hdc:pio, hdd:pio
hda: IBM-DJNA-370910, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hda: attached ide-disk driver.
hda: host protected area => 1
hda: 17803440 sectors (9115 MB) w/1966KiB Cache, CHS=17662/16/63, UDMA(33)
Partition check:
hda: hda1 hda2 < hda5 hda6 >
SCSI subsystem driver Revision: 1.00
usb.c: registered new driver hub
host/uhci.c: USB Universal Host Controller Interface driver v1.1
PCI: Found IRQ 11 for device 00:1f.2
PCI: Setting latency timer of device 00:1f.2 to 64
host/uhci.c: USB UHCI at I/O 0xd000, IRQ 11
usb.c: new USB bus registered, assigned bus number 1
hub.c: USB hub found
hub.c: 2 ports detected
PCI: Found IRQ 12 for device 00:1f.4
PCI: Sharing IRQ 12 with 02:0b.0
PCI: Setting latency timer of device 00:1f.4 to 64
host/uhci.c: USB UHCI at I/O 0xd800, IRQ 12
usb.c: new USB bus registered, assigned bus number 2
hub.c: USB hub found
hub.c: 2 ports detected
Initializing USB Mass Storage driver...
usb.c: registered new driver usb-storage
USB Mass Storage support registered.
Initializing Cryptographic API
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 4096 buckets, 32Kbytes
TCP: Hash tables configured (established 32768 bind 65536)
ip_conntrack version 2.1 (3071 buckets, 24568 max) - 368 bytes per conntrack
ip_tables: (C) 2000-2002 Netfilter core team
IP_TPROXY: Transparent proxy support initialized 2.0.6
IP_TPROXY: Copyright (c) 2002-2007 BalaBit IT Ltd.
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
INITRD: Compressed Tar archive found at block 0.
VFS: Mounted root (tmpfs filesystem). [ No Ceiling]
INITRD: Extracting TGZ archive: |/-\|/-\|/-\|/-\|/-\|/-\|/-done.
VFS: Close: file count is 0
Freeing initrd memory: 427k freed
Freeing unused kernel memory: 80k freed
reiserfs: found format "3.6" with standard journal
reiserfs: checking transaction log (device ide0(3,5)) ...
for (ide0(3,5))
reiserfs: replayed 24 transactions in 3 seconds
ide0(3,5):Using r5 hash to sort names
Software Watchdog Timer: 0.05, timer margin: 60 sec
ipt_time loading
8139too Fast Ethernet driver 0.9.26
PCI: Found IRQ 11 for device 02:06.0
eth0: RealTek RTL8139 at 0xd8904000, 00:0a:eb:74:56:9b, IRQ 11
eth0:Identified 8139 chip type 'RTL-8100B/8139D'
PCI: Found IRQ 12 for device 02:0b.0
PCI: Sharing IRQ 12 with 00:1f.4
eth1: RealTek RTL8139 at 0xd8906000, 00:0a:eb:5b:6b:94, IRQ 12
eth1:Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
eth1: link up, 100Mbps, full-duplex, lpa 0x45E1
IPP2P v0.8.2 loading
ip_conntrack_pptp version 1.9 loaded
ip_nat_pptp version 1.5 loaded
网络接口状态
eth0 Link encap:EthernetHWaddr 00:0A:EB:74:56:9B
inet addr:192.168.0.1Bcast:192.168.0.255Mask:255.255.255.0
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:25031345 errors:0 dropped:0 overruns:0 frame:0
TX packets:28504237 errors:0 dropped:0 overruns:5 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2142224128 (1.9 GiB)TX bytes:3095024172 (2.8 GiB)
Interrupt:11 Base address:0x4000
eth1 Link encap:EthernetHWaddr 00:0A:EB:5B:6B:94
inet addr:172.0.0.1Bcast:172.0.0.1Mask:255.255.255.252
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:33751361 errors:0 dropped:0 overruns:0 frame:0
TX packets:30308724 errors:0 dropped:0 overruns:5 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3827333432 (3.5 GiB)TX bytes:3301305482 (3.0 GiB)
Interrupt:12 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
UP LOOPBACK RUNNINGMTU:16436Metric:1
RX packets:3649912 errors:0 dropped:0 overruns:0 frame:0
TX packets:3649912 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:181457416 (173.0 MiB)TX bytes:181457416 (173.0 MiB)
ppp0 Link encap:Point-Point Protocol
inet addr:192.168.15.1P-t-P:192.168.15.80Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICASTMTU:1400Metric:1
RX packets:673354 errors:2472 dropped:0 overruns:0 frame:0
TX packets:835721 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:106091535 (101.1 MiB)TX bytes:525841002 (501.4 MiB)
ppp1 Link encap:Point-Point Protocol
inet addr:192.168.15.1P-t-P:192.168.15.81Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICASTMTU:1400Metric:1
RX packets:149651 errors:17 dropped:0 overruns:0 frame:0
TX packets:203444 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:19532244 (18.6 MiB)TX bytes:122183513 (116.5 MiB)
运行中的进程
PIDUid VmSize Stat Command
1 root 312 S init
2 root SW
3 root SWN
4 root SW
5 root SW
6 root SW
7 root SW
273 root SW
333 root 244 S /sbin/watchdog -t 30 /dev/watchdog
486 root 332 S syslogd -m 0 -C
487 root 288 S klogd
496 root 368 S /usr/sbin/sshd -p 880
858 root 336 S httpd -p 8080 -h /var/http/htdocs -c /.whs
877 root 632 S /usr/local/squid/sbin/squid -a 3107 -D
881 nobody 19360 S (squid) -a 3107 -D
882 nobody 164 S (unlinkd)
883 nobody 1456 S dansguardian
891 nobody 2264 S dansguardian
906 root 308 S /sbin/getty 38400 tty1
1819 root 268 S pptpd -o /tmp/options.pptpd
7769 root 320 S pptpd
7770 root 508 S /usr/sbin/pppd local file /tmp/options.pptpd 115200 1
18756 root 296 S pptpd
18757 root 508 S /usr/sbin/pppd local file /tmp/options.pptpd 115200 1
18896 root 360 S /usr/sbin/dnsmasq
28557 nobody 1580 S dansguardian 不白明的地方,下面这么多进程
28688 nobody 1556 S dansguardian
29013 nobody 1572 S dansguardian
29082 nobody 1520 S dansguardian
29115 nobody 1456 S dansguardian
29116 nobody 1456 S dansguardian
29128 nobody 1548 S dansguardian
29139 nobody 1560 S dansguardian
29142 nobody 1560 S dansguardian
29145 nobody 1520 S dansguardian
29355 nobody 1560 S dansguardian
29356 nobody 1476 S dansguardian
29357 nobody 1476 S dansguardian
29358 nobody 1556 S dansguardian
29359 nobody 1476 S dansguardian
29360 nobody 1456 S dansguardian
29361 nobody 1456 S dansguardian
29362 nobody 1456 S dansguardian
29363 nobody 1456 S dansguardian
29364 nobody 1456 S dansguardian
29365 nobody 1456 S dansguardian
29366 nobody 1456 S dansguardian
29367 root 384 S httpd -p 8080 -h /var/http/htdocs -c /.whs
29368 root 384 S /bin/sh /var/http/htdocs/cgi-bin/diags.cgi
29472 root 308 R ps
[ 本帖最后由 hsyihao 于 2007-10-13 21:28 编辑 ] 楼主想说什么?开VPN能防止CPU占用率高?只能分析是你开了WEB过滤之后。内网的机没中ARP病毒而已。 这不是cpu高,而是内存使用高,这是正常的,你使用web过滤的同时,web代理也会起作用,会用较多的内存作为代理缓存使用。虽然剩余内存少,但机器还是很稳定的,而且浏览网页速度会慢慢地快起来。不用担心这个问题! 原帖由 bfrader 于 2007-10-14 20:40 发表 http://bbs.routerclub.com/images/common/back.gif
这不是cpu高,而是内存使用高,这是正常的,你使用web过滤的同时,web代理也会起作用,会用较多的内存作为代理缓存使用。虽然剩余内存少,但机器还是很稳定的,而且浏览网页速度会慢慢地快起来。不用担心这个问题!
谢谢你的回答````不过我害怕如果再有人用ARP攻击的话那会不会掉线呢?我知道minifw防ARP很强```但是资源用到%98了会不会掉线(ARP攻击)
还有一点不明白的就是这些进程
18896 root 360 S /usr/sbin/dnsmasq
28557 nobody 1580 S dansguardian 不白明的地方,下面这么多进程
28688 nobody 1556 S dansguardian
29013 nobody 1572 S dansguardian
29082 nobody 1520 S dansguardian
29115 nobody 1456 S dansguardian
29116 nobody 1456 S dansguardian
29128 nobody 1548 S dansguardian
29139 nobody 1560 S dansguardian
29142 nobody 1560 S dansguardian
29145 nobody 1520 S dansguardian
29355 nobody 1560 S dansguardian
29356 nobody 1476 S dansguardian
29357 nobody 1476 S dansguardian
29358 nobody 1556 S dansguardian
29359 nobody 1476 S dansguardian
29360 nobody 1456 S dansguardian
29361 nobody 1456 S dansguardian
29362 nobody 1456 S dansguardian
29363 nobody 1456 S dansguardian
29364 nobody 1456 S dansguardian
29365 nobody 1456 S dansguardian
29366 nobody 1456 S dansguardian
昨天有个网管打开一个网页提示说的什么不记得了```大概的意思就是网站不支持代理上网(充点卡网站不记得是那个了)网页打不开```下次再发现就记下来
[ 本帖最后由 hsyihao 于 2007-10-14 23:42 编辑 ] dansguardian应该就是代理进程。
arp攻击与DDOS攻击不同,一般不会影响路由器资源使用,只是你的局域网客户机的数据都要从实行arp攻击的那台机器经过,最后会出现帐号、密码被盗的情况。 就是这个网站打不开````请帮我看下```要在那里设置```` 可能这个网站在minifw的web过滤的黑名单上吧。我经过某个代理网站访问这个网站,一切正常。 那请问下要怎么把它从黑名单里删除呢? 可能我的说法不对,minifw好象是根据某些文字特征进行过滤的,所以无法进行黑名单修改。我觉得没必要进行网站过滤,可以自己在防火墙规则里对一些不良网站进行封堵。至于防止arp攻击,可以进行mac_ip绑定。 原帖由 bfrader 于 2007-10-16 07:11 发表 http://bbs.routerclub.com/images/common/back.gif
可能这个网站在minifw的web过滤的黑名单上吧。我经过某个代理网站访问这个网站,一切正常。
问题找到那,不选这一项行吗? 如果不开启代理服务器,web过滤就不起作用了 原帖由 bfrader 于 2007-10-16 13:18 发表 http://bbs.routerclub.com/images/common/back.gif
可能我的说法不对,minifw好象是根据某些文字特征进行过滤的,所以无法进行黑名单修改。我觉得没必要进行网站过滤,可以自己在防火墙规则里对一些不良网站进行封堵。至于防止arp攻击,可以进行mac_ip绑定。
不良网站太多了吧,而且有时一个网站的IP地址都能有好几个,那得写多少规则呀。防火墙规则不支持域名过滤方式吧。
用关键词过滤或者网站过滤多方便。比如:关键词("/ad/"、"/pop/“、”/guanggao/“等)、网站("http://union.*.com"等)这样即便下面的客户机没有安装火狐、Maxthon等浏览器也能屏蔽掉一些垃圾地址。
页:
[1]