Quantcast
Channel: LowEndTalk
Viewing all articles
Browse latest Browse all 60413

How to find real IP/domU with ip_conntrack?

November 23, 2013, 12:04 am
$
0
0

Hello

I'v a Xen VPS node server with high ip_conntrack, I need find out which client cause this. below is the ip_conntrack 1% result. It easy to find there is a client use his vps attack 49.124.141.5, but how to find the real ip/domU behind? Thanks for any advice!

cat /proc/net/ip_conntrack;

tcp 6 431428 ESTABLISHED src=221.105.137.74 dst=49.124.141.5 sport=13415 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=221.105.137.74 sport=80 dport=13415 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431428 ESTABLISHED src=36.40.254.29 dst=49.124.141.5 sport=20623 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=36.40.254.29 sport=80 dport=20623 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=143.35.24.47 dst=49.124.141.5 sport=7582 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=143.35.24.47 sport=80 dport=7582 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=75.196.150.5 dst=49.124.141.5 sport=42994 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=75.196.150.5 sport=80 dport=42994 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=125.174.195.93 dst=49.124.141.5 sport=23926 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=125.174.195.93 sport=80 dport=23926 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=106.160.55.94 dst=49.124.141.5 sport=53334 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=106.160.55.94 sport=80 dport=53334 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=158.42.72.60 dst=49.124.141.5 sport=30871 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=158.42.72.60 sport=80 dport=30871 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=28.33.100.22 dst=49.124.141.5 sport=42076 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=28.33.100.22 sport=80 dport=42076 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431428 ESTABLISHED src=190.110.92.3 dst=49.124.141.5 sport=38085 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=190.110.92.3 sport=80 dport=38085 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431428 ESTABLISHED src=115.61.187.115 dst=49.124.141.5 sport=10521 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=115.61.187.115 sport=80 dport=10521 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=131.150.242.58 dst=49.124.141.5 sport=13791 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=131.150.242.58 sport=80 dport=13791 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431428 ESTABLISHED src=134.1.212.102 dst=49.124.141.5 sport=26224 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=134.1.212.102 sport=80 dport=26224 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=174.163.179.73 dst=49.124.141.5 sport=1803 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=174.163.179.73 sport=80 dport=1803 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=125.138.165.114 dst=49.124.141.5 sport=32631 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=125.138.165.114 sport=80 dport=32631 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=158.56.243.60 dst=49.124.141.5 sport=56856 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=158.56.243.60 sport=80 dport=56856 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 431429 ESTABLISHED src=73.95.74.30 dst=49.124.141.5 sport=16440 dport=80 packets=1 bytes=40 [UNREPLIED] src=49.124.141.5 dst=73.95.74.30 sport=80 dport=16440 packets=0 bytes=0 mark=0 secmark=0 use=1
Search
Viewing all articles
Browse latest Browse all 60413

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Evanescence – The Ultimate Collection (6LP Set) (2017) [Vinyl Rip 24Bit/192Khz]

April 22, 2017, 5:56 am

Re: foot worship in a train journey

November 25, 2009, 4:57 am

Providence Mafia Figure Tony Parillo Lost Best Friend To Brutal Mob Hit As He...

July 2, 2015, 3:26 am

Status Quo – Discography (1968 – 2016)

June 26, 2017, 9:31 am

Ek Daav Dhobi Pachad- Marathi Movie Ashok Saraf

September 12, 2014, 2:19 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

SZA – SOS Deluxe: LANA (2025 Edition) [iTunes Plus M4A]

February 9, 2025, 5:51 pm

the range cannot be deleted (6028) in microsoft word

November 2, 2016, 12:56 pm

Carlos Hyde’s Girlfriend Mirtha Pichardo

November 30, 2020, 8:48 am

REQ: Aman Chauhan AWAKE Illenium Inspired Sample Pack Vol. 2

March 27, 2022, 2:27 pm

Gospel Music Artist DeWayne Woods Alleaged Male Lover Reveals All On...

May 16, 2015, 12:57 pm

Windows Update / Microsoft Update の接続先 URL について

February 27, 2017, 12:32 am

Today's Fanboy Delusion

August 8, 2019, 10:08 am

Character Encoding Handled the right way

October 9, 2014, 5:34 am

Chai Status, Funny Tea Quotes in Hindi, चाय पर शायरी

March 23, 2020, 9:12 am

Mick Jenkins – Wars & Rumors of Wars (Freestyle) – Single [iTunes Plus M4A]

February 21, 2025, 4:57 pm

A/L Technology Stream – Subject combinations, Syllabuses and Teacher guides

December 17, 2013, 6:12 pm

Xcelium Functional Coverage

February 13, 2019, 3:38 pm

Teri DeSario - Caught (1980) Lossless

November 20, 2016, 5:44 pm
Search