问题描述:
不定时异常重启,重启后时间掉回2011年,有时几分钟有时几小时;重启期间虚拟局域网IP也掉线,路由下面连着两台核心交换机
组网及组网描述:
双wan进,一移动固定公网静态ip和一个电信ppoe拨号,下联两台核心交换机;承载上网设备50台,局域网监控860台数据不经过路由
- 2023-05-17提问
- 举报
-
(0)
看下CPU和内存有没有问题,升级到最新版本,指一下日志服务器。再观察
ATK_ICMP_UNREACHABLE_RAW
留言文字 | IcmpType(1058)=[UINT32]; RcvIfName(1023)=[字符串];SrcIPAddr(1003)=[IPADDR];DSLiteTunnelPeer(1040)=[字符串];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1041)=[字符串];操作(1049)=[字符串]。 |
变量字段 | $1:ICMP 消息类型。 $2:接收接口名称。 3 美元:源 IP 地址。 $4:对端 DS-Lite 隧道接口的 IP 地址。 5 美元:目标 IP 地址。 $6:接收 VPN 实例的名称。 7 美元:针对攻击的行动。 |
严重性级别 | 5 |
例子 | ATK/5/ATK_ICMP_UNREACHABLE_RAW: IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1041)=--; 行动(1049)=记录。 |
解释 | 如果启用日志聚合,对于相同属性的ICMP目的不可达报文,只有在收到第一个报文时才发送该消息。 如果禁用日志聚合,则每次收到 ICMP 目标不可达数据包时都会发送此消息。 |
建议操作 | 无需任何操作。 |
- 2023-05-17回答
- 评论(7)
- 举报
-
(0)
已经时最新版本
================================================ ===============display version=============== H3C Comware Software, Version 7.1.064, Release 6728P25 Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved. H3C MER5200 uptime is 0 weeks, 0 days, 0 hours, 42 minutes Last reboot reason : Exception reboot Boot image: flash:/mer5200-cmw710-boot-r6728p25.bin Boot image version: 7.1.064P80, Release 6728P25 Compiled Nov 23 2022 15:00:00 System image: flash:/mer5200-cmw710-system-r6728p25.bin System image version: 7.1.064, Release 6728P25 Compiled Nov 23 2022 15:00:00 Feature image(s) list: flash:/mer5200-cmw710-security-r6728p25.bin, version: 7.1.064 Compiled Nov 23 2022 15:00:00 flash:/mer5200-cmw710-voice-r6728p25.bin, version: 7.1.064 Compiled Nov 23 2022 15:00:00 flash:/mer5200-cmw710-data-r6728p25.bin, version: 7.1.064 Compiled Nov 23 2022 15:00:00 CPU ID: 0xc 1G bytes DDR3 SDRAM Memory 256M bytes Flash Memory PCB Version: 1.0 CPLD Version: 0.0 Basic BootWare Version: 1.23 Extended BootWare Version: 1.23 [SLOT 0]CON (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]GE0/0 (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]GE0/1 (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]GE0/2 (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]GE0/3 (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]GE0/4 (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]GE0/5 (Hardware)1.0, (Driver)1.0, (CPLD)0.0 [SLOT 0]CELLULAR0/0 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
cpu7%内存62%
那就指一下日志服务器吧,下次重启后看下重启这个时间段的日志
May 17 14:50:32 192.186.10.1 May 17 14:50:32 2023 C %%10ATK/5/ATK_ICMP_UNREACHABLE_RAW: SubModule(1127)=SINGLE; IcmpType(1062)=3; RcvIfName(1023)=Dialer0; SrcIPAddr(1003)=124.238.43.232; SndDSLiteTunnelPeer(1041)=--; DstIPAddr(1007)=113.81.70.238; RcvVPNInstance(1042)=; Action(1053)=logging,drop. May 17 14:50:32 192.186.10.1 May 17 14:50:32 2023 C %%10ATK/5/ATK_ICMP_UNREACHABLE_RAW: SubModule(1127)=SINGLE; IcmpType(1062)=3; RcvIfName(1023)=Dialer0; SrcIPAddr(1003)=219.144.248.111; SndDSLiteTunnelPeer(1041)=--; DstIPAddr(1007)=113.81.70.238; RcvVPNInstance(1042)=; Action(1053)=logging,drop. May 17 14:50:32 192.186.10.1 May 17 14:50:32 2023 C %%10ATK/5/ATK_ICMP_UNREACHABLE_RAW: SubModule(1127)=SINGLE; IcmpType(1062)=3; RcvIfName(1023)=Dialer0; SrcIPAddr(1003)=36.46.109.0; SndDSLiteTunnelPeer(1041)=--; DstIPAddr(1007)=113.81.70.238; RcvVPNInstance(1042)=; Action(1053)=logging,drop. May 17 14:50:32 192.186.10.1 May 17 14:50:32 2023 C %%10ATK/5/ATK_ICMP_UNREACHABLE_RAW: SubModule(1127)=SINGLE; IcmpType(1062)=3; RcvIfName(1023)=Dialer0; SrcIPAddr(1003)=171.44.93.43; SndDSLiteTunnelPeer(1041)=--; DstIPAddr(1007)=113.81.70.238; RcvVPNInstance(1042)=; Action(1053)=logging,drop. May 17 14:54:41 192.186.10.1 May 17 14:54:40 2023 C %%10NTP/5/NTP_CLOCK_CHANGE: System clock changed from 08:02:40:208 01/01/2011 to 14:54:40:830 05/17/2023, the NTP server's IP address is 129.6.15.29. May 17 14:54:41 192.186.10.1 May 17 14:54:40 2023 C %%10NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 3 to 0 after clock update. May 17 14:54:41 192.186.10.1 May 17 14:54:40 2023 C %%10NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 16 to 2 after clock update. May 17 14:54:41 192.186.10.1 May 17 14:54:40 2023 C %%10PWDCTL/3/PWDCTL_UPDATETIME: Last login time updated after clock update. May 17 14:56:27 192.186.10.1 May 17 14:56:26 2023 C %%10WEB/5/LOGIN: admin 从 192.186.10.28 登录成功. May 17 15:04:59 192.186.10.1 May 17 15:04:58 2023 C %%10ATK/5/ATK_ICMP_UNREACHABLE_RAW: SubModule(1127)=SINGLE; IcmpType(1062)=3; RcvIfName(1023)=Dialer0; SrcIPAddr(1003)=49.84.213.61; SndDSLiteTunnelPeer(1041)=--; DstIPAddr(1007)=113.83.241.160; RcvVPNInstance(1042)=; Action(1053)=logging,drop. May 17 15:06:37 192.186.10.1 May 17 15:06:36 2023 C %%10XMLCFG/6/WEB_AGENT_TIMEOUT: user admin from 192.186.10.28, session id 1, idle timed out. May 17 15:06:37 192.186.10.1 May 17 15:06:37 2023 C %%10WEB/5/LOGOUT: admin 从 192.186.10.28 退出登录. May 17 15:08:11 192.186.10.1 May 17 15:08:11 2023 C %%10ATK/5/ATK_ICMP_UNREACHABLE_RAW: SubModule(1127)=SINGLE; IcmpType(1062)=3; RcvIfName(1023)=GigabitEthernet0/1; SrcIPAddr(1003)=167.248.133.139; SndDSLiteTunnelPeer(1041)=--; DstIPAddr(1007)=183.234.206.181; RcvVPNInstance(1042)=; Action(1053)=logging,drop.
ICMP的攻击日志
这个日志看不出什么来
您好,升级下版本到最新
- 2023-05-17回答
- 评论(1)
- 举报
-
(0)
已经时最新版本
已经时最新版本
================================================
===============display
version===============
H3C Comware Software, Version 7.1.064, Release 6728P25
Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.
H3C MER5200 uptime is 0 weeks, 0 days, 0 hours, 42 minutes
Last reboot reason : Exception reboot
Boot image: flash:/mer5200-cmw710-boot-r6728p25.bin
Boot image version: 7.1.064P80, Release 6728P25
Compiled Nov 23 2022 15:00:00
System image: flash:/mer5200-cmw710-system-r6728p25.bin
System image version: 7.1.064, Release 6728P25
Compiled Nov 23 2022 15:00:00
Feature image(s) list:
flash:/mer5200-cmw710-security-r6728p25.bin, version: 7.1.064
Compiled Nov 23 2022 15:00:00
flash:/mer5200-cmw710-voice-r6728p25.bin, version: 7.1.064
Compiled Nov 23 2022 15:00:00
flash:/mer5200-cmw710-data-r6728p25.bin, version: 7.1.064
Compiled Nov 23 2022 15:00:00
CPU ID: 0xc
1G bytes DDR3 SDRAM Memory
256M bytes Flash Memory
PCB Version: 1.0
CPLD Version: 0.0
Basic BootWare Version: 1.23
Extended BootWare Version: 1.23
[SLOT 0]CON (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/0 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/1 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/2 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/3 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/4 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]GE0/5 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
[SLOT 0]CELLULAR0/0 (Hardware)1.0, (Driver)1.0, (CPLD)0.0
- 2023-05-17回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
这个日志看不出什么来