优酷加速器导致公司网络拥堵

最近公司上网老是卡,今天实在是没办法,怒了.

前几天在内网服务器装了个ntop,让后将它作为网关,登上去看了一下,发现4466端口很异常,不知道它干啥的,却跑了很多UDP流量. 按理来说我们公司用的FMS只应该有1935和19350后面一些端口的UDP流量.

然后登录服务器ssh执行

# tcpdump -n -i eth0 port 4466
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:34:03.430142 IP 192.168.1.108.4466 > 61.163.228.162.57154: UDP, length 16
21:34:03.458851 IP 192.168.1.124.4466 > 182.240.118.63.4466: UDP, length 583
21:34:03.930108 IP 192.168.1.108.4466 > 121.25.202.2.2430: UDP, length 16
21:34:03.930170 IP 192.168.1.108.4466 > 110.248.177.254.4466: UDP, length 16
21:34:03.959180 IP 192.168.1.124.4466 > 110.252.14.101.4466: UDP, length 16
21:34:03.959241 IP 192.168.1.124.4466 > 125.46.17.56.43215: UDP, length 256
21:34:03.959246 IP 192.168.1.124.4466 > 110.251.23.24.1051: UDP, length 16
21:34:04.095914 IP 192.168.1.124.4466 > 220.166.95.93.42455: UDP, length 1276
21:34:04.095945 IP 192.168.1.124.4466 > 220.166.95.93.42455: UDP, length 1276
21:34:04.096598 IP 192.168.1.124.4466 > 220.166.95.93.42455: UDP, length 872
21:34:04.097598 IP 192.168.1.124.4466 > 220.166.95.93.42455: UDP, length 1276
21:34:04.429585 IP 192.168.1.108.4466 > 121.22.157.183.28345: UDP, length 16
21:34:04.429648 IP 192.168.1.108.4466 > 121.28.238.24.4466: UDP, length 16
21:34:04.430352 IP 192.168.1.108.4466 > 221.207.184.42.9837: UDP, length 16
21:34:04.458703 IP 192.168.1.124.4466 > 119.118.237.83.6530: UDP, length 16
21:34:04.959030 IP 192.168.1.124.4466 > 182.240.118.63.4466: UDP, length 583
21:34:04.961477 IP 192.168.1.124.4466 > 222.95.169.209.65040: UDP, length 16
21:34:04.961538 IP 192.168.1.124.4466 > 111.85.176.163.3029: UDP, length 16
21:34:05.438651 IP 192.168.1.124.4466 > 218.28.38.222.7298: UDP, length 1276
21:34:05.439221 IP 192.168.1.124.4466 > 218.28.38.222.7298: UDP, length 1276
21:34:05.441056 IP 192.168.1.124.4466 > 218.28.38.222.7298: UDP, length 1276
21:34:05.442793 IP 192.168.1.124.4466 > 218.28.38.222.7298: UDP, length 1276
21:34:05.443987 IP 192.168.1.124.4466 > 218.28.38.222.7298: UDP, length 121
21:34:05.445971 IP 192.168.1.124.4466 > 218.28.38.222.7298: UDP, length 1276
21:34:05.458945 IP 192.168.1.124.4466 > 210.22.116.67.6697: UDP, length 16
21:34:05.459011 IP 192.168.1.124.4466 > 125.46.17.56.43215: UDP, length 256
21:34:05.536393 IP 192.168.1.108.4466 > 218.12.101.199.4466: UDP, length 16
21:34:05.930412 IP 192.168.1.108.4466 > 121.29.39.25.4466: UDP, length 16
21:34:06.431840 IP 192.168.1.108.4466 > 121.18.71.173.39160: UDP, length 16
21:34:06.431900 IP 192.168.1.108.4466 > 121.29.248.213.2534: UDP, length 16
21:34:06.431915 IP 192.168.1.108.4466 > 110.6.130.2.22147: UDP, length 16
21:34:06.458957 IP 192.168.1.124.4466 > 182.240.118.63.4466: UDP, length 583
21:34:06.460967 IP 192.168.1.124.4466 > 175.152.167.159.4466: UDP, length 16
21:34:06.959813 IP 192.168.1.124.4466 > 119.248.51.183.61243: UDP, length 16
21:34:06.960206 IP 192.168.1.124.4466 > 112.2.91.12.3403: UDP, length 16
21:34:06.960337 IP 192.168.1.124.4466 > 125.46.17.56.43215: UDP, length 256

尼玛的,这还了得?立马封端口!

iptables -I FORWARD -m udp -p udp --dport 4466 -j DROP
iptables -I FORWARD -m udp -p udp --sport 4466 -j DROP

再刷新网页试试,网速终于回到了正常水平.

找到ip为192.168.1.124的同事,在他电脑上检查了一下是哪个程序在使用4466通信

netstat -aon|findstr 4466

在最后一列有进程的pid,在任务管理器中,找到了对应的程序,发现是优酷的加速服务. 简直比迅雷还坑爹啊,迅雷关了以后,至少不会影响我上网,你这个关了,影响全公司啊!!! 于是让同事赶紧卸载掉这个蛋疼玩意儿,事情告一段落.

Published: December 10 2012

  • category:
  • tags: