S9300(V2R3)cpu利用率中VTYD进程的利用率高

发布时间:  2015-03-09 浏览次数:  457 下载次数:  0
问题描述

S9300 CPU利用率高81,其中进程VTYD的cpu利用率达到71%

<huawei9300>dis cpu       
CPU Usage Stat. Cycle: 60 (Second)
CPU Usage            : 52% Max: 99%
CPU Usage Stat. Time : 2015-03-09  10:17:41
CPU utilization for five seconds: 52%: one minute: 52%: five minutes: 53%.

TaskName        CPU  Runtime(CPU Tick High/Tick Low)  Task Explanation
BOX              0%         0/  884d48       BOX Output                   
_TIL             0%         0/       0       Infinite loop event task     
_EXC             0%         0/       0       Exception Agent Task         
VIDL            19%         4/bc4266c1       DOPRA IDLE                   
TICK             0%         0/ 7cfd009                                    
STND             0%         0/  5b7b66       STNDStandby task             
INFO             0%         0/  11e531       INFOInformation center       
DEV              0%         0/  d24a96       DEV  Device                  
CHAL             0%         0/       0       CHAL                         
BEAT             0%         0/  d38d6a       BEAT                         
FCAT             0%         0/   77eb3       FCAT FECD task for catch packet
MOD              0%         0/       0       MOD  Module Management       
IPCR             0%         0/ 32d2c6f       IPCR                         
VPR              0%         0/ 306d22e       VPR                          
VPS              0%         0/       0       VPS                          
Eout             0%         0/       0       Eout                         
Ecm              0%         0/ 17b07ed       Ecm                          
IPCQ             0%         0/ 3c41f37       IPCQIPC task for single queue
VP               0%         0/   11806       VP  Virtual path task        
RPCQ             0%         0/  1c912f       RPCQRemote procedure call    
Load             0%         0/       0       LoadS                        
LDRV             0%         0/       0       LDRV                         
RTMR             0%         0/ 94ec4b8       RTMR                         
VFS              0%         0/       0       VFS Virtual file system      
VMON             0%         0/   57afb       VMONSystem monitor           
LCSP             0%         0/       0       LCSP                         
VT0              0%         0/ a512562       VT0 Line user's task         
smsTimer         0%         0/ 20095fd       tS05                         
smsTx            0%         0/  34492d       tS06                         
smsRx            0%         0/  16b237       tS07                         
smsRqDeal        0%         0/   83a11       tS08                         
smsRsDeal        0%         0/  2d5d77       tS09                         
smsLoad          0%         0/ 15e280a       tS0a                         
root             0%         0/       0       tS0b                         
CssComp          0%         0/       0       tS0c                         
bcmDPC           0%         0/       0       tS15                         
PortMon.0        0%         0/   382cd       tS16                         
bcmCNTR.0        0%         0/1388f5c7       tS17                         
bcmTX            0%         0/ 33932b7       tS18                         
bcmXGS3AsyncTX   0%         0/       0       tS19                         
bmLINK.0         0%         0/ 89a0bcd       tS1a                         
bcmRX            1%         0/2a1e3edc       tS1f                         
LCS              0%         0/    1343       LCS license Task             
SAPP             0%         0/  8b8df6       SAPP                         
NQAC             0%         0/       0       NQAC                         
NQAS             0%         0/       0       NQAS                         
VOAM             0%         0/       0       VOAM                         
MINM             0%         0/  332c4b       MINMMac in Mac               
APS              0%         0/  2f43b4       APS Automatic Protection Switch
ALM              0%         0/ 135f626       ALM  Alarm                   
DEVA             0%         0/       0       DEVA Device assistant        
DFSU             0%         0/ 1246325       DFSU                         
DSMS             0%         0/   ab73b       DSMS                         
SUPP             0%         0/  b5239d       SUPP                         
SIMU             0%         0/       0       SIMU                         
DIAG             0%         0/       0       DIAG                         
ELAB             0%         0/       0       ELAB                         
Xpon             0%         0/  a6cc4e       Xpon                         
UDPH             0%         0/       0       UDPH                         
FM93             0%         0/       0       FM9300                       
FMCK             0%         0/ 11434ad       FMCK9300                     
AMCP             0%         0/  20b1b3       AMCP                         
FIB6             0%         0/ 149594a       FIB6IPv6 FIB                 
BFD              0%         0/  9702e0       BFD Bidirection Forwarding Detect
TNLM             0%         0/ 1189804       TNLM                         
OAM              0%         0/  63d881       OAM OAM                      
LSPA             0%         0/       0       LSPA                         
L2V              0%         0/       0       L2V                          
SNPG             0%         0/  bf87f7       SNPG Multicast Snooping      
OAM1             0%         0/       0       OAM1 EOAM Adapter            
CCTL             0%         0/       0       CCTLBulk stat connect control
TCTL             0%         0/       0       TCTLBulk stat transmit control
NAP              0%         0/       0       NAP                          
EOAM             0%         0/  11e421       EOAMEthernet OAM 802.1ag     
TRAF             0%         0/  6256c2       TRAFTraffic Statistics       
SLAG             0%         0/       0       SLAG                         
ITSK             0%         0/  221ce8       ITSKIPOS common task         
IPMC             0%         0/ 30cfaa6       IPMC Adapter                 
CDM              0%         0/  71e63a       CDM                          
CSBR             0%         0/       0       CSBRCompare slave buildrun-info
SOCK             1%         0/2a1da7a0       SOCKPacket schedule and process
VTRU             0%         0/       0       VTRUNK                       
FIB              0%         0/       0       FIB Forward Information Base 
MFIB             0%         0/   2b773       MFIBMulticast forward info   
IFNT             0%         0/       0       IFNTIfnet task               
U 34             0%         0/       0       U 34 user command process task
VTYD            71%         4/1d4b8ae6       VTYDVirtual terminal         
RSA              0%         0/       0       RSA RSA public-key algorithms
AGNT             0%         0/128c38f3       AGNTSNMP agent task          
TRAP             0%         0/ 1147992       TRAPSNMP trap task           
AGT6             0%         0/       0       AGT6SNMP AGT6 task           
FMAT             0%         0/   1a5ff       FMATFault Manage task        
MDMT             0%         0/  a32596       MDMTModem task               
NTPT             0%         0/ 73a5493       NTPTNetwork time protocol task
CFM              0%         0/       0       CFM Configuration file management
HS2M             0%         0/  c5d604       HS2MHigh available task      
ISSU             0%         0/       0       ISSU                         
WEBS             0%         0/  dd1068       WEBSERVER                    
CMDA             0%         0/       0       CMDA                         
FECD             0%         0/   4b378       FECD Forward Equal Class Develope
NSA              0%         0/       0       NSA                          
L3AD             0%         0/ 3a21992       L3AD                         
NDAD             0%         0/       0       NDAD                         
ARPA             0%         0/       0       ARPA                         
PPIU             0%         0/       0       PPIU                         
PING             0%         0/       0       PING                         
MPLS             0%         0/       0       MPLS                         
GREP             0%         0/   693b4       GREP                         
OAMT             0%         0/       0       OAMT                         
SECE             0%         0/ 2938070       SECE Security                
DEFD             0%         0/   10106       DEFD CPU Defend              
STRA             0%         0/       0       STRA Source Track            
QOSA             0%         0/    21bf       QOSA                         
RACL             0%         0/   47bc9       RACL                         
MFF              0%         0/   afe4c       MFF MAC Forced Forwarding    
VCON             0%         0/       0       VCON                         
LOAD             0%         0/   69620       LOAD                         
SMLK             0%         0/  63af0e       SMLK Smart Link Protocol     
UCM              0%         0/   2c49b       UCM  User Control Management 
AM               0%         0/  1c3cac       AM   Address Management      
DHCP             0%         0/   b874e       DHCP Dynamic Host Config Protocol
AAA              0%         0/       0       AAA  Authen Account Authorize
SRVC             0%         0/  25d7e0       SRVC                         
TM               0%         0/       0       TM   Transmission Management 
RDS              0%         0/       0       RDS  Radius                  
TACH             0%         0/  5b80c1       TACHWTACACS                  
WEB              0%         0/       0       WEB  Web                     
PTAL             0%         0/       0       PTAL Portal                  
EAP              0%         0/   ae4a1       EAP  Extensible Authen protocol
POE+             0%         0/       0       POE+ PPP Over Ethernet Plus  
IFPD             0%         0/       0       IFPD                         
PPI              0%         0/  14d6d1       PPI Product Process Interface
HVRP             0%         0/       0       HVRP Protocol                
HGMP             0%         0/       0       HGMPADP HGMP Adapter         
GVRP             0%         0/       0       GVRP Protocol                
ADPG             0%         0/       0       ADPGVRP GVRP Adapter         
EFMT             0%         0/       0       EFMTEST 802.3AH Test         
ADPT             0%         0/       0       ADPT                         
DLDP             0%         0/   95626       DLDP Protocol                
FTPS             0%         0/ 53de60b       FTPS Main task of FTP server 
LDT              0%         0/  831c82       LDT Loop Detection           
LLDP             0%         0/   53dae       LLDP Protocol                
SDKD             0%         0/ 1365632       SDKD                         
SDKE             0%         0/       0       SDKE                         
MTR              0%         0/       0       MTR                          
IS2U             0%         0/       0       IS2U                         
SFPM             0%         0/  10dd4e       SFPM                         
FMON             0%         0/       0       FMON                         
OAMI             0%         0/       0       OAMI                         
CSSM             0%         0/       0       CSSM                         
CKDV             0%         0/       0       CKDV                         
GTL              0%         0/       0       GTL                          
ROUT             0%         0/ 3f999f6       ROUTRoute task               
LSPM             0%         0/  107a36       LSPMLsp management           
RSVP             0%         0/       0       RSVP task                    
LDP              0%         0/       0       LDP task                     
CSPF             0%         0/       0       CSPF task                    
UTSK             0%         0/       0       UTSK                         
APP              0%         0/       0       APP                          
IP               0%         0/ 285163b       IP                           
LINK             0%         0/ 3c36d8d       LINK                         
VRPT             0%         0/  1c7349       VRPT                         
HOTT             0%         0/       0       HOTT                         
TNQA             0%         0/   c28d4       TNQAC                        
TTNQ             0%         0/    a7e2       TTNQAS                       
TARP             0%         0/       0       TARPING                      
TTVP             0%         0/       0       TTVPLS                       
L2               0%         0/  8321aa       L2                           
VRRP             0%         0/ 505bf95       VRRP                         
L2_P             0%         0/ 15df8e3       L2_PR                        
ARP              0%         0/       0       ARP                          
SIMC             0%         0/       0       SIMC                         
RMON             0%         0/  13cb52       RMONRemote monitoring        
TAD              0%         0/       0       TAD Transmission Alarm Damping
bcmD             0%         0/       0       bcmD                         
VT               0%         0/       0       VT                           
OS               8%         0/d2c4463f       Operation System   

处理过程

1.查看log信息:

Mar  9 2015 10:19:04 huawei9300 %%01DEFD/4/CPCAR_DROP_LPU(l)[8]:Some packets are dropped by cpcar on the LPU in slot 6. (Protocol=ssh, Drop-Count=0234)

2.查看dis cpu-defend statistics al

-------------------------------------------------------------------------------
Statistics on slot 6:
-------------------------------------------------------------------------------
Packet Type         Pass(Bytes)  Drop(Bytes)   Pass(Packets)   Drop(Packets)
-------------------------------------------------------------------------------

telnet                     3744            0              48               0

3.从以上信息,可以看出有大量的telnet的报文丢弃;可以判断有攻击者在大量尝试登陆设备

 

根因
有攻击者暴力登陆设备,导致vtyd(vty防护)进程的cpu利用率增高
解决方案

在user-interface vty 0 4下配置acl解决:

操作步骤
1. 执行命令system-view,进入系统视图。
2. 执行命令user-interface [ ui-type ] first-ui-number [ last-ui-number ],进入用户界面视图。
3. 执行命令acl acl-number { inbound | outbound },配置VTY类型用户界面的呼入呼出限制。
当需要限制某个地址或地址段的用户登录到交换机时,使用inbound;当需要限制已经登录的用户登录到其它交换机时,使用outbound。

END