今天例行查看 VPS 发现了很多奇怪的连接，请大家帮忙看看是怎么回事。

刚刚登陆 vps 随手打了一个 sudo ss -tanp 想看看连接，理论上应该只有 sshd 的因为是前几天刚刚重装的系统还没开始用。但是结果是这样的：

State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=897,fd=12)) LISTEN 0 128 *:4484 *:* users:(("sshd",pid=802,fd=3)) TIME-WAIT 0 0 103.200.126.211:58748 124.202.159.69:80 TIME-WAIT 0 0 103.200.126.211:46486 193.28.235.36:80 TIME-WAIT 0 0 103.200.126.211:50766 193.219.28.2:80 TIME-WAIT 0 0 103.200.126.211:36826 210.71.189.53:80 TIME-WAIT 0 0 103.200.126.211:51450 72.4.120.219:80 TIME-WAIT 0 0 103.200.126.211:33962 149.56.229.30:80 TIME-WAIT 0 0 103.200.126.211:36290 85.13.241.50:80 TIME-WAIT 0 0 103.200.126.211:38172 133.24.248.18:80 TIME-WAIT 0 0 103.200.126.211:57468 146.6.54.21:80 TIME-WAIT 0 0 103.200.126.211:58472 103.29.148.124:80 TIME-WAIT 0 0 103.200.126.211:39606 166.78.229.131:80 TIME-WAIT 0 0 103.200.126.211:47384 89.38.249.150:80 TIME-WAIT 0 0 103.200.126.211:58758 124.202.159.69:80 TIME-WAIT 0 0 103.200.126.211:36384 200.93.227.165:80 TIME-WAIT 0 0 103.200.126.211:49354 94.236.26.35:80 TIME-WAIT 0 0 103.200.126.211:42696 104.129.31.245:80 TIME-WAIT 0 0 103.200.126.211:59762 219.216.128.25:80 TIME-WAIT 0 0 103.200.126.211:43496 147.52.159.12:80 TIME-WAIT 0 0 103.200.126.211:49804 141.138.141.28:80 TIME-WAIT 0 0 103.200.126.211:43926 150.65.7.130:80 TIME-WAIT 0 0 103.200.126.211:57476 123.255.202.74:80 TIME-WAIT 0 0 103.200.126.211:36270 85.13.241.50:80 TIME-WAIT 0 0 103.200.126.211:42366 96.44.142.5:80 TIME-WAIT 0 0 103.200.126.211:46388 198.55.111.5:80 TIME-WAIT 0 0 103.200.126.211:41792 201.159.221.67:80 TIME-WAIT 0 0 103.200.126.211:33244 194.105.226.20:80 TIME-WAIT 0 0 103.200.126.211:58698 212.224.83.174:80 TIME-WAIT 0 0 103.200.126.211:60970 160.10.5.26:80 TIME-WAIT 0 0 103.200.126.211:53240 208.81.1.244:80 TIME-WAIT 0 0 103.200.126.211:40140 5.135.66.221:80 TIME-WAIT 0 0 103.200.126.211:59772 219.216.128.25:80 TIME-WAIT 0 0 103.200.126.211:60912 115.186.188.244:80 TIME-WAIT 0 0 103.200.126.211:46374 198.55.111.5:80 TIME-WAIT 0 0 103.200.126.211:33720 180.150.156.88:80 TIME-WAIT 0 0 103.200.126.211:41484 145.220.21.40:80 TIME-WAIT 0 0 103.200.126.211:54448 69.195.83.87:80 TIME-WAIT 0 0 103.200.126.211:55948 62.149.2.9:80 TIME-WAIT 0 0 103.200.126.211:49384 129.102.1.37:80 TIME-WAIT 0 0 103.200.126.211:57114 202.38.97.230:80 TIME-WAIT 0 0 103.200.126.211:48400 125.212.220.48:80 TIME-WAIT 0 0 103.200.126.211:43810 87.121.121.2:80 TIME-WAIT 0 0 103.200.126.211:33000 74.205.112.120:80 TIME-WAIT 0 0 103.200.126.211:57124 202.38.97.230:80 TIME-WAIT 0 0 103.200.126.211:36312 119.9.32.73:80 TIME-WAIT 0 0 103.200.126.211:45116 210.27.80.126:80 ESTAB 0 244 103.200.126.211:4484 60.166.86.230:38212 users:(("sshd",pid=3499,fd=3),("sshd",pid=3495,fd=3)) TIME-WAIT 0 0 103.200.126.211:43092 103.29.148.124:443 TIME-WAIT 0 0 103.200.126.211:49334 140.211.166.134:80 TIME-WAIT 0 0 103.200.126.211:50672 123.58.173.186:80 TIME-WAIT 0 0 103.200.126.211:58022 173.44.32.10:80 TIME-WAIT 0 0 103.200.126.211:37848 192.26.91.193:80 TIME-WAIT 0 0 103.200.126.211:59448 109.68.120.144:80 TIME-WAIT 0 0 103.200.126.211:55700 121.134.248.147:80 TIME-WAIT 0 0 103.200.126.211:52678 109.205.113.85:80 TIME-WAIT 0 0 103.200.126.211:35004 202.90.159.172:443 TIME-WAIT 0 0 103.200.126.211:60742 83.166.201.99:80 TIME-WAIT 0 0 103.200.126.211:58864 5.199.174.4:80 TIME-WAIT 0 0 103.200.126.211:43178 103.252.152.2:80 TIME-WAIT 0 0 103.200.126.211:46134 103.52.3.50:80 TIME-WAIT 0 0 103.200.126.211:60698 46.22.137.105:80 TIME-WAIT 0 0 103.200.126.211:40152 134.160.38.1:80 TIME-WAIT 0 0 103.200.126.211:60808 103.246.18.4:80 TIME-WAIT 0 0 103.200.126.211:48060 93.115.3.1:80 TIME-WAIT 0 0 103.200.126.211:45118 210.27.80.126:80 LISTEN 0 100 ::1:25 :::* users:(("master",pid=897,fd=13)) LISTEN 0 128 :::4484 :::* users:(("sshd",pid=802,fd=4)) 

除了 4484 的 ssh 端口其他都是 time-wait 。之前从来没有这样的情况，我过了十几秒又 sudo ss -tanp 了一下 一切又正常了。

State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=897,fd=12)) LISTEN 0 128 *:4484 *:* users:(("sshd",pid=802,fd=3)) ESTAB 0 280 103.200.126.211:4484 60.166.86.230:38212 users:(("sshd",pid=3499,fd=3),("sshd",pid=3495,fd=3)) LISTEN 0 100 ::1:25 :::* users:(("master",pid=897,fd=13)) LISTEN 0 128 :::4484 :::* 

大家有遇到过这样的情况吗？我应该到哪里去检查知道具体是出什么问题了。

感谢感谢！