| Author | Topic: WAA1SRV.EXE 100% CPU Usage - How to Block IP? |
---|
| Paulo Pinheiro | WAA1SRV.EXE 100% CPU Usage - How to Block IP?
on Fri, 23 Apr 2010 13:01:04 +0100Hello All
Sometimes i found my Web Server with 100% CPU Usage.
The problem is a connection established to WAA1SRV.EXE:1024 with CLOSE_WAIT
status.
The origin of this connection is many times "9.162.158.61.ha.cnc".
I have already blocked this IP in the IIS, but it keeps comming...
Is there a way to block the IP from accessing WAA1SRV in the configuration
of the WAA?
TIA,
Paulo Pinheiro |
| Bruce Anderson | Re: WAA1SRV.EXE 100% CPU Usage - How to Block IP?
on Fri, 23 Apr 2010 08:07:30 -0500CNC Group CHINA169 Henan Province Network
Address (click for more detail): 61.158.162.9
Hostname: 9.162.158.61.ha.cnc
Country: CN
AS: 4837
AS Name: CHINA169-BACKBONE CNCGROUP China169 Backbone
Network: 61.158.128.0/17
Reports: 1436837
Targets: 1778
First Reported: 2009-09-10
Most Recent Report: 2010-04-23 |
| Thomas Braun
| Re: WAA1SRV.EXE 100% CPU Usage - How to Block IP?
on Fri, 23 Apr 2010 15:37:47 +0200Paulo Pinheiro wrote:
> The origin of this connection is many times "9.162.158.61.ha.cnc".
>
> I have already blocked this IP in the IIS, but it keeps comming...
Which IP did you block exactly, "9.162.158.61" ?
If yes, then you are wrong
The notation above is reversed, so the actual IP to be blocked is
61.158.162.9
You can also confirm this by doing a reverse DNS lookup at
http://remote.12dt.com/lookup.php with both IPs.
regards
Thomas |
| Paulo Pinheiro | Re: WAA1SRV.EXE 100% CPU Usage - How to Block IP?
on Mon, 26 Apr 2010 11:36:17 +0100> Which IP did you block exactly, "9.162.158.61" ?
>
> If yes, then you are wrong
Yep, i was wrong :$
Thank you.
"Thomas Braun" <spam@software-braun.de> escreveu na mensagem
news:aqzx7syokr4t$.ioaaus4qjjz1$.dlg@40tude.net...
> Paulo Pinheiro wrote:
>
>> The origin of this connection is many times "9.162.158.61.ha.cnc".
>>
>> I have already blocked this IP in the IIS, but it keeps comming...
>
> Which IP did you block exactly, "9.162.158.61" ?
>
> If yes, then you are wrong
>
> The notation above is reversed, so the actual IP to be blocked is
> 61.158.162.9
>
> You can also confirm this by doing a reverse DNS lookup at
> http://remote.12dt.com/lookup.php with both IPs.
>
> regards
> Thomas |
| Thomas Braun
| Re: WAA1SRV.EXE 100% CPU Usage - How to Block IP?
on Mon, 26 Apr 2010 17:25:44 +0200Paulo Pinheiro wrote:
>> Which IP did you block exactly, "9.162.158.61" ?
>>
>> If yes, then you are wrong
>
> Yep, i was wrong :$
g
> Thank you.
You are welcome
Thomas |