10x increase in received packets
 

Today, I noticed a 10x increase in received packets. Usually, my server use around 5GB/day of bandwidth, however all of a sudden it increased to 50GB/day (according to vnstat on eth0):
rx 1750.40 kB/s 27904 packets/s
tx 699.48 kB/s 11099 packets/s

Pretty soon DC might plug off my server if this won't stop. How am I suppose to detect from where those packets come from and filter them? Also I guess I should report to DC after.

Any help will be much appreciated.

Show distro name & version.
Also, which service(s) is this occurring on.
Show example logfiles.

Linux debian 2.6.18-6-686-bigmem #1 SMP Fri Dec 12 17:49:59 UTC 2008 i686 GNU/Linux

I typed:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

To calculate and count the number of connections each IP address makes to the server and I managed to set iptables to drop packets from IP i've found to have over 400 connections. However right now I get this (using the above command; pasting only those with high values):
467
1357 127.0.0.1

As you can see there are 467 from unknown(?) ip and 1357 from localhost, which I both completely don't understand. Other thing is, I'm sure the other IP I blocked with iptables is still sending me packets, but that I can't block (just to drop them, as I did). So what to do now? That's how it looks right now (after setting up iptables for the abusive IP):

Traffic average for eth0

rx 1210.70 kB/s 19216 packets/s
tx 14.63 kB/s 126 packets/s