10x increase in received packets
Today, I noticed a 10x increase in received packets. Usually, my server use around 5GB/day of bandwidth, however all of a sudden it increased to 50GB/day (according to vnstat on eth0):
rx 1750.40 kB/s 27904 packets/s tx 699.48 kB/s 11099 packets/s Pretty soon DC might plug off my server if this won't stop. How am I suppose to detect from where those packets come from and filter them? Also I guess I should report to DC after. Any help will be much appreciated. |
Show distro name & version.
Also, which service(s) is this occurring on. Show example logfiles. |
Linux debian 2.6.18-6-686-bigmem #1 SMP Fri Dec 12 17:49:59 UTC 2008 i686 GNU/Linux
I typed: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n To calculate and count the number of connections each IP address makes to the server and I managed to set iptables to drop packets from IP i've found to have over 400 connections. However right now I get this (using the above command; pasting only those with high values): 467 1357 127.0.0.1 As you can see there are 467 from unknown(?) ip and 1357 from localhost, which I both completely don't understand. Other thing is, I'm sure the other IP I blocked with iptables is still sending me packets, but that I can't block (just to drop them, as I did). So what to do now? That's how it looks right now (after setting up iptables for the abusive IP): Traffic average for eth0 rx 1210.70 kB/s 19216 packets/s tx 14.63 kB/s 126 packets/s |
All times are GMT -5. The time now is 07:17 PM. |