DDoS attack on network resources?

12 3
ЛЛ
Site user since 12.11.2018
Offline
40
133

Hello. I apologize if the question is stupid, slowly I understand. The server is constantly being attacked, then the DUP overdrive channel. Simply are sending packets to overload the server resources.

Now the attack went on network resources, services do not know how to. The server always shows one core loading to 100%. Unplug the network, the load disappears. Including appears again loading a kernel 100%, so it is of the same is not available.

Nyack large queries to a server there. I sit I think myself as protection is set. Time passes nada to do something)

Gans Gauss
Site user since 26.08.2015
Offline
124
#1
Lelouch Lamperouge:
Hello. I apologize if the question is stupid, slowly I understand. The server is constantly being attacked, then the DUP overdrive channel. Simply are sending packets to overload the server resources. Now the attack went on network resources, services do not know how to. The server always shows one core loading to 100%. Unplug the network, the load disappears. Including appears again loading a kernel 100%, so it is of the same is not available. Nyack large queries to a server there. I sit I think myself as protection is set. Time passes nada to do something)

Until we begin to understand - hire people.

Помощь с оплатой от юридических лиц (/ru/forum/999084)
ЛЛ
Site user since 12.11.2018
Offline
40
#2
Gans Gauss:
Until we begin to understand - hire people.

People are already employed, but will start to work only from Monday, there will need to be set up to discuss everything is still not too fast. Because asking right now.

Just wondering what kind of attack this, when all the Jadar are free and one is always loaded. According to the monitoring process of loading all no more than 5%.

No requests to the server.

Usually if there is a charge, once there is a lot of requests, but here's how it is.

---------- Posted 14.06.2020 at 14:29 ----------

Tried to stop the service ngins, mskyul did not help.

Stops the operation of the network interface with the kernel load subsides. Renewable begins again.

service networking stop, a core load is gone. As you can see the attack comes at the service of networking because LVC I have no idea what to do next.

Ngins service, php, mskyul cut off any response.

png Screenshot_139.png
lealhost
Site user since 07.06.2014
Offline
112
#3
Lelouch Lamperouge:
As you can see the attack comes at the service of networking because LVC I have no idea what's next

I do not see anything.

What processes create this load it?

Дешевый хостинг на SSD дисках, SSL-сертификаты (https://lealhost.com) | Домены RU/РФ - 160 рублей (https://lealhost.com/domains/)
ЛЛ
Site user since 12.11.2018
Offline
40
#4
lealhost:
I do not see anything. What processes create this load it?

The fact of the matter that no. All processes in the region of 0 and 111% load SPU. In general standard.

ЛЛ
Site user since 12.11.2018
Offline
40
#5

I turned off all the workers of service including web server mskyul etc. programs left a bare system. no load is not on processes. But the core is constantly at 100% loaded.

Load kernel subsides only when I stop the service networking stop.

lealhost
Site user since 07.06.2014
Offline
112
#6

What do the team nload When the network (the command to select the external interface)?

If bash writes that the team does not exist, install the package through

 apt-get install nload 
If it will establish such a network.

It is advisable to also see what packages and who arrive at the network interface:

 tcpdump -nnvvS 
ЛЛ
Site user since 12.11.2018
Offline
40
#7
lealhost:
What do the team nload When the network (the command to select the external interface)? If bash writes that the team does not exist, install the package through
 apt-get install nload 
If it will establish such a network. It is advisable to also see what packages and who arrive at the network interface:
 tcpdump -nnvvS 

That's about how it looks. Install can not, do not have enough speed))

png Screenshot_142.png
ЛЛ
Site user since 12.11.2018
Offline
40
#8
lealhost:
It is advisable to also see what packages and who arrive at the network interface:
 tcpdump -nnvvS 

Normal packages come, I understand a little, but apparently trying to enter the site that does not work. How else would keep the list somewhere else, through hard work sqm.

So is tried through iptabl all close

iptables -P INPUT DROP

iptables -P OUTPUT DROP

iptables -P FORWARD DROP

Any result.

D
Site user since 28.06.2008
Offline
983
#9

Vang - DDoS no no. TC first established htop, I saw the workload of the core and panicked.

ЛЛ
Site user since 12.11.2018
Offline
40
#10
dram:
Vang - DDoS no no. TC first established htop, I saw the workload of the core and panicked.

Typically, such a load is displayed on the course is not it? And that strange if you disable Network service it disappears. I will not argue, I'm a little understand. Just for general razviitya attack NGOs DUP I understand, is also on the development of resources in general. But this attack is unclear.

12 3

To post a new comment, please log in or register