Hello. I apologize if the question is stupid, slowly I understand. The server is constantly being attacked, then the DUP overdrive channel. Simply are sending packets to overload the server resources.
Now the attack went on network resources, services do not know how to. The server always shows one core loading to 100%. Unplug the network, the load disappears. Including appears again loading a kernel 100%, so it is of the same is not available.
Nyack large queries to a server there. I sit I think myself as protection is set. Time passes nada to do something)
Until we begin to understand - hire people.
People are already employed, but will start to work only from Monday, there will need to be set up to discuss everything is still not too fast. Because asking right now.
Just wondering what kind of attack this, when all the Jadar are free and one is always loaded. According to the monitoring process of loading all no more than 5%.
No requests to the server.
Usually if there is a charge, once there is a lot of requests, but here's how it is. ---------- Posted 14.06.2020 at 14:29 ---------- Tried to stop the service ngins, mskyul did not help.
Stops the operation of the network interface with the kernel load subsides. Renewable begins again.
service networking stop, a core load is gone. As you can see the attack comes at the service of networking because LVC I have no idea what to do next.
Ngins service, php, mskyul cut off any response.
I do not see anything.
What processes create this load it?
The fact of the matter that no. All processes in the region of 0 and 111% load SPU. In general standard.
I turned off all the workers of service including web server mskyul etc. programs left a bare system. no load is not on processes. But the core is constantly at 100% loaded.
Load kernel subsides only when I stop the service networking stop.
What do the team nload When the network (the command to select the external interface)?
If bash writes that the team does not exist, install the package through
apt-get install nload
It is advisable to also see what packages and who arrive at the network interface:
That's about how it looks. Install can not, do not have enough speed))
Normal packages come, I understand a little, but apparently trying to enter the site that does not work. How else would keep the list somewhere else, through hard work sqm.
So is tried through iptabl all close
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Vang - DDoS no no. TC first established htop, I saw the workload of the core and panicked.
Typically, such a load is displayed on the course is not it? And that strange if you disable Network service it disappears. I will not argue, I'm a little understand. Just for general razviitya attack NGOs DUP I understand, is also on the development of resources in general. But this attack is unclear.
To post a new comment, please log in or register