On screen is not clear that the ship one processor core!
Let's see 15 processes with a heavy load on the processor.
ps -eo% C% p% u% c --sort% cpu | tail -n15
Attack now, no. How will try to enter a command. The fact of the matter through htop does not show that it was Georgia. Just at the time of the attack one core at 100% and all the network does not work immediately. Everything else works.
In general, there is an assumption that it was the ICMP attack.
Google softirq, what it is and what to eat :)
Just setevuhi interruption weigh on one core and they should be spread evenly
Thank you so honored. Little is understood but the essence is that the resource network card uses a single core. And as I understand there is a attack on danyny resource map of all scores which increases the load on the core? In general, there is little excuse vkurivayu far from it. ---------- Posted 15.06.2020 at 14:23 ----------
Yes, I did understand.
Thank you once again suggested, the problem became more clear. That's how it happens and what dos on the NIC. I never would have guessed. ---------- Posted 15.06.2020 at 14:45 ---------- Now I think how best to arrange everything on the server.
On a single server 443. Forum on the second server + game project site on port 80.
I'm thinking for the first server to transfer all the sites forum and gaming site (gaming site remotely connects to the second server).
On the second server, leaving only a game project without sites.
Will it be a rational solution?
In this case, it is unlikely that blurring interrupt cores will work. More precisely, they can not be properly spaced. Without external protection is not normally exported. You can potyunit network stack, but it will gain a maximum of ten percent of performance of the network that does not solve the problem completely. Affordable hardware does not have to defend against DDoS completely. ---------- Posted 16.06.2020 at 14:32 ----------
Initially - yes, and it was necessary to do.
Well now we have closed all udp traffic, leaving only tcp ports 80 and 443. The game I block them through Iptable I see a lot of requests from the un. It seems to work. But there is so such an attack there, traffic is small, there is no part of the query. A kernel is still 100%. Accordingly, the network is down. I do not know how to solve this problem.
connect normal paid DDoS protection not from maerdev_balkon_kompani.
I'm almost convinced that it was either an ACK or SYN attack
tcpdump would be manifestly shown.
as expected if the DDoS is to take server NICs with 4+ number of RSS, home to 99% slag is 1, a maximum of 2 turns. This is not enough.
DoS / DDoS is a separate science, to study the issue in depth for 3 days, and Google does not succeed.
I understand it very well and have already ordered, or rather consult for connecting DDoS protection. But this is purely for themselves.
Who looked. Again 100% core network is not working. Requests can not be more than 3 to kazhogo un server. Requests themselves are not much.
Hoster unsubscribed was attack by GRE / ESP protocols.
So I do not understand how to solve this problem. On the server, I do not see any requests from anyone, no load. But the core of a hundred.
Do not tell me how to keep track of these ACK or SYN attack, or how they manifest themselves? MB read a manual, in the internet extensively still did not understand. ---------- Posted 16.06.2020 at 20:39 ---------- I'll try to intercept packets as will attack. Skins here might dispel the problem)
To post a new comment, please log in or register