DDoS attack on network resources?

123
baas
Site user since 17.09.2012
Offline
136
#11
Lelouch Lamperouge:
That's about how it looks. Install can not, do not have enough speed))

On screen is not clear that the ship one processor core!

Let's see 15 processes with a heavy load on the processor.

 ps -eo% C% p% u% c --sort% cpu | tail -n15 
Настройка BSD систем. (https://www.fryaha.ru) Знание сила, незнание Рабочая сила!
ЛЛ
Site user since 12.11.2018
Offline
50
#12
baas:
On screen is not clear that the ship one processor core! Let's see 15 processes with a heavy load on the processor.
 ps -eo% C% p% u% c --sort% cpu | tail -n15 

Attack now, no. How will try to enter a command. The fact of the matter through htop does not show that it was Georgia. Just at the time of the attack one core at 100% and all the network does not work immediately. Everything else works.

ЛЛ
Site user since 12.11.2018
Offline
50
#13

In general, there is an assumption that it was the ICMP attack.

M
Site user since 17.09.2016
Offline
100
#14

Google softirq, what it is and what to eat :)

Andreyka
Site user since 19.02.2005
Offline
822
#15

Just setevuhi interruption weigh on one core and they should be spread evenly

Не стоит плодить сущности без необходимости
ЛЛ
Site user since 12.11.2018
Offline
50
#16
Mobiaaa:
Google softirq, what it is and what to eat :)

Thank you so honored. Little is understood but the essence is that the resource network card uses a single core. And as I understand there is a attack on danyny resource map of all scores which increases the load on the core? In general, there is little excuse vkurivayu far from it.

---------- Posted 15.06.2020 at 14:23 ----------

andreyka:
Just setevuhi interruption weigh on one core and they should be spread evenly

Yes, I did understand.

Thank you once again suggested, the problem became more clear. That's how it happens and what dos on the NIC. I never would have guessed.

---------- Posted 15.06.2020 at 14:45 ----------

Now I think how best to arrange everything on the server.

On a single server 443. Forum on the second server + game project site on port 80.

I'm thinking for the first server to transfer all the sites forum and gaming site (gaming site remotely connects to the second server).

On the second server, leaving only a game project without sites.

Will it be a rational solution?

lonelywoolf
Site user since 23.12.2013
Offline
151
#17

In this case, it is unlikely that blurring interrupt cores will work. More precisely, they can not be properly spaced. Without external protection is not normally exported. You can potyunit network stack, but it will gain a maximum of ten percent of performance of the network that does not solve the problem completely. Affordable hardware does not have to defend against DDoS completely.

---------- Posted 16.06.2020 at 14:32 ----------

Lelouch Lamperouge:
Will it be a rational solution?

Initially - yes, and it was necessary to do.

Платный и бесплатный хостинг с защитой от DDoS (http://aquinas.su)
ЛЛ
Site user since 12.11.2018
Offline
50
#18
lonelywoolf:
In this case, it is unlikely that blurring interrupt cores will work. More precisely, they can not be properly spaced. Without external protection is not normally exported. You can potyunit network stack, but it will gain a maximum of ten percent of performance of the network that does not solve the problem completely. Affordable hardware does not have to defend against DDoS completely.

---------- Posted 16.06.2020 at 14:32 ----------

Initially - yes, and it was necessary to do.

Well now we have closed all udp traffic, leaving only tcp ports 80 and 443. The game I block them through Iptable I see a lot of requests from the un. It seems to work. But there is so such an attack there, traffic is small, there is no part of the query. A kernel is still 100%. Accordingly, the network is down. I do not know how to solve this problem.

team-voice
Site user since 07.11.2016
Offline
204
#19
Lelouch Lamperouge:
Well now we have closed all udp traffic, leaving only tcp ports 80 and 443. The game I block them through Iptable I see a lot of requests from the un. It seems to work. But there is so such an attack there, traffic is small, there is no part of the query. A kernel is still 100%. Accordingly, the network is down. I do not know how to solve this problem.

connect normal paid DDoS protection not from maerdev_balkon_kompani.

I'm almost convinced that it was either an ACK or SYN attack

tcpdump would be manifestly shown.

as expected if the DDoS is to take server NICs with 4+ number of RSS, home to 99% slag is 1, a maximum of 2 turns. This is not enough.

DoS / DDoS is a separate science, to study the issue in depth for 3 days, and Google does not succeed.

https://team-host.ru/ (https://team-host.ru/) Выделенные сервера в аренду с DDoS защитой и без неё.
ЛЛ
Site user since 12.11.2018
Offline
50
#20
team-voice:
connect normal paid DDoS protection not from maerdev_balkon_kompani.ya almost convinced that it was either an ACK or SYN would atakatcpdump expressly pokazal.tak as expected if DDoS is to take server NICs with 4+ number of RSS, home to 99% slag is 1, the maximum 2 queue. This is not enough. DoS / DDoS is a separate science, to study the issue in depth for 3 days, and Google does not succeed.

I understand it very well and have already ordered, or rather consult for connecting DDoS protection. But this is purely for themselves.

Who looked. Again 100% core network is not working. Requests can not be more than 3 to kazhogo un server. Requests themselves are not much.

Hoster unsubscribed was attack by GRE / ESP protocols.

So I do not understand how to solve this problem. On the server, I do not see any requests from anyone, no load. But the core of a hundred.

Do not tell me how to keep track of these ACK or SYN attack, or how they manifest themselves? MB read a manual, in the internet extensively still did not understand.

---------- Posted 16.06.2020 at 20:39 ----------

I'll try to intercept packets as will attack. Skins here might dispel the problem)

123

To post a new comment, please log in or register