0

Recently, I have random occurence where I can't reach my server. When this occurs, about 1 ping on each 10 manage to ping back. The ping that do get through are within normal response time (about 42ms in my case).

The only information I could gather so far is my network usage graph. When those timeouts occur, my server recieves unusually HIGH traffic from the internet.

http://i.stack.imgur.com/ZI0lL.png (today graph) http://i.stack.imgur.com/i6c2g.png (this week graph)

If this may help, my server is supposed to be under a 100 mbits internet connection.

Am I right to think those spikes are related to my ping's timeout? Also, do anyone have any idea of what this traffic might be? It started about a week ago, nothing has drastically changed in my infrastructure for over a year.

Thank you for your help.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
Kyrotomia
  • 1
  • If that may help, my server is running WHM. Maybe there is tools in there I could use to diagnose further... – Kyrotomia Oct 21 '11 at 19:45
  • My hosting provider gave me a command to try out, here are the results : `root@serveur [~]# tail -2000 /etc/httpd/logs/access_log | awk '{print $1}' | t | uniq -c |sort -n 1 [edited IP] 1 [edited IP] 1 [edited IP] 1 [edited IP] 2 [edited IP] 3 [edited IP] 19 [edited IP] 43 [edited IP] 66 [edited IP] 79 [edited IP] 1784 127.0.0.1` – Kyrotomia Oct 21 '11 at 19:48
  • Wait, is the ping from inside your network or is it from the internet? – Belmin Fernandez Oct 21 '11 at 20:41

3 Answers3

0

It might not be a D(istributed)Dos, but it certainly looks like you're being flooded with traffic. If the times of the traffic correlate to the times when you get ping timeouts, then yes, they are related.

Aaron
  • 2,968
  • 1
  • 22
  • 36
  • They do match. However, I don't host sites that are subject to intense "flood of traffic", you can judge that by looking at the graph when things are "normal". – Kyrotomia Oct 21 '11 at 19:43
  • I more meant to say that it might not be "distributed". Regardless, I'm not entirely sure what question it is that you're asking. Is it an attack? Yes, it sure looks like one that is affecting your connectivity. Now what? – Aaron Oct 21 '11 at 21:24
0

I would suspect that this might be more of an issue with your internet provider. Perhaps you share a pipe and someone else is hogging bandwidth.

Belmin Fernandez
  • 10,629
  • 26
  • 84
  • 145
0

I believe the next step for you is to figure out where the traffic is coming from. You could try to make tcpdump write a packet file, and analyze the traffic with wireshark later. That way you can get a good picture of what goes on.

This may be local broadcast storms for all you know.

Kvisle
  • 4,113
  • 23
  • 25