High Inbound network traffic

Question

I have a CentOS 6.4 64Bit Dedicated server used for hosting several websites. I recently checked the traffic graph for my server and discovered that the inbound traffic is very high (about 200-500 Mbit). I don't download anything and I have absolutely no idea why is the traffic so high. the inbound traffic is 200GB already but the HDD doesn't fill up with information. I checked for HTTP DDos but everything seems regular.

Some info:

RAM Usage: 20%
CPU Load: 50%

Services in the server:

Apache (local usage only)
Nginx (as proxy server)
mySQL
exim
ftp(pure-ftpd)
SSH

Allowed ports in csf:

TCP_IN: 20,22,80,2083,2087,21
TCP_OUT: 20,21,22,25,37,43,80,110,113,443,587,873,2086,2087,2089,2703

UDP_IN: 20,21
UDP_OUT: 20,21,113,123,873,6277,53

ICMP_IN is disabled.

Traffic graph: http://i.stack.imgur.com/txoeR.png

I would appreciate any help.
Thanks.

EDIT

I was attacked by DNS DDos Amplification

check out the application NTOP – SpacemanSpiff Apr 01 '13 at 20:21 — SpacemanSpiff, Apr 01 '13 at 20:21
**Nginx (as proxy server)** <-- there's your problem – CSᵠ Apr 01 '13 at 22:24 — CSᵠ, Apr 01 '13 at 22:24

score 1 · Answer 1 · answered Apr 01 '13 at 19:01

Here are some things to try:

Use top to see what processes are using the CPU
ls -lat /var/log to see which services are being used and look at the most active files
Use tcpdump to see the source addresses of the packets that are coming in

Add the results of your investigations to your question and we will probably be able to make more helpful suggestions.

score 0 · Answer 2 · answered Apr 01 '13 at 19:23

0

This might be some idiot(s) hammering away at SSH or something equally intelligent. If your log files show thousands of connection attempts, use something like fail2ban to spoil them their day.

answered Apr 01 '13 at 19:23

vonbrand

1,153
2
8
16

High Inbound network traffic

2 Answers2