Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Is this an attack?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 992

PostPosted: Sun Feb 16, 2014 6:37 pm    Post subject: Is this an attack? Reply with quote

My remote server has been experiencing very short periods of http downtime lately according to my monitors. I used munin to investigate the most recent one but I'm not sure what to make of my findings. There is a spike in several charts that correspond to the downtime. The spikes are in:

TCP Slow Start retransmissions
TCP Retransmits lost
TCP Congestion avoidance algorithm (Reno) Partial ACK recoveries
TCP Other timeouts
ICMP Unreachables (packets in)

Any ideas?
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1762

PostPosted: Sun Feb 16, 2014 8:38 pm    Post subject: Reply with quote

maybe attack, maybe low quality link, maybe something else. When I see someone trying to guess my root password there is no doubt, but here I'd start with sniffing incoming packets or logging anomalies by services you think are being attacked. Check out what's going on on the wire and you will most likely know. Perhaps it's just your connection was saturated.
Back to top
View user's profile Send private message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 992

PostPosted: Sun Feb 16, 2014 9:04 pm    Post subject: Reply with quote

Is there a good way to find out if my link fills up?
Back to top
View user's profile Send private message
thegeezer
n00b
n00b


Joined: 11 Jul 2010
Posts: 34

PostPosted: Thu Mar 27, 2014 5:07 pm    Post subject: looks like the link Reply with quote

it does look more like quality of the link is low though saturation woudl do it too.

short of running speedtest.net at your remote server you might want to try running iperf from your server to a couple of locations. the server's link might be fine but the remote ISP might be saturated on a specific route
Back to top
View user's profile Send private message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 992

PostPosted: Fri Mar 28, 2014 11:13 pm    Post subject: Reply with quote

I fixed a problem with the fastcgi PHP interpreter getting bogged down and that seemed to fix this.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum