08-04-2009, 01:57 PM
|
|
WHT Addict
|
|
Join Date: Apr 2009
Location: Spain
Posts: 129
|
|
Hi,
I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,
Do you have any idea about this?
What should I do now?
|
08-04-2009, 07:33 PM
|
|
Corporate Member
|
|
Join Date: Apr 2009
Posts: 801
|
|
try to disable ICMP in your firewall (ping to your server)
|
08-05-2009, 02:24 AM
|
|
******* Unleaded
|
|
Join Date: Feb 2004
Posts: 3,790
|
|
Quote:
Originally Posted by Crashus
try to disable ICMP in your firewall (ping to your server)
|
In fact that increases traffic to your server when services are down because it can't send back an "unreachable" response.
@OP
you say "large inbound traffic", you need to be more specific.
for example protocol, target port?
|
08-05-2009, 04:34 AM
|
|
Web Host Extraordinaire!!!
|
|
Join Date: Dec 2007
Location: Indianapolis, Indiana USA
Posts: 14,333
|
|
It's near impossible to answer your question based on what little information you have provided. As plumsauce asked - please provide more details. If you don't know how to find these details then you may want to look into paying somebody to look into it for you.
__________________
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ For high-end shared accounts ideal for business, check out our Semi-Dedicated offerings!
█ http://www.mddhosting.com/ - Providing Quality Services since 2007
|
08-05-2009, 06:36 AM
|
|
WHT Addict
|
|
Join Date: Apr 2009
Location: Spain
Posts: 129
|
|
hi,
I have disabled all servcie, but when I check the ethenet card, it shows about 50Mbps inbound traffic, I do not know its target port as the result of "netstat -an" shows nothing.
|
08-05-2009, 11:08 AM
|
|
Newbie
|
|
Join Date: Jul 2009
Location: Leeds - UK
Posts: 14
|
|
Another thing to note possibly, is it actually causing your server to slow? 50Mbps isn't "huge" so would be good to try and figure out what sort of packets are being sent to the server.
If the server is becoming unresponsive, the first conclusion could be a DOS however its a word people love to throw around without a little research.
Have you disabled FTP? thats a classic for getting hacked.
|
08-05-2009, 11:48 AM
|
|
Temporarily Suspended
|
|
Join Date: Jul 2009
Posts: 178
|
|
Hello check it a single IP address is creating lot of traffic.if yes block them.No need to disabling services for that
|
08-05-2009, 06:05 PM
|
|
Web Host Extraordinaire!!!
|
|
Join Date: Dec 2007
Location: Indianapolis, Indiana USA
Posts: 14,333
|
|
You could perhaps contact your Data Center and have them investigate this for you as they should be able to do something about it (hopefully) if you are actually under attack.
If you are paying for inbound traffic 50mbps is going to rack up fast.
__________________
█ Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ For high-end shared accounts ideal for business, check out our Semi-Dedicated offerings!
█ http://www.mddhosting.com/ - Providing Quality Services since 2007
|
08-05-2009, 06:07 PM
|
|
Newbie
|
|
Join Date: Jul 2009
Location: Leeds - UK
Posts: 14
|
|
Quote:
Originally Posted by eth10
Hello check it a single IP address is creating lot of traffic.if yes block them.No need to disabling services for that
|
Good point, but highly unlikely that it will be coming from 1 IP if it were to be a DOS attack.
Most likely the complete opposite and you'll see thousands upon thousands of connections probably with 3-4 connections open per IP.
Sadly I'm no Microsoft expert and office is shut so can't ask the guys that would know, but with Linux you can script a small bash script that will filter out ip's above X connections.
__________________
Will Thomas - Britband Media Ltd
Low cost UK VPS - switchlink.co.uk
Automated remote backup - Instant Setup - Full control
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
