OVH Community, your new community space.

Attaque sur mon serveur ? DDOS ?


buddy
08/02/2014, 00h26
Salut,

par defaut tu acceptes tout ... du coup tes règles ne sont pas très utiles ...
il y a un exemple de script ici :
http://fr.openclassrooms.com/informa...ia-le-firewall

généralement, on ferme tout par défaut et l'on ouvre que les ports qui nous intéresse ...

sloomy
06/02/2014, 20h21
Bonjour,

Il faut savoir quelles sont les ip qui vous flood, sur quels ports et mettre en place un fail2ban et autres pour limiter l'impact.

Bruno

sylvainpellier
06/02/2014, 20h07
Et ça continue


sylvainpellier
06/02/2014, 11h39
Et voilà, ça devrait être mieux

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh 
REJECT     all  --  94.102.51.236        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  hosted-by.ecatel.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  80.82.64.213         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  hosted-by.ecatel.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  89.248.174.57        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  80.82.64.50          anywhere            reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:17524:17534 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:20000 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:webmin reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

sloomy
06/02/2014, 09h15
Bonjour,

Ou alors il a pas copié toute la commande : iptables -L

Bruno

buddy
06/02/2014, 08h58
quelle ligne de commande ?

parce que normalement en haut tu as des trucs de ce style
Chain OUTPUT (policy DROP) ou Chain OUTPUT (policy ACCEPT)
idem pour input et forward

sylvainpellier
06/02/2014, 08h28
Citation Envoyé par buddy
tu le sors d'où ce script / ce résultat ? c'est donné par un panel ? par une ligne de commande ?
ligne de commande en ssh

buddy
05/02/2014, 22h09
tu le sors d'où ce script / ce résultat ? c'est donné par un panel ? par une ligne de commande ?

sylvainpellier
05/02/2014, 14h14
en sachant que le iptables n'était pas comme ça avant mais ma "bidouille" pour essayer de bloquer certaines ip à tout fait sauter hier

Code:
target     prot opt source               destination         
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh 
REJECT     all  --  94.102.51.236        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  hosted-by.ecatel.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  80.82.64.213         anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  hosted-by.ecatel.net  anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  89.248.174.57        anywhere            reject-with icmp-port-unreachable 
REJECT     all  --  80.82.64.50          anywhere            reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:17524:17534 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:20000 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:webmin reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

BBR
05/02/2014, 10h52
Pourrais-tu mettre ton code entre balises code (le # dans les icones) pour que ce soit plus lisible stp ?
et aussi mettre le contenu de ton iptable ( iptables -L )

sylvainpellier
05/02/2014, 10h22
ça continue, c'est faible mais ça continue, est-ce que ces paquets pourrait être une attaque / une tentative d'intrusion / brute force ... ?

Que me conseillez-vous ?

sylvainpellier
04/02/2014, 23h31
Citation Envoyé par buddy
et il est réglé comment ton script iptables ?
tu as fait quoi ? tout fermer et ouvert uniquement ce dont tu avais besoin ??

chp53-3-8ppp.fbx.proxad.net c'est ton ip ?? tu es abonné free avec comme ip 83.1*3.*7.16 ??
Oui c'est bien mon ip

et oui iptables est bien réglé de cette manière tout est coupé sauf le peu de services dont j'ai besoin

buddy
04/02/2014, 21h37
et il est réglé comment ton script iptables ?
tu as fait quoi ? tout fermer et ouvert uniquement ce dont tu avais besoin ??

chp53-3-8ppp.fbx.proxad.net c'est ton ip ?? tu es abonné free avec comme ip 83.1*3.*7.16 ??

sylvainpellier
04/02/2014, 21h09
Oui j'ai un script iptables

Code:
20:05:37.148035 IP hosted-by.ecatel.net.45799 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 4198800821, win 14600, options [mss 1460,sackOK,TS val 233937255 ecr 0,nop,wscale 7], length 0
20:05:37.148758 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 448340690:448340882, ack 3282399548, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 192
20:05:37.149698 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 192:416, ack 1, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 224
20:05:37.150176 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 416:864, ack 1, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 448
20:05:37.150254 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 864:1104, ack 1, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 240
20:05:37.150330 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 1104:1344, ack 1, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 240
20:05:37.150404 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 1344:1584, ack 1, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 240
20:05:37.150514 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 1584:1824, ack 1, win 330, options [nop,nop,TS val 1490917 ecr 472452760], length 240
20:05:37.191946 IP hosted-by.ecatel.net.49677 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 3772773275, win 14600, options [mss 1460,sackOK,TS val 233954509 ecr 0,nop,wscale 7], length 0
20:05:37.217013 IP hosted-by.ecatel.net.45837 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 2627757535, win 14600, options [mss 1460,sackOK,TS val 233937272 ecr 0,nop,wscale 7], length 0
20:05:37.225013 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 192, win 8180, options [nop,nop,TS val 472453109 ecr 1490917], length 0
20:05:37.225037 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 1824:2512, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 688
20:05:37.225215 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 2512:2928, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 416
20:05:37.226577 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 1584, win 8147, options [nop,nop,TS val 472453109 ecr 1490917], length 0
20:05:37.226601 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 2928:3168, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 240
20:05:37.226783 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 3168:3584, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 416
20:05:37.226985 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 3584:3824, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 240
20:05:37.227127 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 3824:4064, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 240
20:05:37.227204 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 4064:4304, ack 1, win 330, options [nop,nop,TS val 1490936 ecr 472453109], length 240
20:05:37.228218 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 1824, win 8132, options [nop,nop,TS val 472453109 ecr 1490917], length 0
20:05:37.228241 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 4304:4544, ack 1, win 330, options [nop,nop,TS val 1490937 ecr 472453109], length 240
20:05:37.248453 IP hosted-by.ecatel.net.49698 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 2176961108, win 14600, options [mss 1460,sackOK,TS val 233954523 ecr 0,nop,wscale 7], length 0
20:05:37.267860 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 2512, win 8149, options [nop,nop,TS val 472453150 ecr 1490936], length 0
20:05:37.267883 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 4544:5184, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 640
20:05:37.267892 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 4064, win 8095, options [nop,nop,TS val 472453150 ecr 1490936], length 0
20:05:37.268073 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 5184:5776, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 592
20:05:37.268223 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 5776:6016, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 240
20:05:37.268410 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 6016:6256, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 240
20:05:37.268580 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 6256:6496, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 240
20:05:37.268748 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 6496:6736, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 240
20:05:37.269626 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 4304, win 8177, options [nop,nop,TS val 472453150 ecr 1490936], length 0
20:05:37.269649 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 6736:6976, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 240
20:05:37.270302 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 4544, win 8162, options [nop,nop,TS val 472453150 ecr 1490937], length 0
20:05:37.270325 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 6976:7392, ack 1, win 330, options [nop,nop,TS val 1490947 ecr 472453150], length 416
20:05:37.279216 IP 80.82.64.50.59411 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 1271975781, win 14600, options [mss 1460,sackOK,TS val 257463586 ecr 0,nop,wscale 7], length 0
20:05:37.311187 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 5184, win 8152, options [nop,nop,TS val 472453193 ecr 1490947], length 0
20:05:37.311210 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 7392:8032, ack 1, win 330, options [nop,nop,TS val 1490957 ecr 472453193], length 640
20:05:37.312881 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 6736, win 8095, options [nop,nop,TS val 472453193 ecr 1490947], length 0
20:05:37.312905 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 8032:8496, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453193], length 464
20:05:37.313087 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 8496:8912, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453193], length 416
20:05:37.313211 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 6976, win 8080, options [nop,nop,TS val 472453193 ecr 1490947], length 0
20:05:37.313249 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 8912:9152, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453193], length 240
20:05:37.313286 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 9152:9376, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453193], length 224
20:05:37.313310 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 9376:9616, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453193], length 240
20:05:37.313375 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 9616:9856, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453193], length 240
20:05:37.314743 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 7392, win 8166, options [nop,nop,TS val 472453197 ecr 1490947], length 0
20:05:37.314767 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 9856:10336, ack 1, win 330, options [nop,nop,TS val 1490958 ecr 472453197], length 480
20:05:37.350491 IP hosted-by.ecatel.net.49958 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 2236410193, win 14600, options [mss 1460,sackOK,TS val 233954548 ecr 0,nop,wscale 7], length 0
20:05:37.358580 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 8032, win 8152, options [nop,nop,TS val 472453228 ecr 1490957], length 0
20:05:37.358603 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 10336:10976, ack 1, win 330, options [nop,nop,TS val 1490969 ecr 472453228], length 640
20:05:37.359987 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 8496, win 8163, options [nop,nop,TS val 472453229 ecr 1490958], length 0
20:05:37.360010 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 10976:11392, ack 1, win 330, options [nop,nop,TS val 1490970 ecr 472453229], length 416
20:05:37.360018 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 8912, win 8166, options [nop,nop,TS val 472453229 ecr 1490958], length 0
20:05:37.360199 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 11392:11808, ack 1, win 330, options [nop,nop,TS val 1490970 ecr 472453229], length 416
20:05:37.368216 IP hosted-by.ecatel.net.49742 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 1293615227, win 14600, options [mss 1460,sackOK,TS val 233954553 ecr 0,nop,wscale 7], length 0
20:05:37.373579 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 9152, win 8177, options [nop,nop,TS val 472453234 ecr 1490958], length 0
20:05:37.373602 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 11808:12496, ack 1, win 330, options [nop,nop,TS val 1490973 ecr 472453234], length 688
20:05:37.374970 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 10336, win 8162, options [nop,nop,TS val 472453234 ecr 1490958], length 0
20:05:37.374994 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 12496:12912, ack 1, win 330, options [nop,nop,TS val 1490973 ecr 472453234], length 416
20:05:37.375177 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 12912:13328, ack 1, win 330, options [nop,nop,TS val 1490973 ecr 472453234], length 416
20:05:37.375358 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 13328:13568, ack 1, win 330, options [nop,nop,TS val 1490974 ecr 472453234], length 240
20:05:37.375530 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 13568:13808, ack 1, win 330, options [nop,nop,TS val 1490974 ecr 472453234], length 240
20:05:37.387108 IP 80.82.64.50.59431 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 2558414049, win 14600, options [mss 1460,sackOK,TS val 257463613 ecr 0,nop,wscale 7], length 0
20:05:37.395909 IP hosted-by.ecatel.net.45435 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 4016496522, win 14600, options [mss 1460,sackOK,TS val 233937317 ecr 0,nop,wscale 7], length 0
20:05:37.399177 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 10976, win 8152, options [nop,nop,TS val 472453278 ecr 1490969], length 0
20:05:37.399201 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 13808:14496, ack 1, win 330, options [nop,nop,TS val 1490979 ecr 472453278], length 688
20:05:37.399384 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 14496:14720, ack 1, win 330, options [nop,nop,TS val 1490980 ecr 472453278], length 224
20:05:37.400927 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 11808, win 8166, options [nop,nop,TS val 472453278 ecr 1490970], length 0
20:05:37.400951 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 14720:15200, ack 1, win 330, options [nop,nop,TS val 1490980 ecr 472453278], length 480
20:05:37.401134 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 15200:15616, ack 1, win 330, options [nop,nop,TS val 1490980 ecr 472453278], length 416
20:05:37.416088 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 12496, win 8149, options [nop,nop,TS val 472453293 ecr 1490973], length 0
20:05:37.416112 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 15616:15856, ack 1, win 330, options [nop,nop,TS val 1490984 ecr 472453293], length 240
20:05:37.416641 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 13808, win 8177, options [nop,nop,TS val 472453293 ecr 1490974], length 0
20:05:37.416665 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 15856:16272, ack 1, win 330, options [nop,nop,TS val 1490984 ecr 472453293], length 416
20:05:37.416848 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 16272:16688, ack 1, win 330, options [nop,nop,TS val 1490984 ecr 472453293], length 416
20:05:37.417014 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 16688:16928, ack 1, win 330, options [nop,nop,TS val 1490984 ecr 472453293], length 240
20:05:37.417168 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 16928:17168, ack 1, win 330, options [nop,nop,TS val 1490984 ecr 472453293], length 240
20:05:37.438450 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 14496, win 8149, options [nop,nop,TS val 472453315 ecr 1490979], length 0
20:05:37.438473 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 17168:17408, ack 1, win 330, options [nop,nop,TS val 1490989 ecr 472453315], length 240
20:05:37.440064 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 15616, win 8122, options [nop,nop,TS val 472453315 ecr 1490980], length 0
20:05:37.440088 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 17408:17824, ack 1, win 330, options [nop,nop,TS val 1490990 ecr 472453315], length 416
20:05:37.440270 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 17824:18240, ack 1, win 330, options [nop,nop,TS val 1490990 ecr 472453315], length 416
20:05:37.440405 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 18240:18480, ack 1, win 330, options [nop,nop,TS val 1490990 ecr 472453315], length 240
20:05:37.443096 IP 80.82.64.50.59443 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 4035076652, win 14600, options [mss 1460,sackOK,TS val 257463627 ecr 0,nop,wscale 7], length 0
20:05:37.451487 IP 89.248.174.57.48175 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 1655181866, win 14600, options [mss 1460,sackOK,TS val 257464382 ecr 0,nop,wscale 7], length 0
20:05:37.457342 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 15856, win 8177, options [nop,nop,TS val 472453332 ecr 1490984], length 0
20:05:37.457365 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 18480:19168, ack 1, win 330, options [nop,nop,TS val 1490994 ecr 472453332], length 688
20:05:37.457733 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 17168, win 8136, options [nop,nop,TS val 472453332 ecr 1490984], length 0
20:05:37.457753 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 19168:19584, ack 1, win 330, options [nop,nop,TS val 1490994 ecr 472453332], length 416
20:05:37.457935 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 19584:20000, ack 1, win 330, options [nop,nop,TS val 1490994 ecr 472453332], length 416
20:05:37.458012 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 20000:20240, ack 1, win 330, options [nop,nop,TS val 1490994 ecr 472453332], length 240
20:05:37.458070 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 20240:20480, ack 1, win 330, options [nop,nop,TS val 1490994 ecr 472453332], length 240
20:05:37.465326 IP APoitiers-655-1-381-80.w109-214.abo.wanadoo.fr.55374 > ksXXXXXXX.kimsufi.com.www: Flags [F.], seq 4197052517, ack 3254740165, win 8202, options [nop,nop,TS val 2296852477 ecr 1490784], length 0
20:05:37.465348 IP ksXXXXXXX.kimsufi.com.www > APoitiers-655-1-381-80.w109-214.abo.wanadoo.fr.55374: Flags [.], ack 1, win 164, options [nop,nop,TS val 1490996 ecr 2296852477], length 0
20:05:37.472744 IP 94.102.51.236.35403 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 1309641959, win 14600, options [mss 1460,sackOK,TS val 233951156 ecr 0,nop,wscale 7], length 0
20:05:37.479981 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 17408, win 8177, options [nop,nop,TS val 472453354 ecr 1490989], length 0
20:05:37.480004 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 20480:21424, ack 1, win 330, options [nop,nop,TS val 1491000 ecr 472453354], length 944
20:05:37.480013 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 18480, win 8177, options [nop,nop,TS val 472453354 ecr 1490990], length 0
20:05:37.480205 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 21424:21840, ack 1, win 330, options [nop,nop,TS val 1491000 ecr 472453354], length 416
20:05:37.480233 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 21840:22064, ack 1, win 330, options [nop,nop,TS val 1491000 ecr 472453354], length 224
20:05:37.480276 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 22064:22304, ack 1, win 330, options [nop,nop,TS val 1491000 ecr 472453354], length 240
20:05:37.484640 IP 94.102.51.236.35731 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 2184392958, win 14600, options [mss 1460,sackOK,TS val 233951159 ecr 0,nop,wscale 7], length 0
20:05:37.496776 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 19168, win 8149, options [nop,nop,TS val 472453372 ecr 1490994], length 0
20:05:37.496800 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 22304:23008, ack 1, win 330, options [nop,nop,TS val 1491004 ecr 472453372], length 704
20:05:37.500580 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 20000, win 8166, options [nop,nop,TS val 472453372 ecr 1490994], length 0
20:05:37.500603 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 23008:23424, ack 1, win 330, options [nop,nop,TS val 1491005 ecr 472453372], length 416
20:05:37.500786 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 23424:23840, ack 1, win 330, options [nop,nop,TS val 1491005 ecr 472453372], length 416
20:05:37.502305 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 20240, win 8177, options [nop,nop,TS val 472453377 ecr 1490994], length 0
20:05:37.502329 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 23840:24080, ack 1, win 330, options [nop,nop,TS val 1491005 ecr 472453377], length 240
20:05:37.504162 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 20480, win 8162, options [nop,nop,TS val 472453377 ecr 1490994], length 0
20:05:37.504186 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 24080:24496, ack 1, win 330, options [nop,nop,TS val 1491006 ecr 472453377], length 416
20:05:37.512747 IP 94.102.51.236.35407 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 3248554146, win 14600, options [mss 1460,sackOK,TS val 233951166 ecr 0,nop,wscale 7], length 0
20:05:37.517447 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 21424, win 8133, options [nop,nop,TS val 472453393 ecr 1491000], length 0
20:05:37.517471 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 24496:25136, ack 1, win 330, options [nop,nop,TS val 1491009 ecr 472453393], length 640
20:05:37.519257 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 21840, win 8166, options [nop,nop,TS val 472453393 ecr 1491000], length 0
20:05:37.519280 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 25136:25552, ack 1, win 330, options [nop,nop,TS val 1491009 ecr 472453393], length 416
20:05:37.522814 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 22064, win 8152, options [nop,nop,TS val 472453393 ecr 1491000], length 0
20:05:37.522833 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 25552:26016, ack 1, win 330, options [nop,nop,TS val 1491010 ecr 472453393], length 464
20:05:37.524637 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 22304, win 8177, options [nop,nop,TS val 472453398 ecr 1491000], length 0
20:05:37.524660 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 26016:26432, ack 1, win 330, options [nop,nop,TS val 1491011 ecr 472453398], length 416
20:05:37.538104 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 23008, win 8148, options [nop,nop,TS val 472453410 ecr 1491004], length 0
20:05:37.538127 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 26432:26848, ack 1, win 330, options [nop,nop,TS val 1491014 ecr 472453410], length 416
20:05:37.539627 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 23424, win 8166, options [nop,nop,TS val 472453411 ecr 1491005], length 0
20:05:37.539650 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 26848:27264, ack 1, win 330, options [nop,nop,TS val 1491015 ecr 472453411], length 416
20:05:37.540049 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 23840, win 8166, options [nop,nop,TS val 472453411 ecr 1491005], length 0
20:05:37.540072 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 27264:27680, ack 1, win 330, options [nop,nop,TS val 1491015 ecr 472453411], length 416
20:05:37.540372 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 24080, win 8177, options [nop,nop,TS val 472453412 ecr 1491005], length 0
20:05:37.540395 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 27680:28096, ack 1, win 330, options [nop,nop,TS val 1491015 ecr 472453412], length 416
20:05:37.541588 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 24496, win 8166, options [nop,nop,TS val 472453413 ecr 1491006], length 0
20:05:37.541611 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 28096:28512, ack 1, win 330, options [nop,nop,TS val 1491015 ecr 472453413], length 416
20:05:37.555630 IP 89.248.174.57.48470 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 2553987288, win 14600, options [mss 1460,sackOK,TS val 257464408 ecr 0,nop,wscale 7], length 0
20:05:37.556624 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 25136, win 8152, options [nop,nop,TS val 472453429 ecr 1491009], length 0
20:05:37.556647 IP ksXXXXXXX.kimsufi.com.24315 > chp53-3-83-153-17-16.fbx.proxad.net.49939: Flags [P.], seq 28512:29152, ack 1, win 330, options [nop,nop,TS val 1491019 ecr 472453429], length 640

20:05:37.591765 IP w.arin.net.domain > ksXXXXXXX.kimsufi.com.54656: 13794- 0/10/1 (454)
20:05:37.592649 IP ksXXXXXXX.kimsufi.com.20702 > e.gtld-servers.net.domain: 55479% [1au][|domain]
20:05:37.592693 IP ksXXXXXXX.kimsufi.com.1856 > k.gtld-servers.net.domain: 23220% [1au][|domain]
20:05:37.592765 IP6 2001:41d0:2:b492::1.47444 > b.gtld-servers.net.domain: 43310% [1au][|domain]
20:05:37.592841 IP6 2001:41d0:2:b492::1.6238 > b.gtld-servers.net.domain: 5934% [1au][|domain]
20:05:37.593004 IP6 2001:41d0:2:b492::1.45182 > b.gtld-servers.net.domain: 42636% [1au][|domain]
20:05:37.593047 IP ksXXXXXXX.kimsufi.com.3031 > m.gtld-servers.net.domain: 29255% [1au][|domain]
20:05:37.593107 IP ksXXXXXXX.kimsufi.com.4226 > j.gtld-servers.net.domain: 28447% [1au][|domain]
20:05:37.593141 IP ksXXXXXXX.kimsufi.com.41722 > i.gtld-servers.net.domain: 17301% [1au][|domain]
20:05:37.593323 IP ksXXXXXXX.kimsufi.com.43951 > e.gtld-servers.net.domain: 3995% [1au][|domain]
20:05:37.593364 IP ksXXXXXXX.kimsufi.com.14651 > c.gtld-servers.net.domain: 60780% [1au][|domain]
20:05:37.593399 IP ksXXXXXXX.kimsufi.com.36543 > e.gtld-servers.net.domain: 49370% [1au][|domain]
20:05:37.593440 IP ksXXXXXXX.kimsufi.com.48833 > c.gtld-servers.net.domain: 15678% [1au][|domain]
20:05:37.593452 IP ksXXXXXXX.kimsufi.com.15123 > f.gtld-servers.net.domain: 61331% [1au][|domain]
20:05:37.593478 IP ksXXXXXXX.kimsufi.com.36896 > j.gtld-servers.net.domain: 20312% [1au][|domain]
20:05:37.593518 IP ksXXXXXXX.kimsufi.com.12695 > k.gtld-servers.net.domain: 63849% [1au][|domain]
20:05:37.593616 IP ksXXXXXXX.kimsufi.com.3486 > k.gtld-servers.net.domain: 64038% [1au][|domain]
20:05:37.596056 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 29152, win 8152, options [nop,nop,TS val 472453467 ecr 1491019], length 0
20:05:37.596741 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 29808, win 8151, options [nop,nop,TS val 472453467 ecr 1491019], length 0
20:05:37.596750 IP hosted-by.ecatel.net.49991 > ksXXXXXXX.kimsufi.com.www: Flags [S], seq 1730933513, win 14600, options [mss 1460,sackOK,TS val 233954610 ecr 0,nop,wscale 7], length 0
20:05:37.600631 IP e.gtld-servers.net.domain > ksXXXXXXX.kimsufi.com.20702: 55479-[|domain]
20:05:37.601196 IP ksXXXXXXX.kimsufi.com.25880 > i.gtld-servers.net.domain: 32367% [1au] A? p5.akamaistream.net. (48)
20:05:37.601227 IP ksXXXXXXX.kimsufi.com.15979 > k.gtld-servers.net.domain: 22642% [1au] A? p6.akamaistream.net. (48)
20:05:37.601291 IP i.gtld-servers.net.domain > ksXXXXXXX.kimsufi.com.41722: 17301-[|domain]
20:05:37.601382 IP ksXXXXXXX.kimsufi.com.56897 > l.gtld-servers.net.domain: 36911% [1au] A? p8.akamaistream.net. (48)
20:05:37.601434 IP ksXXXXXXX.kimsufi.com.56895 > k.gtld-servers.net.domain: 9889% [1au] A? ax0.akamaistream.net. (49)
20:05:37.601621 IP ksXXXXXXX.kimsufi.com.28105 > b.gtld-servers.net.domain: 48740% [1au] A? ax1.akamaistream.net. (49)
20:05:37.601636 IP chp53-3-83-153-17-16.fbx.proxad.net.49939 > ksXXXXXXX.kimsufi.com.24315: Flags [.], ack 30448, win 8152, options [nop,nop,TS val 472453472 ecr 1491020], length 0
20:05:37.601651 IP e.gtld-servers.net.domain > ksXXXXXXX.kimsufi.com.43951: 3995-[|domain]
20:05:37.601662 IP ksXXXXXXX.kimsufi.com.28425 > j.gtld-servers.net.domain: 32686% [1au] AAAA? p5.akamaistream.net. (48)
20:05:37.601797 IP ksXXXXXXX.kimsufi.com.44645 > d.gtld-servers.net.domain: 30734% [1au] AAAA? p6.akamaistream.net. (48)
20:05:37.601833 IP ksXXXXXXX.kimsufi.com.14302 > h.gtld-servers.net.domain: 24657% [1au] A? ax2.akamaistream.net. (49)
20:05:37.601904 IP e.gtld-servers.net.domain > ksXXXXXXX.kimsufi.com.36543: 49370-[|domain]
20:05:37.601971 IP ksXXXXXXX.kimsufi.com.26230 > h.gtld-servers.net.domain: 24382% [1au] AAAA? ax0.akamaistream.net. (49)
20:05:37.602129 IP ksXXXXXXX.kimsufi.com.21357 > h.gtld-servers.net.domain: 28753% [1au] AAAA? p8.akamaistream.net. (48)

sylvainpellier
04/02/2014, 21h04
Si et c'est ça qui m'a étonné le plus : htop exactement comme d'habitude, aucun processus bizarre et un loadtime toujours en dessus 0.5 (comme d'habitude) sauf un pic à 1h00 avec un loadtime à 1.00

C'est pour ça que je ne m'inquiétais pas outre mesure, et surtout que je ne comprenais d'où venait les lenteurs

buddy
04/02/2014, 21h01
Salut,

de mon point de vue, 2kpps c'est pas un drame normalement ...
Configure ton iptables / fail2ban pour qu'il rejette automatiquement les paquets au lieu de les traiter c'est tout.

Tu as un script/firewall iptables ?


qu'indique tcpdump ?

sinon à la mode il y a les attaques sur le "ntp"

le script ici en exemple ( http://fr.openclassrooms.com/informa...ia-le-firewall ) n'autorise le port ntp que si c'est ton serveur qui a initié la connexion. du coup çà protège contre ce type d'attaque

nowwhat
04/02/2014, 21h00
Bonsoir,

Pendant tout ce temps, t'as exécuté régulièrement de 'top' ou 'htop' ? T'as des stats genre : http://www.papy-team.org/munin/papy-...html#processes
Quelles processus ont pris toutes les ressources de ton serveur ?

sylvainpellier
04/02/2014, 20h52
Dur journée aujourd'hui et pour cause mon serveur a été la cible d'une attaque, qui a l'air de durer ...

Vers 11h00 je reçois un mail d'OVH m'indiquant l'attaque, à ce moment là le serveur continue à bien répondre, le nouveau système de protection d'OVH a l'air parfait, vers 12h00 un mail pour m'annoncer la fin de l'attaque ... et là c'est le drame.

En effet le serveur devient lent, très lent (50 secondes la page au lieu des deux secondes habituelles), et le serveur plante régulièrement ... Ce soit 18 heures j'arrive à récupérer la main et bloquer certaines attaques en changeant la configuration mais j'ai l'impression que l'attaque ne s'arrête pas pourtant (voir ci-dessous)



Le site est revenu presqu'à la normal en termes de rapidité (même si je n'arrive pas à atteindre les performances de ce matin).