Strange and random attack

posted by Jeff | Monday, August 28, 2006, 3:02 PM | comments: 1

Around noon today, my Web server became non-responsive. I remoted into the box to see that the CPU was pegged, all from the various Web serving app pools. Network traffic wasn't bad at all.

So I ran our old friend netstat just to see if there was any one IP that had excessive connections, and sure enough, there was one coming from China, hitting all of my IP's on port 80. Pretty weird stuff. I setup a security policy to block the entire subnet from China, and the problem went away.

I notified my host, The Planet, and they turned on some device that guards against traffic floods, from one source or many. I wonder if perhaps this had been going on for awhile, because it's a lot more responsive now. Very strange stuff. Very random too.


CPLady, August 28, 2006, 10:59 PM #

Every now and then we get the same thing at work. Someone will make a connection and flood our servers, both on our campus and the main campus in Ann Arbor.

Fortunately, the techs are pretty good at noticing (probably because of the thousands of users who complain immediately if things begin bogging down).

I've noticed CampusFish and Pointbuzz running slower than usual in the past two weeks, but it loaded right up this evening.

Post your comment: