[afnog] High return time on linux server
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Apr 27 12:13:29 EAT 2006
On Thu, Apr 27, 2006 at 01:16:16AM -0700,
Yahaya Wara <mywarra at yahoo.com> wrote
a message of 29 lines which said:
> But I remove the ethernet cable attached to the server's public NIC
I believe that, if it were some sort of flooding from outside,
unplugging the server would not change anything (the packets already
arrived on your network). So, it is probably your server which is
using the line. Follow Phil's advice and use tcpdump.
Your Apache may be serving a lot of huge files (checks its log).
Or your BIND may be used for an amplification attack (check with
tcpdump).
More information about the afnog
mailing list