Is this a DDos or misconfig?
Have been getting high CPU usage and on checking with
[CODE=bash]netstat -an | egrep ":80|:443" | egrep '^tcp' | grep -v LISTEN | awk '{print $5}' | egrep '([0-9]{1,3}\.){3}[0-9]{1,3}' | sed 's/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/' | sort | uniq -c | sort -nr | sed 's/::ffff://' | head
found the highest concurrent connections from hostname's IPv4. Was able to mitigate using a reverse proxy but am confused about what we are seeing. Is this a DDoS or a misconfig ?
found the highest concurrent connections from hostname's IPv4. Was able to mitigate using a reverse proxy but am confused about what we are seeing. Is this a DDoS or a misconfig ?
Please sign in to leave a comment.
Comments
0 comments