Server attack but on Upload not Download

Question

I am currently being attacked on one of my servers, but I am struggling to find out what could be causing it. I have had a few DDoS attacks before but this particular attack, which I'm not sure what it is, seems to be affecting the outgoing data from the server, instead of the incoming data.

Here is the outgoing data from the server (spikes are where the attack has begun): enter image description here

Here is the incoming data to the server (which looks reasonably normal): enter image description here

Are there any common vulnerabilities that might show this pattern and if so how can I patch against it?

What is this server? A web server? How did you verify that this was a DoS/DDos? — joeqwerty, Mar 27 '15 at 15:55
Sorry, maybe I misworded. I don't know what this attack is exactly. — Mr. Hedgehog, Mar 27 '15 at 15:58

score 0 · Answer 1 · answered Mar 27 '15 at 16:02

Often times, datacenter providers bandwidth graphs are "reversed", meaning "outgoing" traffic is traffic going from the switch to your server, and "incoming" traffic is going from your server to the switch.

I would recommend running a virus scan on your system! I once had a server that an end user uploaded a DDoS PHP script to. Once they fired off the script, the server became unusable (No SSH or anything), and after rebooting the box there would be no trace. It was just a simple forloop with a fsocket command.

Actually I tried a few reboots before and the problem went away temporarily. Thanks I will check this now. — Mr. Hedgehog, Mar 27 '15 at 16:05

Server attack but on Upload not Download

1 Answers1