How to interpret this jnettop output?How can I sort du -h output by sizeHttpd problem, suspect an attack but...

Skis versus snow shoes - when to choose which for travelling the backcountry?

The need of reserving one's ability in job interviews

How to substitute values from a list into a function?

Rationale to prefer local variables over instance variables?

Wrap all numerics in JSON with quotes

What type of investment is best suited for a 1-year investment on a down payment?

Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?

VAT refund for a conference ticket in Sweden

Is the withholding of funding notice allowed?

Is divide-by-zero a security vulnerability?

Citing contemporaneous (interlaced?) preprints

A bug in Excel? Conditional formatting for marking duplicates also highlights unique value

How can I create a Table like this in Latex?

Second-rate spelling

Why are special aircraft used for the carriers in the United States Navy?

What is a term for a function that when called repeatedly, has the same effect as calling once?

I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?

Giving a talk in my old university, how prominently should I tell students my salary?

How to mitigate "bandwagon attacking" from players?

How can I be pwned if I'm not registered on the compromised site?

Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?

In iTunes 12 on macOS, how can I reset the skip count of a song?

Are small insurances worth it

What Does the Heart In Gyms Mean?



How to interpret this jnettop output?


How can I sort du -h output by sizeHttpd problem, suspect an attack but not sureMitigate DDoS attack with HAProxyDos/ Flood Lag even though Port not SaturatedAnyone else experiencing high rates of Linux server crashes during a leap second day?Reasons for missing IP info in `last` output on pts logins?I am under DDoS. What can I do?Abnormal CPU usage during Disk Write OperationsProtecting against a DOS attackIs this a DDoS attack? It's been overr 48 hours. What do I do?













0















Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



http://imgur.com/xozMvz9



and this is an example of when the issue is happeing:



http://imgur.com/AEgW5he



SO my question is: what does that "IP" in protocol and also "0" in port means????



I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






linux ddos







share|improve this question














bumped to the homepage by Community 11 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    0















    Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



    http://imgur.com/xozMvz9



    and this is an example of when the issue is happeing:



    http://imgur.com/AEgW5he



    SO my question is: what does that "IP" in protocol and also "0" in port means????



    I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






    linux ddos







    share|improve this question














    bumped to the homepage by Community 11 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      0












      0








      0








      Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



      http://imgur.com/xozMvz9



      and this is an example of when the issue is happeing:



      http://imgur.com/AEgW5he



      SO my question is: what does that "IP" in protocol and also "0" in port means????



      I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






      linux ddos







      share|improve this question














      Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



      http://imgur.com/xozMvz9



      and this is an example of when the issue is happeing:



      http://imgur.com/AEgW5he



      SO my question is: what does that "IP" in protocol and also "0" in port means????



      I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






      linux ddos




      linux ddos






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 14 '13 at 23:31









      user189986user189986

      61




      61





      bumped to the homepage by Community 11 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 11 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



          You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f538995%2fhow-to-interpret-this-jnettop-output%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



            You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






            share|improve this answer




























              0














              Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



              You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






              share|improve this answer


























                0












                0








                0







                Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



                You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






                share|improve this answer













                Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



                You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 16 '13 at 22:20









                b0fhb0fh

                2,9681529




                2,9681529






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f538995%2fhow-to-interpret-this-jnettop-output%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Фонтен-ла-Гаярд Зміст Демографія | Економіка | Посилання |...

                    Image
                    Муніципалітети департаменту Йонна фр.муніципалітетФранціїБургундія-Франш-КонтеЙоннаПарижаДіжонаОсера Фонтен-ла-Гаярд Fontaine-la-Gaillarde Країна  Франція Регіон Бургундія-Франш-Конте  Департамент Йонна  Округ Сан Кантон Сан-Норд-Ест Код INSEE 89172 Поштові індекси 89100 Координати 48°13′13″ пн. ш. 3°22′51″ сх. д. H G O Висота 111 - 234 м.н.р.м. Площа 10,61 км² Населення 502 (2011-01-01) Густота 47,31 ос./км² Розміщення Влада Мер Мандат Michel Papinaud 2014-2020 Фонте́н-ла-Гая́рд , Фонтен-ла-Ґаярд (фр. Fontaine-la-Gaillarde ) — муніципалітет у Франції, у регіоні Бургундія-Франш-Конте, департамент Йонна. Населення — 502 осіб (2011) [1] . Муніципалітет розташований на відстані [2] близько 105 км на південний схід від Парижа, 160 км на північний захід від Діжона, 50 км на північ від Осера. Зміст 1 Демографія 2 Економіка 3 Посилання 4 Див. т...
                    Read more

                    Список ссавців Італії Природоохоронні статуси | Список |...

                    Image
                    Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з ...
                    Read more

                    Маріан Котлеба Зміст Життєпис | Політичні погляди |...

                    Image
                    Народились 7 квітняНародились 1977Уродженці Банської БистриціВипускники Університету Матея БелаСловацькі політикиРевізіоністи ГолокостуРомофобиУльтраправіШовіністиПопулізмКритики Європейського союзуАнтиамериканізм словац.7 квітня1977Банська БистрицяЧССРультраправийсловацькийполітикЙозефу ТісоПершій Словацькій республіціВолодимиру ПутінуциганНАТОСШАЄвросоюзусловацьке національне повстанняантисемітськоїпопулістської«Котлеба — Народної партії Наша Словаччина»Банськобистрицького краю7 квітня1977Банська БистрицяЧССРуніверситету Матея Бела20062000200921 лютого2010єврословацьку кронугромадського партнерстваЄСНАТОромської меншини2012напіввоєнізованих структурМіністерство внутрішніх справчервні2016Верховний судБанськобистрицькому краї2016однопалатний словацький законодавчий орган«Котлеба — Народна партія Наша Словаччина»Банськобистрицького краю«Глінкова гвардія»Другої світової війни«Революцію гідності» Маріан Котлеба словац. Marian Kotleba Народився 7 квітня 1977 ( 1977-04-...
                    Read more