Мой VPS отправлял большую исходящую атаку со скоростью 10 МБ / с. Нормально макс 300Кб / с
Я пробовал искать в Интернете, искать какую-то папку / tmp, устанавливать Linux Malware Detect, устанавливать csf с включением атаки UDP out ... безуспешно.
Я думаю, что попытка определить, что отправляет трафик, - лучший способ выяснить, что происходит
Вот результат netstat -a -n Pastebin
Вот результат tcpdump Mega.co.nz
Я пробовал искать где-то, но у меня недостаточно знаний о Linux, чтобы исследовать. Любая помощь будет оценена по достоинству.
Спасибо.
Обновить вывод netstat -s
[root@vps ~]# netstat -s
Ip:
495103797 total packets received
1 with invalid addresses
0 forwarded
0 incoming packets discarded
493769051 incoming packets delivered
1204381056 requests sent out
3692 outgoing packets dropped
5 fragments failed
Icmp:
13585 ICMP messages received
201 input ICMP message failed.
ICMP input histogram:
destination unreachable: 10082
timeout in transit: 3276
redirects: 3
echo requests: 183
echo replies: 2
240 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 57
echo replies: 183
IcmpMsg:
InType0: 2
InType3: 10082
InType5: 3
InType8: 183
InType11: 3276
OutType0: 183
OutType3: 57
Tcp:
1015004 active connections openings
5115582 passive connection openings
15442 failed connection attempts
452556 connection resets received
625 connections established
493650804 segments received
1183198473 segments send out
21110586 segments retransmited
4286 bad segments received.
450901 resets sent
Udp:
104609 packets received
53 packets to unknown port received.
0 packet receive errors
104876 packets sent
UdpLite:
TcpExt:
13815 resets received for embryonic SYN_RECV sockets
513 packets pruned from receive queue because of socket buffer overrun
18 ICMP packets dropped because they were out-of-window
11 ICMP packets dropped because socket was locked
1945118 TCP sockets finished time wait in fast timer
120383 packets rejects in established connections because of timestamp
2393832 delayed acks sent
20868 delayed acks further delayed because of locked socket
Quick ack mode was activated 892171 times
143751 times the listen queue of a socket overflowed
143751 SYNs to LISTEN sockets ignored
2669 packets directly queued to recvmsg prequeue.
71540 packets directly received from backlog
17015 packets directly received from prequeue
11857275 packets header predicted
434 packets header predicted and directly queued to user
316066031 acknowledgments not containing data received
137222044 predicted acknowledgments
5268 times recovered from packet loss due to fast retransmit
7584644 times recovered from packet loss due to SACK data
14306 bad SACKs received
Detected reordering 14577 times using FACK
Detected reordering 22980 times using SACK
Detected reordering 153 times using reno fast retransmit
Detected reordering 27061 times using time stamp
30970 congestion windows fully recovered
165972 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 30728
117297 congestion windows recovered after partial ack
9256669 TCP data loss events
TCPLostRetransmit: 833948
732 timeouts after reno fast retransmit
512652 timeouts after SACK recovery
508711 timeouts in loss state
13240706 fast retransmits
742717 forward retransmits
3815497 retransmits in slow start
893992 other TCP timeouts
TCPRenoRecoveryFail: 1286
544869 sack retransmits failed
46724 packets collapsed in receive queue due to low socket buffer
894292 DSACKs sent for old packets
477 DSACKs sent for out of order packets
899625 DSACKs received
50946 DSACKs for out of order packets received
111195 connections reset due to unexpected data
177489 connections reset due to early user close
55313 connections aborted due to timeout
604 times unable to send RST due to no memory
TCPSACKDiscard: 2309
TCPDSACKIgnoredOld: 23725
TCPDSACKIgnoredNoUndo: 499117
TCPSpuriousRTOs: 42473
TCPSackMerged: 3
TCPSackShiftFallback: 92353444
TCPChallengeACK: 27513
TCPSYNChallenge: 4338
IpExt:
InOctets: 73868759266
OutOctets: 1748150154862