[thelist] tcp connections / load average
patrick
pms at stoutstreet.com
Thu May 31 07:44:40 CDT 2012
On 5/31/2012 12:20 am, Bob Meetin wrote:
> tcp 0 0 174.121.xxx.xxx:80 $ip_address:58530 TIME_WAIT -
> tcp 0 0 174.121.xxx.xxx:80 $ip_address:58532 TIME_WAIT -
>
> The load average skyrocketed (>100) so I checked a log file and found
> a ton of tcp connections from the same address ($ip_address). When
> this happens I commonly check Project Honeypot and can track them to
> comment spammers, mail harvestors, etc.
>
> In this case, nothing glaring shows. What else might I check to see if
> this is, indeed, the source and an unwanted visitor?
>
> Bob
>
Can you check what resources/pages are being targeted? Are you seeing
GETs and POSTs where you shouldn't?
--
patrick sanders
http://www.stoutstreet.com
web sites that fit
More information about the thelist
mailing list