Anyone Else Experiencing DDoS Symptoms

[steve.milner]

On Monday (7th) we experienced severe slowdown of our web servers and 100% processor load across all our cluster CPUs without any corresponding change to software or systems. This occurred 15.30 BST and ended spontaneously at 24.00 BST

The problem was experienced again on Tuesday (8th) starting at 15.30 BST and has continued since then.

We are currently analysing the situation.

Anyone who is experiencing similar problems please let me know.

Regards,

Steve

[MrLinus]

Was the network high in correspondence to the high CPU? Did you see a specific process that was high on the process list?

I haven't seen anything on the sites I manage/admin other than usual stuff.

[steve.milner]

I haven't got the Network Stats at the minute. Our hosting company are slow in responding to requests.

IIS is the process that is high on the CPU.

We've tried droping all our "major" pages one by one and then restarting IIS to see if that resolves the problem - No joy but I really need the access logs from the Hosting Co.

One of our tech guys is debugging the proccess.

It's looking more and more like a DDoS at the moment but I've been wrong in the past.

Regards,

Steve

[thehorse13]

Is it still happening? Why wait for the logs when you can park a packet capture proggie infront of the box? WireShark anyone?

--TH13

[steve.milner]

TH13,

It's sorted out now, and a lack of change control has been the culprit! When the logs arrived it pointed us in the direction of the problem.

We don't have enough control of the servers to be able to install software on them without several forms & requests to the hosting company.

On a personal note the hosting company is IMHO crap and we need to review our contracts with them.

Thanks for the help guys.

Regards,

Steve

[davidmn]

In the start window I get the button 'Try It' which I clicked. But it still ends after 10 minutes.