Hello, today I found that one of my idle VPS receives a constant ~1Mbps incoming traffic.
Since it is an idle VPS, it shouldn't receive such incoming traffic.
The outgoing traffic is normal, and my other idle VPS do not receive such incoming traffic.
What could it be?
Comments
You have to consider that the IP you get from your provider has been recycled and used by other customers before you so it could be lots of things really.
But in a nutshell, just because you're idling it doesn't mean it's as good as dead
For domain registrations, create an account at Dynadot (ref) and spend $9.99 within 48 hours to receive $5 DynaDollars!
Looking for cost-effective Managed/Anycast/DDoS-Protected/Geo DNS Services? Try ClouDNS (aff).
I want to understand what does it means. Do you mean that others are trying to connect to my server and send some traffics?
Regarding recyclying, this constant traffic only appears this month. Before that it has been idling for several months without such incoming traffic.
On what ports are you receiving it? I assume UDP
Outgoing, maybe but incoming? Are you sure about this?
I see no difference in the possibilities really, like I said, it could be anything, especially without any data or details being presented/shared.
OP would be better off asking his/her provider.
For domain registrations, create an account at Dynadot (ref) and spend $9.99 within 48 hours to receive $5 DynaDollars!
Looking for cost-effective Managed/Anycast/DDoS-Protected/Geo DNS Services? Try ClouDNS (aff).
tcpdump & Wireshark can show you what traffic it is.
It only takes a minor slip of the keyboard, in someone else's DNS config, to send people to your IP in error.
This seems by far the best first step, especially if you have no active services to confuse the data. On linux tcpdump is a trivial install, use 'tcpdump not host 123.123.123.123 and not arp' to filter out your own terminal traffic and local ARP, see what you're getting...
tcpdump and check from where.
I had a VPS with 150GB Traffic and some idiot within the same subnet send me 10GB of DNS traffic per day, which resulted in suspension of the vps.
kurwa
Won't buy anything below 500GB anymore, pain in the arse.
Free NAT KVM | Free NAT LXC
@yoursunny @cochon @Neoon
Thanks for the suggest. I use tcpdump and capture some packets.
However, I could not understand the results.
For example: UDP results:
And TCP results:
Why those packets reach my VPS as their target IP addresses are different from my VPS address?
I see FranTech IP.
They are known to have Tor exits that are used to send DDoS attacks.
You need to unfran your network and cancel the idle VPS.
I see one packet being broadcast to 255.255.255.255, so you would normally receive it.
For the others, something is wrong on the host node, which causes your KVM to receive traffic intended for other KVM.
Makes you wonder about the services the connections are really intended for though most of the endpoint ports look a bit random.
Edit: My guess would be they're de-configured IP's on the host node that you're now getting by default/fallback. Ticket required.
Thanks @yoursunny @cochon
I'll ticket to Francisco.
i did see FranTech IPs ping my penis ports now and then. I wonder if he bans them or let them pollute the ips
Hey @zxrlha ! It's been awhile. . . . May we please have a little update? I'm curious about what has happened! Thanks! Best wishes! ♒︎
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
I sent a ticket to buyvm.
They asked password for root. After I give it, they fixed it.
However, it seems that they did nothing inside the VM, so I don't know why they ask for root password.
Normal.
Try booting up an OVH vps for the first time. You will get hundreds of incoming connections, all trying to hack into your new, unpatched, vps.
Thus, it has to be said that the end is nigh.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.