denial of service attack? what is this?

Ok, lately, of course, at 1 am when no one is at the noc, something happens on one of my servers, that shoots up the load to the 100's and brings all the other servers on the same network to a standstill because it is maxing out my 10meg connection.

Their is no clue in the 'messages' log, or anything like that. I believe the last time this happened I went to the noc to see myself so i could run a top proccess, and it was something like a 'perl' proccess with somesort of rpmupdate script was doing it, but i checked into that further and it didn't seem it was the case. How can i track down the source of this problem? How do I see if it's a proccess acting weird, a hacker, or something else? If anyone could help I would really appreciate it.

 

 

 

 

Top