I have an Amazon EC2 instance which will periodically receive a spike in network input – always at around 6:45am. It sounds like exactly the same issue in this thread (Analyzing a periodic network spike), but I'm unable to comment on the thread to ask if / how it was resolved. It was suggested to use MRTG to monitor the traffic, but by the looks of it this will only give me the information that the AWS management console gives. I'm guessing the spike will be coming from a single (or limited set of) IP address(s), so I figure the best thing is to find out which IP address the requests are originating from then configure the firewall to block them, but I'm not sure how to go about finding this out.
Has anyone else dealt with this problem before? (The spike on EC2 instances) – it seems very coincidental that the description sounds exactly the same as the other posts – maybe it's an issue with EC2 servers? Or could anyone help with how I would go about finding the IP address of the requests causing the spike so it can be blocked?
Best Answer
I had the same issue with the same time. It ended up being
/etc/cron.daily/apt