Am I being Dos'd?
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Am I being Dos'd?

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    10

    Am I being Dos'd?

    I was curious as the what is the best way to determine if you are being dos'd if you a running a linux server. I browsed the forums but counldn't find a tutorial on it.

  2. #2
    Member
    Join Date
    Jul 2007
    Posts
    40
    If you check your logs you should notice that you have packets coming in a certain time interval (like every 5 seconds) from the same IP (or range of IP if it's a bot farm).

    Or it might just mean you got popular (or /.ed or dugg or whatever)

    Did you piss someone off recently?

    Edit/Add:
    I was trying to find an example log file on the web to post but I found something better.

    http://www.securityfocus.com/infocus/1655

    This is an article on Security Focus that explains how to Identify a DDos Attack (it also has an example log file on the page)

    Hope that helps!
    Last edited by Ippersiel; August 10th, 2007 at 01:35 PM.

  3. #3
    Member
    Join Date
    Jul 2007
    Posts
    47
    What flavor of Linux? Some come with Ethereal installed natively...try that, or download it and sniff the incoming line.

    Tim

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Nice post\link Ippersiel

    BTW...welcome back

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Member
    Join Date
    Jul 2007
    Posts
    40
    Thanks for the greenies (are they still called that?) It's nice to be back!

  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    10
    I haven't pissed anyone off yet. I work for a web hosting company and I'm just curious on what I would need to look for currently I just use our IDS to locate and filter attacks but I would like to increase my knowledge. While im not currently familiar with what version these boxes run I know most of them use Red Hat. Also we have freebsd boxes. By the way thank you for the information provided so far it is very helpful.

  7. #7
    Member
    Join Date
    Jul 2007
    Posts
    47
    An easy solution for DoS attacks is TCP Intercept (I know some Cisco routers have this service...)---it proxy-SYN-ACK's a SYN request, and if it does not ACK back (as most DoS attacks do NOT), then the router drops the packet. Also, see if on the routing device if you can limit the number of half-open TCP connections.

    Tim

  8. #8
    Member
    Join Date
    Jul 2007
    Posts
    40
    Quote Originally Posted by HackerSlayer
    I haven't pissed anyone off yet.
    I like how you said yet

    Quote Originally Posted by c1sc0m4n
    An easy solution for DoS attacks is TCP Intercept (I know some Cisco routers have this service...)---it proxy-SYN-ACK's a SYN request, and if it does not ACK back (as most DoS attacks do NOT), then the router drops the packet.
    I'm not too familiar with these things, but if someone was being flooded by 10,000 connections, wouldn't that overload the TCP Intercept and in essence satisfy the DoS attack as well?

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I may well be wrong, but as far as I am aware a DoS attack is a pretty crude event?

    Like you are bigger than they are and win or they are bigger than you and you lose?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    144
    The perfect solutions would be to have anyone with a border router to not allow any traffic to exit there network that is not a source IP contained within their network, hence stopping spoofing, a technique used by zombies/trojans/virii. A majority of directed attacks use this technique

    This would never happen of course, due to so many ISP's knowing close to nothing about security let alone how TCP/IP works
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

Similar Threads

  1. AOL DOS'd????
    By 4MidgetHitmen in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: November 14th, 2002, 02:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides