-
July 9th, 2008, 04:19 PM
#1
Anyone Else Experiencing DDoS Symptoms
On Monday (7th) we experienced severe slowdown of our web servers and 100% processor load across all our cluster CPUs without any corresponding change to software or systems. This occurred 15.30 BST and ended spontaneously at 24.00 BST
The problem was experienced again on Tuesday (8th) starting at 15.30 BST and has continued since then.
We are currently analysing the situation.
Anyone who is experiencing similar problems please let me know.
Regards,
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
July 9th, 2008, 04:37 PM
#2
Was the network high in correspondence to the high CPU? Did you see a specific process that was high on the process list?
I haven't seen anything on the sites I manage/admin other than usual stuff.
-
July 9th, 2008, 04:43 PM
#3
I haven't got the Network Stats at the minute. Our hosting company are slow in responding to requests.
IIS is the process that is high on the CPU.
We've tried droping all our "major" pages one by one and then restarting IIS to see if that resolves the problem - No joy but I really need the access logs from the Hosting Co.
One of our tech guys is debugging the proccess.
It's looking more and more like a DDoS at the moment but I've been wrong in the past.
Regards,
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
July 9th, 2008, 08:52 PM
#4
Is it still happening? Why wait for the logs when you can park a packet capture proggie infront of the box? WireShark anyone?
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 10th, 2008, 09:50 AM
#5
TH13,
It's sorted out now, and a lack of change control has been the culprit! When the logs arrived it pointed us in the direction of the problem.
We don't have enough control of the servers to be able to install software on them without several forms & requests to the hosting company.
On a personal note the hosting company is IMHO crap and we need to review our contracts with them.
Thanks for the help guys.
Regards,
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 5th, 2008, 12:28 AM
#6
Junior Member
I was to hasty in my previous reply.
In the start window I get the button 'Try It' which I clicked. But it still ends after 10 minutes.
Similar Threads
-
By NullDevice in forum The Security Tutorials Forum
Replies: 21
Last Post: December 17th, 2003, 10:03 PM
-
By NetSyn in forum Miscellaneous Security Discussions
Replies: 6
Last Post: May 3rd, 2002, 03:51 PM
-
By NetSyn in forum Security Archives
Replies: 8
Last Post: February 3rd, 2002, 09:27 AM
-
By acidphreak in forum Non-Security Archives
Replies: 0
Last Post: December 20th, 2001, 02:52 PM
-
By Ennis in forum The Security Tutorials Forum
Replies: 4
Last Post: November 15th, 2001, 07:42 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|