Re: DoS problem.

From: Volker Tanger (vtlists@wyae.de)
Date: Sat Jan 21 2006 - 15:18:57 EST

• Next message: Bobby: "Get Víagra Onlíne Cheap! Ínternet Specíal!"
• Previous message: Eyal Udassin: "RE: Pen-Testing a japanese site..."
• Next in thread: Matthew Baker: "Re: DoS problem."
• Maybe reply: Matthew Baker: "Re: DoS problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Greetings!

On Fri, 20 Jan 2006 16:01:30 -0200
Jorge Alfredo Garcia <frederix@gmail.com> wrote:

> I have two dedicated servers, both hosted by the same provider and
> both on the same segmnet.
> I am under a denial of services attack but idont know exactaly how to
> stop it. Here is a piece of my netstat output:
>
> tcp 0 1 XX.XX.XX.AA:47561 XX.XX.XX.BB:80
> SYN_SENT
>
> Ok, XX.XX.XX.AA is the server i am in now.
> XX.XX.XX.BB is mine two and here are the connections:
>
> tcp 0 0 XX.XX.XX.BB:80 XX.XX.XX.AA:50749
> SYN_RECV

So you are seeing thousands of HTTP requests going from server AA to BB.
If you are not seeing any SynAc or data traffic, your server AA has an
open/listening socket, but does not answer, thus BB is re-trying hard.

Some protocols (e.g. XML-RPC) are using http-like connections (via
tcp/80), so you might see your very own back-office application running
wild, trying to connect to an HTTP-based application on AA.

So maybe you might want to stop server BB and then look into re-starting
AA to give AA a change for clean startup before putting a load onto it.

Bye

Volker

-- 
Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Bobby: "Get Víagra Onlíne Cheap! Ínternet Specíal!"
• Previous message: Eyal Udassin: "RE: Pen-Testing a japanese site..."
• Next in thread: Matthew Baker: "Re: DoS problem."
• Maybe reply: Matthew Baker: "Re: DoS problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:23 EDT