Re: DoS problem.


On Fri, 20 Jan 2006 16:01:30 -0200
Jorge Alfredo Garcia <frederix@xxxxxxxxx> wrote:

> I have two dedicated servers, both hosted by the same provider and
> both on the same segmnet.
> I am under a denial of services attack but idont know exactaly how to
> stop it. Here is a piece of my netstat output:
> tcp 0 1 XX.XX.XX.AA:47561 XX.XX.XX.BB:80
> Ok, XX.XX.XX.AA is the server i am in now.
> XX.XX.XX.BB is mine two and here are the connections:
> tcp 0 0 XX.XX.XX.BB:80 XX.XX.XX.AA:50749

So you are seeing thousands of HTTP requests going from server AA to BB.
If you are not seeing any SynAc or data traffic, your server AA has an
open/listening socket, but does not answer, thus BB is re-trying hard.

Some protocols (e.g. XML-RPC) are using http-like connections (via
tcp/80), so you might see your very own back-office application running
wild, trying to connect to an HTTP-based application on AA.

So maybe you might want to stop server BB and then look into re-starting
AA to give AA a change for clean startup before putting a load onto it.




Volker Tanger
vtlists@xxxxxxx PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at: