Re: DoS problem.



Greetings!

On Fri, 20 Jan 2006 16:01:30 -0200
Jorge Alfredo Garcia <frederix@xxxxxxxxx> wrote:

> I have two dedicated servers, both hosted by the same provider and
> both on the same segmnet.
> I am under a denial of services attack but idont know exactaly how to
> stop it. Here is a piece of my netstat output:
>
> tcp 0 1 XX.XX.XX.AA:47561 XX.XX.XX.BB:80
> SYN_SENT
>
> Ok, XX.XX.XX.AA is the server i am in now.
> XX.XX.XX.BB is mine two and here are the connections:
>
> tcp 0 0 XX.XX.XX.BB:80 XX.XX.XX.AA:50749
> SYN_RECV

So you are seeing thousands of HTTP requests going from server AA to BB.
If you are not seeing any SynAc or data traffic, your server AA has an
open/listening socket, but does not answer, thus BB is re-trying hard.

Some protocols (e.g. XML-RPC) are using http-like connections (via
tcp/80), so you might see your very own back-office application running
wild, trying to connect to an HTTP-based application on AA.

So maybe you might want to stop server BB and then look into re-starting
AA to give AA a change for clean startup before putting a load onto it.

Bye

Volker


--

Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@xxxxxxx PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • RE: DCOM Security.
    ... connection to a domain server, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Vulnerability assessment for small business
    ... Advice them to get a server for heavens sake. ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... >Hackers are concentrating their efforts on attacking applications on ... Cross site scripting and other web attacks before ...
    (Pen-Test)
  • RE: ARP Spoofing and Routing
    ... It's pretty nice and very easy to use once you figure out the arp spoofing piece. ... >What I was trying to do was arpspoof a server so that I could intercept ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... Check your website for ...
    (Pen-Test)
  • e-mail address mining tool?
    ... users inside a domain, from the email server. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • RE: Identify the make and model of a Mail Server
    ... Identify the make and model of a Mail Server ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)