Penetration Testing mailing list archives
Re: DoS problem.
From: Volker Tanger <vtlists () wyae de>
Date: Sat, 21 Jan 2006 21:18:57 +0100
Greetings! On Fri, 20 Jan 2006 16:01:30 -0200 Jorge Alfredo Garcia <frederix () gmail com> wrote:
I have two dedicated servers, both hosted by the same provider and both on the same segmnet. I am under a denial of services attack but idont know exactaly how to stop it. Here is a piece of my netstat output: tcp 0 1 XX.XX.XX.AA:47561 XX.XX.XX.BB:80 SYN_SENT Ok, XX.XX.XX.AA is the server i am in now. XX.XX.XX.BB is mine two and here are the connections: tcp 0 0 XX.XX.XX.BB:80 XX.XX.XX.AA:50749 SYN_RECV
So you are seeing thousands of HTTP requests going from server AA to BB. If you are not seeing any SynAc or data traffic, your server AA has an open/listening socket, but does not answer, thus BB is re-trying hard. Some protocols (e.g. XML-RPC) are using http-like connections (via tcp/80), so you might see your very own back-office application running wild, trying to connect to an HTTP-based application on AA. So maybe you might want to stop server BB and then look into re-starting AA to give AA a change for clean startup before putting a load onto it. Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: DoS problem. Volker Tanger (Jan 21)
- <Possible follow-ups>
- Re: DoS problem. Matthew Baker (Jan 21)
- RE: DoS problem. Steve McLaughlin (Jan 23)