LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-31-2002, 09:18 PM   #1
sarmadys
Member
 
Registered: Nov 2001
Distribution: Solaris, Redhat AS, SUSE
Posts: 47

Rep: Reputation: 15
Are we under DOS attack?


I operate a small ISP with a 1Mb/s connection.

We have seen a strange thing recently. Suddenly all our bandwidth becomes busy. Even when I disconnect all users from our 3600 router (E1 Dialup lines) bandwidth remains busy (about whole 1MB/s) and comes to zero after a while (15 - 45 Minutes).

I have investigated our windows machines for Nimada and other visuses. Even when I disconnect windows machines this continues.

We are connected to the internet through a 2600 series Cisco router.

1- Is it possible to Put DOS attack on 2600 router itself?
2- We have a linux box with Squid (Red hat 7.2). Is it possible that some program in linux box does this .

3- How can I know (Generally) I am under DOS attack? (A. For Cisco routers, B. For Linux Boxes and C. Windows Machines )?

some observation that I did recently :

Even though I had disconnected all users there was about 100 connections (using netstat -a)

As soon as I killed squid processes bandwidth came to zero.

Is there any bug with squid?



Any comments is appereciated.

Mac

Last edited by sarmadys; 02-06-2002 at 09:37 PM.
 
Old 02-01-2002, 08:22 AM   #2
ForumKid
Member
 
Registered: Dec 2001
Posts: 195

Rep: Reputation: 30
Hi,
One thing that you can do it take a look at your logs on the internet router, i think you said its a 2600. See what traffic is coming in and out.

And YES, someone can DOS an internet router. Also call your ISP. You can work with them on figuring this out. THere are also sniffers you use to see whats actually coming in and out.
I hope this helps.
 
Old 02-06-2002, 09:41 PM   #3
sarmadys
Member
 
Registered: Nov 2001
Distribution: Solaris, Redhat AS, SUSE
Posts: 47

Original Poster
Rep: Reputation: 15
No one is using Squid?

Hello Again,

It seems no one has enogh experince with squid?

So would you please introduce a place that I can ask my questions there?

Regards,
Mac
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 12:52 PM
Preventing local users from "text flooding" a terminal (DoS attack)... khermans Linux - Security 2 09-24-2003 07:56 AM
cups error log: possible DoS attack busbarn Linux - Security 1 04-30-2003 11:30 AM
How to safe from "DOS" Attack johnlee Linux - Security 1 01-06-2002 05:19 AM


All times are GMT -5. The time now is 03:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration