Are we under DOS attack?
I operate a small ISP with a 1Mb/s connection.
We have seen a strange thing recently. Suddenly all our bandwidth becomes busy. Even when I disconnect all users from our 3600 router (E1 Dialup lines) bandwidth remains busy (about whole 1MB/s) and comes to zero after a while (15 - 45 Minutes).
I have investigated our windows machines for Nimada and other visuses. Even when I disconnect windows machines this continues.
We are connected to the internet through a 2600 series Cisco router.
1- Is it possible to Put DOS attack on 2600 router itself?
2- We have a linux box with Squid (Red hat 7.2). Is it possible that some program in linux box does this .
3- How can I know (Generally) I am under DOS attack? (A. For Cisco routers, B. For Linux Boxes and C. Windows Machines )?
some observation that I did recently :
Even though I had disconnected all users there was about 100 connections (using netstat -a)
As soon as I killed squid processes bandwidth came to zero.
Is there any bug with squid?
Any comments is appereciated.
Last edited by sarmadys; 02-06-2002 at 09:37 PM.