LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-29-2004, 12:23 PM   #1
ignus
LQ Newbie
 
Registered: Jul 2004
Location: NC
Distribution: SuSe 8.2/OS X 10.3
Posts: 8

Rep: Reputation: 0
detecting a DOS attack


Today, the server I maintain all of a sudden lost connection with the outside world, but the internal network was fine. We tried to isolate the problem and found <i>something</i> to be wrong with one of our switches. After a lot of fiddling around we just unplugged it and plugged it back in (we had done this twice already) and this time it happened to work. I think it's fairly odd that this would just happen out of the blue. I checked back in the var logs and I checked the netstat at the time and didn't see anything weird, but I was wondering if there is a good way to see if maybe I was a victim of a DOS attack.

Thanks
 
Old 07-29-2004, 12:56 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
if you were under dos attack, you wouldn't have been able to fix it like that...

as soon as you re-connected the switch you would have been hit again...

 
Old 07-29-2004, 01:01 PM   #3
ignus
LQ Newbie
 
Registered: Jul 2004
Location: NC
Distribution: SuSe 8.2/OS X 10.3
Posts: 8

Original Poster
Rep: Reputation: 0
ok...
i did not know that...
i'm still kinda new at this stuff, thx though
 
Old 07-29-2004, 01:13 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
here's a nice paper on denial of service attacks:

http://www.cert.org/tech_tips/denial_of_service.html


you might also be interested in using a tool such as snort:

http://www.snort.org/


and this site is also kinda cool:

http://www.dshield.org/


=)



Last edited by win32sux; 07-29-2004 at 01:14 PM.
 
Old 07-29-2004, 02:17 PM   #5
ignus
LQ Newbie
 
Registered: Jul 2004
Location: NC
Distribution: SuSe 8.2/OS X 10.3
Posts: 8

Original Poster
Rep: Reputation: 0
Awesome, thanks for the resources.

I use a program called Henwen on one of our g5 servers, and so i've had some contact with snort through that, but I need to get it working on our linux servers as well... seeing as I basically depend entirely on extensive logging to pick up on anything weird.

Last edited by ignus; 07-29-2004 at 02:21 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 01:18 PM
Preventing local users from "text flooding" a terminal (DoS attack)... khermans Linux - Security 2 09-24-2003 07:56 AM
cups error log: possible DoS attack busbarn Linux - Security 1 04-30-2003 11:30 AM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM
How to safe from "DOS" Attack johnlee Linux - Security 1 01-06-2002 05:19 AM


All times are GMT -5. The time now is 09:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration