Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-31-2002, 10:18 PM   #1
Registered: Nov 2001
Distribution: Solaris, Redhat AS, SUSE
Posts: 47

Rep: Reputation: 15
Are we under DOS attack?

I operate a small ISP with a 1Mb/s connection.

We have seen a strange thing recently. Suddenly all our bandwidth becomes busy. Even when I disconnect all users from our 3600 router (E1 Dialup lines) bandwidth remains busy (about whole 1MB/s) and comes to zero after a while (15 - 45 Minutes).

I have investigated our windows machines for Nimada and other visuses. Even when I disconnect windows machines this continues.

We are connected to the internet through a 2600 series Cisco router.

1- Is it possible to Put DOS attack on 2600 router itself?
2- We have a linux box with Squid (Red hat 7.2). Is it possible that some program in linux box does this .

3- How can I know (Generally) I am under DOS attack? (A. For Cisco routers, B. For Linux Boxes and C. Windows Machines )?

some observation that I did recently :

Even though I had disconnected all users there was about 100 connections (using netstat -a)

As soon as I killed squid processes bandwidth came to zero.

Is there any bug with squid?

Any comments is appereciated.


Last edited by sarmadys; 02-06-2002 at 10:37 PM.
Old 02-01-2002, 09:22 AM   #2
Registered: Dec 2001
Posts: 195

Rep: Reputation: 30
One thing that you can do it take a look at your logs on the internet router, i think you said its a 2600. See what traffic is coming in and out.

And YES, someone can DOS an internet router. Also call your ISP. You can work with them on figuring this out. THere are also sniffers you use to see whats actually coming in and out.
I hope this helps.
Old 02-06-2002, 10:41 PM   #3
Registered: Nov 2001
Distribution: Solaris, Redhat AS, SUSE
Posts: 47

Original Poster
Rep: Reputation: 15
No one is using Squid?

Hello Again,

It seems no one has enogh experince with squid?

So would you please introduce a place that I can ask my questions there?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
detecting a DOS attack ignus Linux - Security 4 07-29-2004 03:17 PM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 01:52 PM
Preventing local users from "text flooding" a terminal (DoS attack)... khermans Linux - Security 2 09-24-2003 08:56 AM
cups error log: possible DoS attack busbarn Linux - Security 1 04-30-2003 12:30 PM
How to safe from "DOS" Attack johnlee Linux - Security 1 01-06-2002 06:19 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:49 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration