detecting a DOS attack
Today, the server I maintain all of a sudden lost connection with the outside world, but the internal network was fine. We tried to isolate the problem and found <i>something</i> to be wrong with one of our switches. After a lot of fiddling around we just unplugged it and plugged it back in (we had done this twice already) and this time it happened to work. I think it's fairly odd that this would just happen out of the blue. I checked back in the var logs and I checked the netstat at the time and didn't see anything weird, but I was wondering if there is a good way to see if maybe I was a victim of a DOS attack.
Thanks |
if you were under dos attack, you wouldn't have been able to fix it like that...
as soon as you re-connected the switch you would have been hit again... |
ok...
i did not know that... i'm still kinda new at this stuff, thx though |
here's a nice paper on denial of service attacks:
http://www.cert.org/tech_tips/denial_of_service.html you might also be interested in using a tool such as snort: http://www.snort.org/ and this site is also kinda cool: http://www.dshield.org/ =) |
Awesome, thanks for the resources.
I use a program called Henwen on one of our g5 servers, and so i've had some contact with snort through that, but I need to get it working on our linux servers as well... seeing as I basically depend entirely on extensive logging to pick up on anything weird. |
All times are GMT -5. The time now is 05:17 AM. |