LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   detecting a DOS attack (https://www.linuxquestions.org/questions/linux-security-4/detecting-a-dos-attack-211095/)

ignus 07-29-2004 12:23 PM

detecting a DOS attack
 
Today, the server I maintain all of a sudden lost connection with the outside world, but the internal network was fine. We tried to isolate the problem and found <i>something</i> to be wrong with one of our switches. After a lot of fiddling around we just unplugged it and plugged it back in (we had done this twice already) and this time it happened to work. I think it's fairly odd that this would just happen out of the blue. I checked back in the var logs and I checked the netstat at the time and didn't see anything weird, but I was wondering if there is a good way to see if maybe I was a victim of a DOS attack.

Thanks

win32sux 07-29-2004 12:56 PM

if you were under dos attack, you wouldn't have been able to fix it like that...

as soon as you re-connected the switch you would have been hit again...


ignus 07-29-2004 01:01 PM

ok...
i did not know that...
i'm still kinda new at this stuff, thx though

win32sux 07-29-2004 01:13 PM

here's a nice paper on denial of service attacks:

http://www.cert.org/tech_tips/denial_of_service.html


you might also be interested in using a tool such as snort:

http://www.snort.org/


and this site is also kinda cool:

http://www.dshield.org/


=)



ignus 07-29-2004 02:17 PM

Awesome, thanks for the resources.

I use a program called Henwen on one of our g5 servers, and so i've had some contact with snort through that, but I need to get it working on our linux servers as well... seeing as I basically depend entirely on extensive logging to pick up on anything weird.


All times are GMT -5. The time now is 05:17 AM.