Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denial-of-service]

Denial of service attack, is an attempt through some means to make a computer or network resource unavailable.

Some systems are susceptible to a simple "ping of death", where the amount of ping traffic is enough to disrupt their connectivity to the internet.

In more common scenarios, the amount of available upstream bandwidth becomes saturated by repeated requests for a file on the target computer, or by large UDP packets.
When the attack comes from more than one source IP, it is known as a distributed denial of service attack or DDOS

167 questions
0
votes
1 answer

Under DoS, how to alter MediaWiki to reject quickly any editing and history requests for anonymous users

One of our MediaWiki - based projects seems under DoS attack - unusual number of anonymous users try to edit pages and view or edit history requests. While anonymous editing is disabled on that project and these anonymous users (I assume, bots)…
h22
  • 254
  • 2
  • 9
0
votes
3 answers

Is this a denial of service attack?

I have my kern.log flooded by these lines: Jan 4 03:00:57 myhost kernel: [9040601.809740] iptables denied: IN=eth0 OUT= MAC=10:00:25:09:e7:40:00:21:5e:3f:c4:04:08:00 SRC=178.33.217.13 DST=xx.xx.xx.xx LEN=64 TOS=0x00 PREC=0x00 TTL=236 ID=33285…
MultiformeIngegno
  • 1,687
  • 9
  • 26
  • 31
0
votes
4 answers

apache being flooded?

I have a linux apache server which was running fine until a few days ago. What happened is from the access log there are lines like this, and the log file is growing by many lines every second. Initially I suspected the server was dos attacked and…
Daniel
  • 23
  • 1
  • 5
0
votes
1 answer

DNS Server being used for Amplified DNS Attack - ripe.net

We have a small secondary DNS server running on our office ADSL. However, it is currently getting hundreds of requests a second for ripe.net, which is saturating our connection. From reading on the web it looks like it could be part of an…
Ross Buggins
  • 198
  • 1
  • 2
  • 9
0
votes
2 answers

iptables logs but doesn't drop packets

I am trying to create some simple iptables DOS protection rules for my web server. I was doing testing on the following rules: iptables -N LOGDROP > /dev/null 2> /dev/null iptables -F LOGDROP iptables -A LOGDROP -j LOG --log-prefix "LOGDROP…
adam35413
  • 1
0
votes
1 answer

Windows Server 2008 Denial of Service Detection

We have a Windows 2008 server that hosts a file share in which a SQL server database is stored and accessed from another SQL server on the same network. Periodically, the database become inaccessible and when we check the event logs on the Windows…
DCNYAM
  • 1,029
  • 7
  • 14
0
votes
1 answer

Detecting DOS attack

On one of our systems we see many requests that take 75 seconds. Under low traffic responses are ca 0.3 seconds. What I am wondering is if someone is trying to keep connections open in order to drain the connection pool. But then closing it before…
Shiraz Bhaiji
  • 2,229
  • 9
  • 34
  • 47
0
votes
2 answers

CentOS Server keeps grinding to a halt, then comes back up

CentOS 5.2 LAMP server The server slows down to a point where no services are responding. After a few minutes, it comes back and is running well. The server keeps doing this cycle, what could be wrong? I have stopped the exim and proftpd services…
user69904
  • 231
  • 3
  • 12
0
votes
1 answer

DDOS Mitigation Services

Over the past week we have been a victim of two seperate ddos attacks varying in scale. The last one was very large and very hard to mitigate. We are looking at solutions from veriSign and Akamai but the prices are so steep. I found a company…
Tyler Miranda
  • 73
  • 2
  • 9
0
votes
2 answers

what should be limit to use for IPTABLE rate limiting for a webserver

I see on my webserver some logs as follows 203.252.157.98 - :25:02 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:03 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @…
Registered User
  • 1,463
  • 5
  • 18
  • 37
0
votes
1 answer

How do I prevent against a DOS attack through Outlook Web Access?

If I configure an Active Directory Lockout Policy, then someone can use repeated bad login attempts to lock users out. How do I block an IP if enough bad login attempts come from it? Can I do this through IIS or do I need something else? I am…
SLY
  • 1,286
  • 1
  • 13
  • 28
0
votes
3 answers

Measure bandwidth by client IP in realtime

I have been recently attacked using DoS attack on random ports. I wasn't able to get the attackers IP and now I would like to find it. What tool can show me bandwidth (in Kbits/Mbits) used by each client IP? It's dedicated server. I know that I'm…
mickula
  • 342
  • 1
  • 2
  • 10
0
votes
4 answers

Preventing Denial of Service Attacks

What's the most effecient way to prevent DoS attacks for game servers? Currently I do something like this: iptables -A INPUT -p udp --dport 27015 -m length --length 28 -j DROP Is it the best way?
Alon Gubkin
  • 666
  • 3
  • 7
  • 12
0
votes
3 answers

Is it good to defense for DOS attacks with 2 request/sec?

Lots of example told me to defense with 5 or 4 request per second. Because usually a visitor clicking about in 1 or 2 links in one second, I think defense with 2 request per second is just fine. But I'm scared of any unknown drawbacks So, I need a…
Bohlam
0
votes
2 answers

EC2 instance experience massive inbound traffic spikes. Apache logs show normal usage

I need some direction in figuring out what's going on here. I have an EC2 instance that is running a WordPress site. Inbound traffic on the instance is spiking to alarming levels which are not consistent with the usage of the website. Outbound…
Ron
  • 157
  • 1
  • 9
1 2 3
11 12