Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denial-of-service]

Denial of service attack, is an attempt through some means to make a computer or network resource unavailable.

Some systems are susceptible to a simple "ping of death", where the amount of ping traffic is enough to disrupt their connectivity to the internet.

In more common scenarios, the amount of available upstream bandwidth becomes saturated by repeated requests for a file on the target computer, or by large UDP packets.
When the attack comes from more than one source IP, it is known as a distributed denial of service attack or DDOS

167 questions
6
votes
4 answers

DOS attack "slow post" : How to prevent in IIS

I have a public facing IIS 7.5 web server running a single ASP.NET website, which has just failed one of our security scans with a "slow post" vulnerability. Have tried reducing the httpruntime executiontimeout value in the web.config for the site,…
GordonBy
  • 131
  • 1
  • 4
  • 14
6
votes
3 answers

Somebody eating all our bandwidth, what should I do?

OK, this is frustrating, my site got thousands of page views/connections in the last 3 days and finally we ran out of monthly bandwidth. We bought more bandwidth and closed the site for maintenance. We checked the logs and found a responsible IP and…
Auxiliary
  • 163
  • 2
  • 7
5
votes
1 answer

Ban an IP when the server received an amount of data from it

What I need : There are many result for adding a drop rules by an amount of request per laps of time, but I need to drop by received byte count from a particular address over a period of time. What I investigated : I looked at iptables : for the…
user2284570
  • 178
  • 2
  • 12
5
votes
3 answers

Excessive Outbound DNS Traffic

I have a VPS system which I have had for 3 years on one host without issue. Recently, the host started sending an extreme amount of outbound DNS traffic to 31.193.132.138. Due to the way that Linode responded to this, I have recently left Linode…
user1318414
5
votes
3 answers

Is SYN flooding still a threat?

Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets…
Rob
  • 2,393
  • 9
  • 33
  • 52
4
votes
2 answers

What is a good way to detect DoS and DDoS in Fail2Ban?

I am configuring Fail2Ban on my Ubuntu web server to prevent it from being a victim of DoS / DDoS. I don't want to use Cloudflare because I have to route my DNS over and use their SSl cert. Currently, I found a script online that checks for more…
John Doe
  • 323
  • 3
  • 16
4
votes
2 answers

Tomcat Denial of Service due to large packets

I had asked this question on ITSecurity, but I felt this question is better placed here. On a recent assesment, I found that sending large (>5 MB) requests to a tomcat server causes 100% CPU usage on the server. The simplest fix that came to mind…
sudhacker
  • 143
  • 6
4
votes
5 answers

Ec2 Denial of Service: Securing cloud based website from DOS attack

How can I prep up my website infrastructure running on an EC2 instance against DOS attacks? I run apache with nginx as reverse proxy
Quintin Par
  • 4,373
  • 11
  • 49
  • 72
4
votes
1 answer

Logging Timeout'd Request in Apache 2.X

I am migrating some applications from Apache 1.3 to 2.2. We used to run some tests where attacker opens some HTTP connection to our server, and do nothing. Apache 1.3 would log the following 408 code, for example: 126.1.86.85 - -…
Gant
  • 2,595
  • 2
  • 16
  • 8
4
votes
3 answers

Strange DNS DOS attack -- Endless Recursive Queries for

Our W2K3 DNS servers seem to be under some kind of DOS attack, but I can't seem to find any description of, or rationale for the attack. Three specific remote hosts have been bombarding two of our three DNS servers with lines like this: 8937 …
evenmoreconfused
  • 63
  • 1
  • 6
3
votes
3 answers

What criteria do you use to determine if someone is hammering your server?

When you go through your logs, what criteria do you use to determine if it's you (ie: you need to beef up your server/s) or them (ie: they're verging on a DoS)? How many connections/second would you consider reasonable, and why? Do you have some…
username
  • 4,755
  • 19
  • 55
  • 78
3
votes
3 answers

How to stop repetitive hits from same host to same URL?

I have an odd problem-- on a high traffic website (millions of visitors a month), every day we get about 20 or so situations where one host begins incessantly requesting the same page, over and over-- multiple times per second, for any length of…
Arron
3
votes
2 answers

Weird Requests Being Sent to My Server

I have written a server in C# for windows and it works fine. A week back I setup a dynamic domain name with No-Ip.com and now my server serves pages at the address nabeel.ddns.net. I was viewing my server log and i found two strange…
nom
  • 151
  • 5
3
votes
1 answer

Buffer-stuffing denial-of-service attack

I started seeing this odd sort of effect that resembles denial-of-service attack against a Linux server. The effect is that the network becomes at least partially unusable very much the same as what you see with a traditional DOS or DDOS…
tylerl
  • 15,055
  • 7
  • 51
  • 72
3
votes
4 answers

Fail2Ban on Apache Server to protect against DoS attacks?

I asked a question on the IT security StackExchange about protecting against DoS attacks. One of the answers was to install Fail2Ban. I talked to the people that administer the server and they told me Fail2ban is installed by default to watch for…
Jeff
  • 1,089
  • 5
  • 26
  • 46
1
2
3
11 12