Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denial-of-service]

Denial of service attack, is an attempt through some means to make a computer or network resource unavailable.

Some systems are susceptible to a simple "ping of death", where the amount of ping traffic is enough to disrupt their connectivity to the internet.

In more common scenarios, the amount of available upstream bandwidth becomes saturated by repeated requests for a file on the target computer, or by large UDP packets.
When the attack comes from more than one source IP, it is known as a distributed denial of service attack or DDOS

167 questions
1
vote
0 answers

Cause for large number of duplicate web requests

I am seeing odd traffic to my web site. On occasion, probably a few times a day, I will get a flurry of requests for the same URI from the same IP address for several minutes, at rates from maybe one per second up to hundreds per second. Other…
wfaulk
  • 6,878
  • 7
  • 46
  • 75
1
vote
4 answers

rhel-5.3->vm wordpress attack

i have a rhel 5.3 w/ few virtual machines and one of virtual pc runs cpu: intel quad 2.83 mem: 3.5G os: Linux 2.6.18-128.1.14.el5xen #1 SMP Mon Jun 1 16:09:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux it also runs wordpress, and all of the sudden, i…
alexus
  • 13,112
  • 32
  • 117
  • 174
1
vote
2 answers

(D)DOS - tcpdump established connections analysis (too many established connections)

¿How can I debug this problem? (I've got full tcpdump captures) I have a TCP server into which many clients establish persistent connections. Normally all these clients behave, and I never reach the 1024 default Linux limit connections (open files)…
Fh.
  • 345
  • 4
  • 9
1
vote
2 answers

Block packets based on length

Can I block packets (Specifically UDP) that are > X length? I am getting attacked exclusively by UDP packets that are very large in size from a large number of IP Addresses. I have a legitimate use for UDP packets on the attack port, but anything…
Ryan
  • 11
  • 1
1
vote
3 answers

ESXi server under DoS attack, can I use SSH to determine where from?

My VMWare ESXi 4 server appears to be under a Denial of Service attack. I am getting massive packet loss to the server (60+%) and am barely able to load any services on the VMs running on the host. I have Cacti installed but cannot load it due to…
Josh
  • 9,190
  • 28
  • 80
  • 128
1
vote
4 answers

Identifying DOS attack

I'm suspecting that one of my servers is attacked some time ago. My question is how can I identify a DOS or DDOS attack while under attack or after the attack has finished?
aykut
  • 121
  • 1
  • 5
1
vote
1 answer

Apache's built-in anti-dos mechanism by returning code 403?

In the process of learning more about how to survive simple DoS attack for my Apache server, I found some script to initiate attack on my own server and I notice that Apache returns error code 403 after a few attempts (instead of returning 200). I…
TopQ
  • 93
  • 5
1
vote
1 answer

Is it normal to collapse VPS CPU with this script?

This is the script, it comes with mod_evasive: #!/usr/bin/perl #test.pl: small script to test mod_dosevasive's effectiveness use IO::Socket; use strict; for(0..100) { my($response); my($SOCKET) = new IO::Socket::INET( Proto => "tcp", …
TheBronx
1
vote
2 answers

defend dos attack

my website is crippled due to simple request from many ranges of ips, tens of thousands or more request per second. Is there a way to defend this kind of attack? Is there a way to trace back to the attacker?
user881480
  • 149
  • 3
1
vote
1 answer

Can't figure out this attack, getting botnets and something else

About two months ago a site of mine started getting some sort of attack, and after further investigation I found it to be botnet zombies and something else which I can't figure out. My site is not ecommerce, wasn't popular and has nothing that…
Bernard
  • 19
  • 1
1
vote
2 answers

Is my server being used as a proxy or is a DOS underway? Lots of traffic in my apache log

I have a slice with a hosting provider that has a basic lamp stack setup. I was checking my apache logs today and I'm getting total random (it seems) request to my apache server. For instance, here are two entries: 174.129.95.125 - -…
Andreas Sandberg
  • 13
  • 4
1
vote
3 answers

Apache relaying to prevent DoS

I've been wondering, is there a technology that relays (slows down) responses to a given IP according to the rate It makes requests? E.g I have an apache server with a "heavy" API service that I want to limit to 1 request/2 seconds/IP if the server…
neverlastn
  • 113
  • 3
1
vote
1 answer

What is idea of web server attack on thinker/js/think.js?

My web server is getting a lot of GET request on thinker/js/think.js and thinker/showSimilarInfo.do. These requests obviously constitute a server attacks. What is point of these attacks? Also, is there a way to automatically ban IP which is…
user84686
  • 281
  • 2
  • 3
  • 7
1
vote
3 answers

Fail2ban advice on banning IP's and HTTP

I've recently installed fail2ban as a way of keeping one of our web servers secure from SSH attacks and HTTP attacks. At the moment I'm getting a lot of ssh attacks but fail2ban are banning and then unbanning these. Is they a way to permanently ban…
Grimlockz
  • 325
  • 1
  • 2
  • 11
1
vote
3 answers

Do reports of packet flooding suggest a DOS attacK?

Our E1 connection is being closed by our firewall*. It happens intermittently every few days. I find log entries like this one around the same time as the dropout: Jun 2 09:53:35 sg580 kernel: Flood - dropped: IN=eth1 OUT=…
chickeninabiscuit
  • 1,104
  • 6
  • 20
  • 33
1 2 3
11 12