|
Posted by on October 16, 2005, 10:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
am running a web site, hosting site in a co-location. iis6 on win2k3.
sometimes the computer itself is fast locally, but get very limited
network bandwidth.
where do i start to check that i am not under attack? (dos ddos or
other)
thanks in advance
neil m
|
|
Posted by Volker Birk on October 17, 2005, 9:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
neilmcguigan@gmail.com wrote:
> where do i start to check that i am not under attack? (dos ddos or
> other)
Try sniffing the network traffic.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
|
|
Posted by Leythos on October 17, 2005, 10:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
> am running a web site, hosting site in a co-location. iis6 on win2k3.
>
> sometimes the computer itself is fast locally, but get very limited
> network bandwidth.
>
> where do i start to check that i am not under attack? (dos ddos or
> other)
>
> thanks in advance
Look at the IIS logs for your website - they should be available to you.
Ask the hosting company to provide a connection graph - it will tell you
how many connections/x-time are being made.
What protection means have you implemented with the server?
What services is your server offering to the public?
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by Todd H. on October 17, 2005, 10:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
> am running a web site, hosting site in a co-location. iis6 on win2k3.
>
> sometimes the computer itself is fast locally, but get very limited
> network bandwidth.
>
> where do i start to check that i am not under attack? (dos ddos or
> other)
If you're on the internet, in reality, you're pretty much always under
attack. Be it from some script kiddie next door, or some script dude
in Russia, or whatever. Now, whether it's an unusually impacting
attack that is ddos your site is the question.
netstat -a would be a good place to start to see what network
connections are being chewed up. Here's a utility that does one
better than netstat:
http://www.sysinternals.com/Utilities/TcpView.html
Network or host based IDS (intrusion detection systems) like Snort or
those mentioned here a few days ago would also be useful to have.
They have a notion of attack signatures and can identify what's coming
in from a database of known attacks.
Best Regards,
--
Todd H.
http://www.toddh.net/
|
| Similar Threads | Posted | | Re: Possible attack? | September 19, 2008, 3:15 pm |
| Re: Possible attack? | September 19, 2008, 5:40 pm |
| Attack statistics... | August 11, 2004, 8:09 pm |
| What does denial of service attack mean? | April 30, 2005, 10:05 am |
| webserver attack attempt | July 14, 2005, 5:24 am |
| Network Attack generator | November 28, 2005, 9:49 am |
| DOS Attack & High load | June 29, 2007, 5:58 am |
| Re: MI5 messages are a DDOS attack? | November 18, 2007, 7:27 pm |
| SSRT3521 rev.2 HP-UX OpenSSL CBC timing attack in SSL and TLS | July 5, 2004, 3:32 pm |
| Current hacker attack info where to get? | May 2, 2005, 9:39 pm |
|
XML site map