Re: DOS attack from AS
Date: Fri, 30 May 2008 08:44:28 -0500
It sounds suspiciously like a software bug to me. Kerbers 2nd law 'Never blame on actual malice that which can be reasonably blamed on incompetence.' Does it always happen around the same time of the month?
On Fri, May 30, 2008 at 8:23 AM, Louis BROUILLETTE < Louis.Brouillette_at_uqtr.ca> wrote:
> The problem is not identifying the user. I know who it is (different
> people each time). But once it's over we would like to know what caused it.
> We scanned the PCs involved with different antivirus and can't find any
> virus on these PCs. I know for sure that these users are not malicious ones
> so they don't do it by purpose. Anyone ever had a problem like that ?
> At 00:41 2008-05-30, Matthew Zito wrote:
> A combination of tcpdump + wireshark will solve this for you as well. As
>> soon as the dos starts, capture a pile of network traffic on the app server,
>> and take a look at who is connecting. Wireshark even knows how to parse all
>> sorts of traffic.
> Louis BROUILLETTE <Louis.Brouillette_at_uqtr.ca> wrote:
>> Once in a while (maybe once a month), our intranet is a victim of
>> what I would call a DOS. Our application server (AS 10.1.2.2)
>> receives hundreds of requests (all the same request with the same
>> parameters) from the a user in a few minutes for a modplsql
>> application. It's impossible for a person to send so much requests
>> in that period of time. It floods the db (10.2.0.3) and everyone
>> Each time, it's a different user. Our PC experts scanned the PCs
>> with a variety of antivirus and anti-spyware but found nothing
>> suspicious. Anyone else have experienced something like that ?
> Louis Brouillette
> Analyste en informatique (DBA)
> Universite du Quebec a Trois-Rivieres
> Tel: (819) 376-5011 ext. 2435
> Email: brouille_at_uqtr.ca
-- Andrew W. Kerber 'If at first you dont succeed, dont take up skydiving.' -- http://www.freelists.org/webpage/oracle-lReceived on Fri May 30 2008 - 08:44:28 CDT