RE: DOS attack from AS
Date: Fri, 30 May 2008 09:23:02 -0400
Message-Id: <200805301322.m4UDMkeX019810@cavro.uqtr.ca>
The problem is not identifying the user. I know who it is (different
people each time). But once it's over we would like to know what
caused it. We scanned the PCs involved with different antivirus and
can't find any virus on these PCs. I know for sure that these users
are not malicious ones so they don't do it by purpose. Anyone ever
had a problem like that ?
At 00:41 2008-05-30, Matthew Zito wrote:
>A combination of tcpdump + wireshark will solve this for you as
>well. As soon as the dos starts, capture a pile of network traffic
>on the app server, and take a look at who is connecting. Wireshark
>even knows how to parse all sorts of traffic.
>
>Thanks,
>Matt
>Louis BROUILLETTE <Louis.Brouillette_at_uqtr.ca> wrote:
>
> Once in a while (maybe once a month), our intranet is a victim of
> what I would call a DOS. Our application server (AS 10.1.2.2)
> receives hundreds of requests (all the same request with the same
> parameters) from the a user in a few minutes for a modplsql
> application. It's impossible for a person to send so much requests
> in that period of time. It floods the db (10.2.0.3) and
> everyone hangs.
>
> Each time, it's a different user. Our PC experts scanned the PCs
> with a variety of antivirus and anti-spyware but found nothing
> suspicious. Anyone else have experienced something like that ?
Louis Brouillette
Analyste en informatique (DBA)
Universite du Quebec a Trois-Rivieres
Tel: (819) 376-5011 ext. 2435
Email: brouille_at_uqtr.ca
-- http://www.freelists.org/webpage/oracle-lReceived on Fri May 30 2008 - 08:23:02 CDT