RE: DOS attack from AS
Date: Fri, 30 May 2008 09:23:02 -0400
The problem is not identifying the user. I know who it is (different people each time). But once it's over we would like to know what caused it. We scanned the PCs involved with different antivirus and can't find any virus on these PCs. I know for sure that these users are not malicious ones so they don't do it by purpose. Anyone ever had a problem like that ?
At 00:41 2008-05-30, Matthew Zito wrote:
>A combination of tcpdump + wireshark will solve this for you as
>well. As soon as the dos starts, capture a pile of network traffic
>on the app server, and take a look at who is connecting. Wireshark
>even knows how to parse all sorts of traffic.
>Louis BROUILLETTE <Louis.Brouillette_at_uqtr.ca> wrote:
> Once in a while (maybe once a month), our intranet is a victim of
> what I would call a DOS. Our application server (AS 10.1.2.2)
> receives hundreds of requests (all the same request with the same
> parameters) from the a user in a few minutes for a modplsql
> application. It's impossible for a person to send so much requests
> in that period of time. It floods the db (10.2.0.3) and
> everyone hangs.
> Each time, it's a different user. Our PC experts scanned the PCs
> with a variety of antivirus and anti-spyware but found nothing
> suspicious. Anyone else have experienced something like that ?
Analyste en informatique (DBA)
Universite du Quebec a Trois-Rivieres
Tel: (819) 376-5011 ext. 2435