Re: DOS attack from AS

From: Louis BROUILLETTE <Louis.Brouillette_at_uqtr.ca>
Date: Fri, 30 May 2008 15:21:12 -0400
Message-Id: <200805301920.m4UJKt9d014655@cavro.uqtr.ca>

Sorry I was not clear. I know who is doing it and what request there are sending (from the apache log). What I don't know is how is it happening ? What is causing it ? Is it a virus ? Scanning these clients with a variety of antivirus softwares doesn't find anything wrong on these PCs.
At 12:01 2008-05-30, Yong Huang wrote:
>Louis,
>
>I'm guessing you were always too late to catch the DOS. If that's
>not the case,
>we can easily find out who and what is doing it. A simple netstat -an or tail
>-f Apache access log is all you need on the server side. Then go to
>the client.
>This may be harder than expected. Knowing the IP doesn't necessarily
>mean where
>to go. nbtstat -A <IP> may reveal more info, sometimes users logged onto the
>client Windows box. Search for the IP or its hostname in Intranet
>site may help
>too. On the client, netstat -ano to find the process connecting to
>your server.
>Find the full path of the process with Process Explorer or tlist.
>
>Yong Huang

Louis Brouillette
Analyste en informatique (DBA)
Universite du Quebec a Trois-Rivieres
Tel: (819) 376-5011 ext. 2435
Email: brouille_at_uqtr.ca

--
http://www.freelists.org/webpage/oracle-l

Received on Fri May 30 2008 - 14:21:12 CDT

This message: [ Message body ]
Next message: Yong Huang: "Re: DOS attack from AS"
Previous message: Wolfgang Breitling: "Re: create table and create index monitor or nomonitor deprecated in 10g?"
In reply to: Yong Huang: "Re: DOS attack from AS"
Next in thread: Yong Huang: "Re: DOS attack from AS"
Reply: Yong Huang: "Re: DOS attack from AS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message