Re: DOS attack from AS

From: Louis BROUILLETTE <>
Date: Fri, 30 May 2008 15:21:12 -0400
Message-Id: <>

Sorry I was not clear. I know who is doing it and what request there are sending (from the apache log). What I don't know is how is it happening ? What is causing it ? Is it a virus ? Scanning these clients with a variety of antivirus softwares doesn't find anything wrong on these PCs.
At 12:01 2008-05-30, Yong Huang wrote:
>I'm guessing you were always too late to catch the DOS. If that's
>not the case,
>we can easily find out who and what is doing it. A simple netstat -an or tail
>-f Apache access log is all you need on the server side. Then go to
>the client.
>This may be harder than expected. Knowing the IP doesn't necessarily
>mean where
>to go. nbtstat -A <IP> may reveal more info, sometimes users logged onto the
>client Windows box. Search for the IP or its hostname in Intranet
>site may help
>too. On the client, netstat -ano to find the process connecting to
>your server.
>Find the full path of the process with Process Explorer or tlist.
>Yong Huang

Louis Brouillette
Analyste en informatique (DBA)
Universite du Quebec a Trois-Rivieres
Tel: (819) 376-5011 ext. 2435

Received on Fri May 30 2008 - 14:21:12 CDT

Original text of this message