hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : DDOS
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

DDOS

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 01-09-2011, 11:10 PM
James321 James321 is offline
Junior Guru Wannabe
  
Join Date: May 2010
Posts: 45

DDOS

Not sure if its in the right section.

Anywhom, I would like to know HOW I can determine if my dedicated machine is under a DOS attack. I have gotten Wireshark, but I am not able to determine if these IP's are sending enough information to cause a DDOS attack. Or is there another way to find out? Thanks!

Reply With Quote


Sponsored Links
  #2  
Old 01-10-2011, 04:47 AM
ClaudiuPopescu ClaudiuPopescu is offline
Aspiring Evangelist
  
Join Date: Apr 2009
Location: Romania
Posts: 410
You have supplied way too less details.
If you are running a linux server you could check the connections using netstat (for the service you think is under attack).

__________________
PidginHost.com - Affordable managed dedicated servers.
Instant Dedicated Servers - Automatic server installation and activation upon payment

Reply With Quote
  #3  
Old 01-10-2011, 07:09 AM
Secure_host Secure_host is offline
Newbie
  
Join Date: Jan 2011
Posts: 6
you can find last 10 ips that send request to apache with this command

awk '{print $1}' /usr/local/apache/logs/access_log | sort | uniq -c | sort -rnk1 | head -n 10

Reply With Quote
Sponsored Links
  #4  
Old 01-10-2011, 09:31 PM
James321 James321 is offline
Junior Guru Wannabe
  
Join Date: May 2010
Posts: 45
Server OS is Windows Server 08, not Linux. And im not running any website, they are Game Servers.

Last edited by James321; 01-10-2011 at 09:37 PM.
Reply With Quote
  #5  
Old 01-11-2011, 06:32 AM
Secure_host Secure_host is offline
Newbie
  
Join Date: Jan 2011
Posts: 6
in windows server :

go to cmd.exe and then type :

netstat -aon
with this command a show all connection with tcp and upd that listening
n show all conntection with ip and port
o show pid of each connections
netstat -aon|find /c "80"

Reply With Quote
  #6  
Old 01-11-2011, 06:39 AM
plumsauce plumsauce is offline
******* Unleaded
  
Join Date: Feb 2004
Posts: 3,788
Quote:
Originally Posted by James321 View Post
Server OS is Windows Server 08, not Linux. And im not running any website, they are Game Servers.
On a Windows Server you do not need wireshark. Use the built in network monitor application. Look at some of the raw data, then build a filter that sifts for the most interesting information.

But really, before trying to find the evidence to fit the case, you should explain why you suspect a denial of service. What makes you suspicious/worried?

__________________
edgedirector.com
managed dns global failover and load balance (gslb)
exactstate.com
uptime report for webhostingtalk.com

Reply With Quote
  #7  
Old 01-13-2011, 06:25 PM
James321 James321 is offline
Junior Guru Wannabe
  
Join Date: May 2010
Posts: 45
Quote:
Originally Posted by Secure_host View Post
in windows server :

go to cmd.exe and then type :

netstat -aon
with this command a show all connection with tcp and upd that listening
n show all conntection with ip and port
o show pid of each connections
netstat -aon|find /c "80"
Im new to this, Can you explain how I can read the data? What each State mean and pid? Thanks!

Reply With Quote
  #8  
Old 01-14-2011, 01:21 AM
david510 david510 is offline
Web Hosting Master
  
Join Date: Oct 2004
Location: Kerala, India
Posts: 4,617
Use the following command to find the connection flood to the port 25 on an IP.

Code:
tcpdump -nnqt dst host IP and tcp dst port 25

__________________
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
iWebManager | Access WHM from iPhone and Android

Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ddos Management | Handle most ddos attacks on server level | save hundreds! jon-f Systems Management Offers 0 10-14-2010 05:52 PM
Ddos Management | Handle most ddos attacks on server level | save hundreds! jon-f Systems Management Offers 0 10-03-2010 12:39 PM
Ddos Management | Handle most ddos attacks on server level | save lots of money jon-f Systems Management Offers 0 09-23-2010 12:57 PM
ethProxy DDoS Mitigation Service Update Provides Self-learning DDoS Protection ServerOrigin Web Hosting Industry Announcements 0 08-03-2010 04:22 AM
Got DDoS? BLCC DDoS Protection sale! Stop HTTP GET attacks in their tracks! IRCCo Jeff Dedicated Hosting Offers 7 01-17-2007 12:49 PM

Related posts from TheWhir.com
Title Type Date Posted
DDoS Mitigation Provider Prolexic Blocks Extended DDoS Attack Against Ecommerce Website Parts Geek Web Hosting News 2012-11-07 10:57:01
Security Firm Prolexic Launches Online Resource Portal for DDoS Mitigation Web Hosting News 2012-01-19 12:55:48
Web Host Yola Uses DDoS Mitigation Service Prolexic Web Hosting News 2011-12-07 20:42:42
New on WHIR TV: Kevin Hatfield of ServerOrigin Talks DDoS Protection Blog 2011-11-10 15:19:09
WHIR TV - Rick from Neustar Discusses DDOS Threats and Defense Blog 2011-09-23 13:52:45


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks

Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?