var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
Is this a DDoS attack?
I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,
Do you have any idea about this?
What should I do now?
try to disable ICMP in your firewall (ping to your server)
In fact that increases traffic to your server when services are down because it can't send back an "unreachable" response.
Originally Posted by
you say "large inbound traffic", you need to be more specific.
for example protocol, target port?
It's near impossible to answer your question based on what little information you have provided. As plumsauce asked - please provide more details. If you don't know how to find these details then you may want to look into paying somebody to look into it for you.
I have disabled all servcie, but when I check the ethenet card, it shows about 50Mbps inbound traffic, I do not know its target port as the result of "netstat -an" shows nothing.
Another thing to note possibly, is it actually causing your server to slow? 50Mbps isn't "huge" so would be good to try and figure out what sort of packets are being sent to the server.
If the server is becoming unresponsive, the first conclusion could be a DOS however its a word people love to throw around without a little research.
Have you disabled FTP? thats a classic for getting hacked.
Hello check it a single IP address is creating lot of traffic.if yes block them.No need to disabling services for that
You could perhaps contact your Data Center and have them investigate this for you as they should be able to do something about it (hopefully) if you are actually under attack.
If you are paying for inbound traffic 50mbps is going to rack up fast.
Good point, but highly unlikely that it will be coming from 1 IP if it were to be a DOS attack.
Originally Posted by
Most likely the complete opposite and you'll see thousands upon thousands of connections probably with 3-4 connections open per IP.
Sadly I'm no Microsoft expert and office is shut so can't ask the guys that would know, but with Linux you can script a small bash script that will filter out ip's above X connections.
- Britband Media Ltd
Low cost UK VPS -
Automated remote backup - Instant Setup - Full control
By okhud in forum Dedicated Server
Last Post: 07-13-2009, 02:21 PM
By newbie_security in forum Hosting Security and Technology
Last Post: 05-26-2009, 06:11 PM
By sakibin in forum Dedicated Server
Last Post: 03-19-2008, 10:11 AM
By pbigmoon in forum Hosting Security and Technology
Last Post: 06-24-2007, 12:15 AM
By Navid1 in forum Hosting Security and Technology
Last Post: 12-31-2006, 01:38 AM