DDOS Attack

Cantab. · 23-07-2009 8:38pm #1

I've a dedicated server and I fear I'm being DDOSed. It's doing nothing but serve email and the odd webpage. It's just every couple of days it either grinds to a halt or crashes altogether.

Anyone have any pointers on analysing the problem? I'm going to get on to my server provider and get them to hit the reset button for me now.

{^Syntax^} · 25-07-2009 8:46am

Can you analyze the logs on the firewall?

Cantab. · 26-07-2009 8:52pm

{^Syntax^} wrote: »

Can you analyze the logs on the firewall?

I don't have a dedicated firewall. I'm considering paying the extra $30 a month for a Cisco firewall.

I am however using ufw (Ubuntu Firewall) -- a software firewall. I'll have a look at the logs and see what I come up with.

Gavin · 27-07-2009 8:03am

Ask your service provider, they should be able to tell you what is going on, at least if it's network related.

You could also just run tcpdump for a while and see what's coming into the machine.

JimmyCrackCorn! · 27-07-2009 10:27am

Gavin wrote: »

Ask your service provider, they should be able to tell you what is going on, at least if it's network related.

^^^
As above

You could also just run tcpdump for a while and see what's coming into the machine.

You will have to talk to your service provider if you cannot log packets and analyse it yourself to confirm something bad is happening.

Start with the basics go through all the logs (traffic and server) to see is there anything in there. It could be as simple as a badly timed cron job or you may have something.

One thing to note a cisco firewall wont magically stop a DDOS attack.

Procasinator · 27-07-2009 1:56pm

Check for heap dumps and the like, it might not even be a DDoS, though it if it is a low-traffic box it does sound irregular.

Logs would be the first port of call though.

DDOS Attack

Comments