RE: DOS attack from AS

The problem is not identifying the user. I know who it is (different people each time). But once it's over we would like to know what caused it. We scanned the PCs involved with different antivirus and can't find any virus on these PCs. I know for sure that these users are not malicious ones so they don't do it by purpose. Anyone ever had a problem like that ? 

At 00:41 2008-05-30, Matthew Zito wrote:
A combination of tcpdump + wireshark will solve this for you as well. As soon as the dos starts, capture a pile of network traffic on the app server, and take a look at who is connecting. Wireshark even knows how to parse all sorts of traffic. 

Thanks,
Matt





Louis BROUILLETTE <Louis.Brouillette@xxxxxxx> wrote:

        Once in a while (maybe once a month), our intranet is a victim of
        what I would call a DOS. Our application server (AS 10.1.2.2)
        receives hundreds of requests (all the same request with the same
        parameters) from the a user in a few minutes for a modplsql
        application. It's impossible for a person to send so much requests
in that period of time. It floods the db (10.2.0.3) and everyone hangs. 

        Each time, it's a different user. Our PC experts scanned the PCs
        with a variety of antivirus and anti-spyware but found nothing
        suspicious. Anyone else have experienced something like that ?


Louis Brouillette
Analyste en informatique (DBA)
Universite du Quebec a Trois-Rivieres
Tel: (819) 376-5011 ext. 2435
Email: brouille@xxxxxxx 
--
http://www.freelists.org/webpage/oracle-l

Other related posts: