Re: DOS attack from AS

Sorry I was not clear. I know who is doing it and what request there are sending (from the apache log). What I don't know is how is it happening ? What is causing it ? Is it a virus ? Scanning these clients with a variety of antivirus softwares doesn't find anything wrong on these PCs. 
At 12:01 2008-05-30, Yong Huang wrote:

Louis,
I'm guessing you were always too late to catch the DOS. If that's not the case, 
we can easily find out who and what is doing it. A simple netstat -an or tail
-f Apache access log is all you need on the server side. Then go to the client. This may be harder than expected. Knowing the IP doesn't necessarily mean where 
to go. nbtstat -A <IP> may reveal more info, sometimes users logged onto the
client Windows box. Search for the IP or its hostname in Intranet site may help too. On the client, netstat -ano to find the process connecting to your server. 
Find the full path of the process with Process Explorer or tlist.

Yong Huang


Louis Brouillette
Analyste en informatique (DBA)
Universite du Quebec a Trois-Rivieres
Tel: (819) 376-5011 ext. 2435
Email: brouille@xxxxxxx 
--
http://www.freelists.org/webpage/oracle-l

Other related posts: