Re: detecting a DDOS attack [SOLVED, I think]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Wilts wrote:
On Fri, Oct 31, 2003 at 09:38:35AM -0500, Bill Tangren wrote:

Our network had been VERY slow in the last two weeks. We have a T3 line, but sftp transfer rates are down around 10kB/sec now. I suspect some type of attack on our firewalls, though I've never heard of an attack being sustained for so long.

Could someone tell me what to look for? My logs ( I run several servers behind the firewall, but I don't administer the firewall itself) don't show anything unusual that I can find. I have been examining web server logs, and mail logs, and I scrutinize the output from LogWatch.

Where else should I look?


Has anything changed?  Have any servers or switches been rebooted?  Are
you sure that you're negotiating speeds properly (i.e. 100 mbps full) or
do you have them all forced?

Rebooting turned out to be the issue. We have three pretty popular ntp servers, tick, tock and ntp2. The load balancer between them had not been rebooted in some time. Rebooting the balancer machine solved the problem.


Thanks to all for the help!


Is performance between your servers on the inside of the firewall ok? If so, it's not a firewall issue or your firewall is letting the bad stuff through. If it's fine, start pinging your firewall and work your out to see performance along the way and see which segment has the issue.

I would tend to install mrtg and have it monitor each interface on your
firewall and switches.  Once you've narrowed it down to which interface
on which switch, you can then start troubleshooting it down from there.




-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux