Last post on Identification of DDoS attack did not cover analysis of the attack, in cases wherein bandwidth graph’s and connection status aren’t conclusive. In such a scenario, the best means is to inspect the packets coming into the server, and this can be done by examining the packets using tools like tcpdump.
“tcpdump” is a popular sniffer command that does a good job. Using the switch “tcpdump -w”, one could write the output to a file, which could then be analyzed using tools like wireshark to get to the bottom of the attack. You could easily get the protocol in question, and also perform multiple filtration’s to the results. More on it could be read from here. (more…)
If you are a hosting provider, chances are that you’ve experienced a DoS/DDoS attack against a domain or a server. If so, you already know how frustrating it can be to tackle such an attack.
For those who are yet to feel the heat of it, its better to be prepared to identify an attack in real time. Many believe that the outcome of DoS/DDoS is disruption in service. Many a times, it does not fully disrupt the service, but the drop in quality of service leaves it in a state where it would be better if the the service isn’t rendered at all. After all, waiting 5 minutes for a web-page to load, isn’t worth it! (more…)
Whether you believe what Julian Assange is doing is right or wrong, you’ll still have to admit that the amount of traffic WikiLeaks is generating is the dream of any web site owner and the dread of every web host. It is estimated to be receiving over 3,000 visitors per second. Not to mention the DDoS attacks and hack attempts. So how do they actually do it? Lets take a look at how WikiLeaks have been working hard to keep their site online.