Portal Home > Knowledgebase > Articles Database > ddos without an ip?

ddos without an ip?

Posted by webhost4all, 03-07-2008, 07:03 AM

i have been receiving email logs stating that i have massive amounts of traffic being directed at my web server. these logs come in intervals of 1 minute (due to my settings) and they have between 150 - 300 connections each time. strange thing is, these attacks never have an ip, so nothing is blocked. heres a sample of a log: Banned the following ip addresses on Fri Mar 7 18:09:03 SGT 2008 170 with 170 connections and another: Banned the following ip addresses on Fri Mar 7 18:07:01 SGT 2008 171 with 171 connections please help. i'm quite sick of my server being put under such heavy stress. btw, this isnt brute forcing just to make sure right? its just heavy access on port 80?

---

Posted by weber_, 03-07-2008, 07:10 AM

Hi. All traffic destined the Application Layer protocol (HTTP in this case) should have ports and addresses in their pieces. The other thing is that your logging tool does not detect/recognize them. What logging service do you use? You can check the connections established with a server using netstat utility.

---

Posted by webhost4all, 03-07-2008, 07:24 AM

i believe the mails are sent by the default dos filterer in linux. before this, it was working perfectly fine, sending the correct ips along with the emails. don't know if this time its the attacker hiding his ip or the dos filterer messing up. see here

---

Posted by weber_, 03-07-2008, 07:29 AM

Attacker can't hide his IP because because it will break all network concepts Probably, there is some messed up around the filter. netstat will show the attacker's connections.

---

Add to Favourites    Print this Article

system dll (Views: 818)

Anonymous reselling (Views: 803)

need help with html form onsubmit action (Views: 749)

Updating a MySQL field (Views: 761)

the planet down? (Views: 833)