how can i tell if under attack?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
am running a web site, hosting site in a co-location. iis6 on win2k3.

sometimes the computer itself is fast locally, but get very limited
network bandwidth.

where do i start to check that i am not under attack? (dos ddos or

thanks in advance

neil m

Re: how can i tell if under attack? wrote:
Quoted text here. Click to load it

Try sniffing the network traffic.

"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
                   Wolfgang Clement am 10.10.05 als Noch-Superminister

Re: how can i tell if under attack? says...
Quoted text here. Click to load it

Look at the IIS logs for your website - they should be available to you.

Ask the hosting company to provide a connection graph - it will tell you
how many connections/x-time are being made.

What protection means have you implemented with the server?

What services is your server offering to the public?

remove 999 in order to email me

Re: how can i tell if under attack? writes:
Quoted text here. Click to load it

If you're on the internet, in reality, you're pretty much always under
attack.  Be it from some script kiddie next door, or some script dude
in Russia, or whatever.  Now, whether it's an unusually impacting
attack that is ddos your site is the question.

netstat -a would be a good place to start to see what network
connections are being chewed up.  Here's a utility that does one
better than netstat:

Network or host based IDS (intrusion detection systems) like Snort or
those mentioned here a few days ago would also be useful to have.
They have a notion of attack signatures and can identify what's coming
in from a database of known attacks.

Best Regards,
Todd H. /

Site Timeline