How to Quickly Identify Whether an Attack is DDoS or DoS?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,488
Points
63
Hi everyone,

I've been facing some security challenges with my server recently and suspect it might be under a denial of service attack. However, I'm trying to figure out whether it's a Distributed Denial of Service (DDoS) or a simpler Denial of Service (DoS) attack. Could anyone share tips or tools for quickly identifying the nature of such attacks? How do you differentiate between multiple sources in a DDoS versus a single source in a DoS? Any advice on initial steps to take when you notice unusual traffic would also be greatly appreciated!

Thanks
 

OffshoreRacks

New member
Registered
Joined
May 12, 2024
Messages
1
Points
1
When this happens your website goes offline??, CPU usage when this happens? usually, attacks go to your CPU /memory resources or your bandwidth resource, any serious bandwidth attack will harm other clients where you have that server hosted and the data center will contact you.

If its a normal web attack you can see what IP in your server or if you have several ips assigned) with the following command, you will see the top 10 and how many connections to that IP it has.


netstat -an | egrep ":80|:443" | egrep '^tcp' | grep -v LISTEN | awk '{print $5}' | egrep '([0-9]{1,3}\.){3}[0-9]{1,3}' | sed 's/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/' | sort | uniq -c | sort -nr | sed 's/::ffff://' | head


will this play like:

Number of connections and the destination IP, which is one of your IPs assigned to that machine.
 
Older Threads
Newer Threads
Replies
0
Views
55
Replies
0
Views
35
Latest Threads
Replies
1
Views
32
Replies
0
Views
35
Replies
0
Views
55

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top