The Planet Forums > DOS attack from local machine

Full Version: DOS attack from local machine

The Planet Forums > Security > DoS & D-DoS Mitigation

tiennd

Nov 2 2006, 05:06 AM

Hi,
Yesterday I noticed my server is terribly slow down. I logon to SSH and used top to monitor the status, load average is 40 or above.
I installed mod_status to monitor apache and it reported about 200 requests, 150 requests is processing.
Look at the detail, I found most of the request are coming from the IP of my server and request to the same URL.
I have installed mod_security and mod_evasive. Mod_evasive didn't block such request I mentioned. How could I detect if the request is actually coming from my server or someone is doing fake ip to attack.
I read about DOS attack, there is SYN flood attack. If one server is under syn flood then can mod_evasive detect it?

Thank you,

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.