Is this a DOS attack?

Discussion in 'Linux Networking' started by gamo, Jul 5, 2014.

  1. gamo

    gamo Guest

    I run tcpdump and find this information

    1016 packets captured
    6308 packets received by filter
    4939 packets dropped by kernel

    TIA
     
    gamo, Jul 5, 2014
    #1
    1. Advertisements

  2. gamo

    Tauno Voipio Guest


    This says only something about the amount of traffic.

    Have a look at the firewall logs, you can start with:

    /var/log/syslog
    /var/log/messages.

    To me it seems normal cracker portscan activity, most
    of which is sent directly to the bit bucket.
     
    Tauno Voipio, Jul 5, 2014
    #2
    1. Advertisements

  3. So you captured some packets and lost others, probably due to high CPU
    load. To answer your question, no, this is NOT an indication of a DoS
    attack.
    What? How would you even get that idea? He's not even supplied what he's
    filtering on! You must have a remarkable crystal ball to be able to see
    inside a PCAP from just looking at how many packets are captured and
    dropped.

    Cheers,
    Johannes

    --
    Ah, der neueste und bis heute genialste Streich unsere großen
    Kosmologen: Die Geheim-Vorhersage.
    - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$>
     
    Johannes Bauer, Jul 5, 2014
    #3
  4. gamo

    Tauno Voipio Guest

    No, it was just a wild guess, based on the info given.

    There is a prettu cinstant flow of portscans to nearly
    all computers directly connected to the Net.

    Want a piece of my firewall log?
     
    Tauno Voipio, Jul 5, 2014
    #4
  5. gamo

    gamo Guest

    El 05/07/14 18:45, Johannes Bauer escribió:
    Is it normal? To drop five packets to get one useful?
     
    gamo, Jul 5, 2014
    #5
  6. gamo

    Doug Laidlaw Guest

    Yes, it is normal. It says somewhere that when packets are dropped by the
    kernel, they didn't make it to the output. That is all. Whether those
    figures are normal, I can't say, but Johannes says it is normal.

    A DoS attack means "Denial of Service." Is there anybody who would want to
    block you?

    A DoS attack has to have a motive. Is your address of such value to justify
    one? Ancestry.com is still recovering from an attack that had a ransom
    demand associated.
     
    Doug Laidlaw, Jul 7, 2014
    #6
  7. gamo

    Marc Haber Guest

    This is impossible to say with this tiny amount of information.

    Greetings
    Marc
     
    Marc Haber, Jul 8, 2014
    #7
  8. gamo

    gamo Guest

    El 08/07/14 07:50, Marc Haber escribió:
    Thanks, anyway.
     
    gamo, Jul 8, 2014
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.