Ask Your Question
0

Figuring out if my server's logfile has an attempt of attack or not

asked 2019-03-03 16:30:29 +0000

Ryano gravatar image

updated 2019-03-09 19:42:41 +0000

grahamb gravatar image

Hello guys, please help me asap whenever possible..

how to know if my server is breaking down or not from reading data of its log file? in other words how should it looks my logfile if myserver was under attack/breaking down/attempt to attack ?!!

thanks alot

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-03-04 17:25:10 +0000

Kurt Knochner gravatar image

if you mean pcap when you say 'log file', then there are several possible signs of an attack. But it's hard to spot such a sign, without knowing what kind of attack you're looking for.

  • DoS/DDoS attack: You should see a massive increase of traffic in the pcap and lot's of missing ACK and/or Duplicate ACK, because the system can't handle the extra load
  • targeted attacks (protocol/application level): Longer response times, more TCP reconnets, TCP RESETs, etc., because the application is either under load or crashing

If you really mean a log file, when you say log file, please add more details.

Regards
Kurt

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-03-03 16:30:29 +0000

Seen: 52 times

Last updated: Mar 04