GoFuckYourself.com - Adult Webmaster Forum - View Single Post

rowan · 12-02-2003, 12:16 AM

Ask your host to capture a sample of the traffic to/from your server. This is the only real way to confirm your server is being attacked, some types of DoS such as ICMP flooding may not normally be logged.

Depending on your OS and kernel config you may be able to do it yourself-

tcpdump -qenli rl0 > tcpdump.log

(replace 'rl0' with the interface name of your ether card)

Warning - if you're sending out 40Gb a day this will generate a HUGE log, so ^C it within a minute or two.

Understanding the log is a little more involved, it's not simple enough to explain here...

12-02-2003, 12:16 AM
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Ask your host to capture a sample of the traffic to/from your server. This is the only real way to confirm your server is being attacked, some types of DoS such as ICMP flooding may not normally be logged. Depending on your OS and kernel config you may be able to do it yourself- tcpdump -qenli rl0 > tcpdump.log (replace 'rl0' with the interface name of your ether card) Warning - if you're sending out 40Gb a day this will generate a HUGE log, so ^C it within a minute or two. Understanding the log is a little more involved, it's not simple enough to explain here...