Figuring out if my server's logfile has an attempt of attack or not

retag add tags

Hello guys, please help me asap whenever possible..

how to know if my server is breaking down or not from reading data of its log file? in other words how should it looks my logfile if myserver was under attack/breaking down/attempt to attack ?!!

thanks alot

if you mean pcap when you say 'log file', then there are several possible signs of an attack. But it's hard to spot such a sign, without knowing what kind of attack you're looking for.

DoS/DDoS attack: You should see a massive increase of traffic in the pcap and lot's of missing ACK and/or Duplicate ACK, because the system can't handle the extra load
targeted attacks (protocol/application level): Longer response times, more TCP reconnets, TCP RESETs, etc., because the application is either under load or crashing

If you really mean a log file, when you say log file, please add more details.

Regards
Kurt

24.7k

Kurt Knochner

answered 2019-03-04 17:25:10 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Figuring out if my server's logfile has an attempt of attack or not edit

Comments

1 Answer

Comments