From owner-freebsd-questions@FreeBSD.ORG  Wed Apr 21 17:21:41 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7768916A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 21 Apr 2004 17:21:41 -0700 (PDT)
Received: from hotmail.com (bay16-dav52.bay16.hotmail.com [65.54.186.232])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6831943D45
	for <freebsd-questions@freebsd.org>;
	Wed, 21 Apr 2004 17:21:41 -0700 (PDT)
	(envelope-from meimi_1@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 21 Apr 2004 17:21:41 -0700
Received: from 203.218.210.165 by bay16-dav52.bay16.hotmail.com with DAV;
	Thu, 22 Apr 2004 00:21:41 +0000
X-Originating-IP: [203.218.210.165]
X-Originating-Email: [meimi_1@hotmail.com]
X-Sender: meimi_1@hotmail.com
From: "meimi" <meimi_1@hotmail.com>
To: "Tuc" <tuc@ttsg.com>
References: <200404212329.i3LNTYfM026056@himinbjorg.tucs-beachin-obx-house.com>
Date: Thu, 22 Apr 2004 08:21:38 +0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Message-ID: <BAY16-DAV52mvmsckqR0000625c@hotmail.com>
X-OriginalArrivalTime: 22 Apr 2004 00:21:41.0295 (UTC)
	FILETIME=[C8D7DBF0:01C427FF]
cc: freebsd-questions@freebsd.org
Subject: Re: being DOSed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2004 00:21:41 -0000

I have found some IPs are opening 10 HTTP connection. Their IPs are changing
and all IPs are from different ISP network.
What should I do next?
Thanks
Meimi


----- Original Message ----- 
From: "Tuc" <tuc@ttsg.com>
To: "meimi" <meimi_1@hotmail.com>
Sent: Thursday, April 22, 2004 7:29 AM
Subject: Re: being DOSed


> >
> > Hello,
> >   The bandwidth usage for my server is tripled for 3 hours. When I run
> > "top", I find many httpd process in sbwait status. So, I think someone
is
> > DOSing my server.
> >   How can I check who is DOSing me? and how can I solve it?
> > Thanks
> > Meimi
>
> Quickly :
>
> netstat -an | sort | grep tcp4|more
>
> Look for an IP with alot of connections. (We have a script that
> actually will count this for us, but its not just for FreeBSD so its
> long)
>
> Tuc/TTSG Internet Services, Inc.
>