DOS (Denial of Service) Attack one type is endless ping
if someone is running a endless loop of ping attacks on your TC server you can disable ICMP on TC server https://www.serverintellect.com/support/windowsserversecurity/disable-icmp-requests/ DOC attack usually results in TROJ_MDROPPER.* on system NAV and McAfee can detect these malware attachments on Word Docs http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-doc-files-in-targeted-attack/ HTH Martin > Date: Sat, 8 Feb 2014 19:54:32 -0500 > Subject: Re: sudden increase in tomcat sessions..? > From: kumarkm...@gmail.com > To: users@tomcat.apache.org > > Hi David, > Thanks for your reply. How can I verify that it is a DOC attack? which > log i should refer.please guide me. > > Thanks, > Kumar. > > > On Sat, Feb 8, 2014 at 7:42 PM, David Kerber <dcker...@verizon.net> wrote: > > > On 2/8/2014 7:08 PM, Kumar Muthuramalingam wrote: > > > >> Hi, > >> I 'm using tomcat version 6 and 7. One day there was a sudden increase > >> in > >> number of sessions in both tomcats. And all the sessions had no username, > >> same lastaccessed time, same created time and the inactive time was > >> 00:00:00. It is not happening always but it happens some times on some > >> day. > >> Can't predict. And We have set the idle timeout as -1 because we have to. > >> When I try to dig the log. It showed that the load balancer IP was sending > >> many ping requests to our application. Can anybody tell why this is > >> happening and how can I find the cause? > >> > > > > DOS attack? > > > > > > > >> Thanks, > >> Kumar. > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > >
