tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: sudden increase in tomcat sessions..?
Date Sun, 09 Feb 2014 02:01:03 GMT
DOS (Denial of Service) Attack

one type is endless ping

if someone is running a endless loop of ping attacks on your TC server

you can disable ICMP on TC server
https://www.serverintellect.com/support/windowsserversecurity/disable-icmp-requests/

 

DOC attack usually results in TROJ_MDROPPER.* on system
NAV and McAfee can detect these malware attachments on Word Docs

http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-doc-files-in-targeted-attack/


HTH
Martin 

  



> Date: Sat, 8 Feb 2014 19:54:32 -0500
> Subject: Re: sudden increase in tomcat sessions..?
> From: kumarkmmca@gmail.com
> To: users@tomcat.apache.org
> 
> Hi David,
> Thanks for your reply. How can I verify that it is a DOC attack? which
> log i should refer.please guide me.
> 
> Thanks,
> Kumar.
> 
> 
> On Sat, Feb 8, 2014 at 7:42 PM, David Kerber <dckerber@verizon.net> wrote:
> 
> > On 2/8/2014 7:08 PM, Kumar Muthuramalingam wrote:
> >
> >> Hi,
> >> I 'm using tomcat version 6 and 7. One day there was a sudden increase
> >> in
> >> number of sessions in both tomcats. And all the sessions had no username,
> >> same lastaccessed time, same created time and the inactive time was
> >> 00:00:00. It is not happening always but it happens some times on some
> >> day.
> >> Can't predict. And We have set the idle timeout as -1 because we have to.
> >> When I try to dig the log. It showed that the load balancer IP was sending
> >> many ping requests to our application. Can anybody tell why this is
> >> happening and how can I find the cause?
> >>
> >
> > DOS attack?
> >
> >
> >
> >> Thanks,
> >> Kumar.
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message