tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kumar Muthuramalingam <kumarkm...@gmail.com>
Subject Re: sudden increase in tomcat sessions..?
Date Sun, 09 Feb 2014 04:22:25 GMT
Thanks for your reply. What happened actually was there was a sudden
increase in invalid sessions as I said before and we manually deleted those
sessions using the tomcat manager. And then it appeared to be normal. But
then it occurred three times in last two weeks. It' s a production
environment.
My question is not how to stop some thing so that it could stop the ping
requests but I would like to know what could be the cause for it and how
can I find the cause? Please help me.

Thanks,
Kumar.


On Sat, Feb 8, 2014 at 9:01 PM, Martin Gainty <mgainty@hotmail.com> wrote:

> DOS (Denial of Service) Attack
>
> one type is endless ping
>
> if someone is running a endless loop of ping attacks on your TC server
>
> you can disable ICMP on TC server
>
> https://www.serverintellect.com/support/windowsserversecurity/disable-icmp-requests/
>
>
>
> DOC attack usually results in TROJ_MDROPPER.* on system
> NAV and McAfee can detect these malware attachments on Word Docs
>
>
> http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-doc-files-in-targeted-attack/
>
>
> HTH
> Martin
>
>
>
>
>
> > Date: Sat, 8 Feb 2014 19:54:32 -0500
> > Subject: Re: sudden increase in tomcat sessions..?
> > From: kumarkmmca@gmail.com
> > To: users@tomcat.apache.org
> >
> > Hi David,
> > Thanks for your reply. How can I verify that it is a DOC attack? which
> > log i should refer.please guide me.
> >
> > Thanks,
> > Kumar.
> >
> >
> > On Sat, Feb 8, 2014 at 7:42 PM, David Kerber <dckerber@verizon.net>
> wrote:
> >
> > > On 2/8/2014 7:08 PM, Kumar Muthuramalingam wrote:
> > >
> > >> Hi,
> > >> I 'm using tomcat version 6 and 7. One day there was a sudden increase
> > >> in
> > >> number of sessions in both tomcats. And all the sessions had no
> username,
> > >> same lastaccessed time, same created time and the inactive time was
> > >> 00:00:00. It is not happening always but it happens some times on some
> > >> day.
> > >> Can't predict. And We have set the idle timeout as -1 because we have
> to.
> > >> When I try to dig the log. It showed that the load balancer IP was
> sending
> > >> many ping requests to our application. Can anybody tell why this is
> > >> happening and how can I find the cause?
> > >>
> > >
> > > DOS attack?
> > >
> > >
> > >
> > >> Thanks,
> > >> Kumar.
> > >>
> > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message