Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: WhatsUP DOS attack

  1. #1
    Join Date
    Jan 2008
    Beans
    66

    WhatsUP DOS attack

    Have you experienced this attack to apache2?

    Code:
    192.168.10.46 - - [21/May/2008:08:05:33 +0800] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp/1.0"
    It is in my apache2 log for every second. I have blocked the IP using iptables:

    Code:
    iptables -A INPUT -s 192.168.10.46 -j DROP
    iptables -A OUTPUT -d 192.168.10.46 -j DROP

    but it can still access my apache server.

    any suggestions for resolving this?

    thanks in advance.

  2. #2
    Join Date
    Jan 2008
    Beans
    333

    Re: WhatsUP DOS attack

    Erm... That is a non-routable IP so I think you're missing something. Furthermore, if you blocked it with IPtables, it wouldn't be able to hit apache anymore.

    The whatsup tool is from http://www.ipswitch.com/
    I highly doubt this is an intentional denial of service.
    Without knowing more about your network topology, I wouldn't want to venture any more guesses.

    Good luck

  3. #3
    Join Date
    Jan 2008
    Beans
    66

    Re: WhatsUP DOS attack

    So you mean it's not a DOS attack? Then why it is accessing my apache server?

  4. #4
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Beans
    1,393
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: WhatsUP DOS attack

    From doing a quick google search on that user agent, tt appears that is generated by an Ipswitch product called WhatsUp, which is used for network monitoring. Someone on your lan using the product?

    http://www.whatsupgold.com/

  5. #5
    Join Date
    Jan 2008
    Beans
    66

    Re: WhatsUP DOS attack

    -
    Last edited by cjtjamandra; May 21st, 2008 at 01:31 AM. Reason: wrong

  6. #6
    Join Date
    Jan 2008
    Beans
    66

    Re: WhatsUP DOS attack

    We have several switches so i think someone is using that product. so is there any explanation why this program or software is accessing my web server (apache2) ?

  7. #7
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Beans
    1,393
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: WhatsUP DOS attack

    Sounds like a question for the people on your network who are using the application.

  8. #8
    Join Date
    Jun 2007
    Location
    Paraparaumu, New Zealand
    Beans
    Hidden!

    Re: WhatsUP DOS attack

    Quote Originally Posted by cjtjamandra View Post
    We have several switches so i think someone is using that product. so is there any explanation why this program or software is accessing my web server (apache2) ?
    If you can pinpoint it to a particular machine, you might want to start asking questions. But be nice - there might be an innocent explanation.
    Forum DOs and DON'Ts
    Please use CODE tags
    Including your email address in a post is not recommended
    My Blog

  9. #9
    Join Date
    Jan 2008
    Beans
    66

    Re: WhatsUP DOS attack

    when i nbtstat the IP (192.168.10.46) it pinpoints to a machine or PC.

    and i have researched the WhatsUP 1.0 and i have found some sites stating that this is a DOS attack or exploit from a router or switch.

    Do you have any suggestions or programs that i might install to prevent DOS attacks in my apache2 server? because i dont want to confront the person who is responsible to this, all i want is to show him that i can defend or protect my server without pleasing him to stop. hope you got the idea.

    thanks

  10. #10
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Beans
    1,393
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: WhatsUP DOS attack

    WhatsUp Gold is a network management and monitoring tool. It is NOT an exploit or DoS attack tool. Just politely ask them why it might be sending queries to your apache server.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •