Thanks for your reply. What happened actually was there was a sudden increase in invalid sessions as I said before and we manually deleted those sessions using the tomcat manager. And then it appeared to be normal. But then it occurred three times in last two weeks. It' s a production environment. My question is not how to stop some thing so that it could stop the ping requests but I would like to know what could be the cause for it and how can I find the cause? Please help me.
Thanks, Kumar. On Sat, Feb 8, 2014 at 9:01 PM, Martin Gainty <mgai...@hotmail.com> wrote: > DOS (Denial of Service) Attack > > one type is endless ping > > if someone is running a endless loop of ping attacks on your TC server > > you can disable ICMP on TC server > > https://www.serverintellect.com/support/windowsserversecurity/disable-icmp-requests/ > > > > DOC attack usually results in TROJ_MDROPPER.* on system > NAV and McAfee can detect these malware attachments on Word Docs > > > http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-doc-files-in-targeted-attack/ > > > HTH > Martin > > > > > > > Date: Sat, 8 Feb 2014 19:54:32 -0500 > > Subject: Re: sudden increase in tomcat sessions..? > > From: kumarkm...@gmail.com > > To: users@tomcat.apache.org > > > > Hi David, > > Thanks for your reply. How can I verify that it is a DOC attack? which > > log i should refer.please guide me. > > > > Thanks, > > Kumar. > > > > > > On Sat, Feb 8, 2014 at 7:42 PM, David Kerber <dcker...@verizon.net> > wrote: > > > > > On 2/8/2014 7:08 PM, Kumar Muthuramalingam wrote: > > > > > >> Hi, > > >> I 'm using tomcat version 6 and 7. One day there was a sudden increase > > >> in > > >> number of sessions in both tomcats. And all the sessions had no > username, > > >> same lastaccessed time, same created time and the inactive time was > > >> 00:00:00. It is not happening always but it happens some times on some > > >> day. > > >> Can't predict. And We have set the idle timeout as -1 because we have > to. > > >> When I try to dig the log. It showed that the load balancer IP was > sending > > >> many ping requests to our application. Can anybody tell why this is > > >> happening and how can I find the cause? > > >> > > > > > > DOS attack? > > > > > > > > > > > >> Thanks, > > >> Kumar. > > >> > > >> > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > >
