DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Analysing logs?
- techmonkey
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
11 May 2009 10:33 #55716
by techmonkey
Regards,
Techmonkey
Analysing logs? was created by techmonkey
Hi all, new user so please be gentle.
We have been experiencing problems at one of our sites with issues on their ADSL. Slow downs, drop offs etc.
I enabled the Mail Alert logging and have started receiving lots of alerts for "Vigor DoS Attack Alert"
It has included the log file info and I was wondering how I would go about interpreting the logs?
eg
(IP addresses removed to protect the innocent (or not so innocent)).
Lots and lots of these entries in each email. so how do I got about now finding out if these ar genuine DoS attacks and whether they may be causing the issues?
We have been experiencing problems at one of our sites with issues on their ADSL. Slow downs, drop offs etc.
I enabled the Mail Alert logging and have started receiving lots of alerts for "Vigor DoS Attack Alert"
It has included the log file info and I was wondering how I would go about interpreting the logs?
eg
DoS trace_rt Block ************,10016 -> ************,33444 PR udp len 20 32
(IP addresses removed to protect the innocent (or not so innocent)).
Lots and lots of these entries in each email. so how do I got about now finding out if these ar genuine DoS attacks and whether they may be causing the issues?
Regards,
Techmonkey
Please Log in or Create an account to join the conversation.
- lorian
- Offline
- Member
Less
More
- Posts: 190
- Thank you received: 0
20 May 2009 08:24 #55888
by lorian
Replied by lorian on topic Analysing logs?
sometimes the router will think its an attack when it's not. the first thing to do is an nslookup on the source ip address and see if you recongnise it. You can also search through your syslog to see what conversations are going on with that source address at the time of the aledged attack.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek