DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Analysing logs?

  • techmonkey
  • Topic Author
  • Offline
  • New Member
  • New Member
More
11 May 2009 10:33 #55716 by techmonkey
Analysing logs? was created by techmonkey
Hi all, new user so please be gentle.

We have been experiencing problems at one of our sites with issues on their ADSL. Slow downs, drop offs etc.

I enabled the Mail Alert logging and have started receiving lots of alerts for "Vigor DoS Attack Alert"

It has included the log file info and I was wondering how I would go about interpreting the logs?

eg


DoS trace_rt Block ************,10016 -> ************,33444 PR udp len 20 32



(IP addresses removed to protect the innocent (or not so innocent)).

Lots and lots of these entries in each email. so how do I got about now finding out if these ar genuine DoS attacks and whether they may be causing the issues?

Regards,

Techmonkey

Please Log in or Create an account to join the conversation.

More
20 May 2009 08:24 #55888 by lorian
Replied by lorian on topic Analysing logs?
sometimes the router will think its an attack when it's not. the first thing to do is an nslookup on the source ip address and see if you recongnise it. You can also search through your syslog to see what conversations are going on with that source address at the time of the aledged attack.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami