DOS Attack

[Guest]

Hi experties

I have 30 system office
in this office this 30 system after some time automatic Restart or Shutdon
For this action time doen't fix any time it restart or shutdown


Can you please help us

i think it's DOS Attack
Even i am not able to See evenviewer and Services Restart or Stop


Can You Please Help Us??????????

 

[Malke]

Hi experties

I have 30 system office
in this office this 30 system after some time automatic Restart or Shutdon
For this action time doen't fix any time it restart or shutdown


Can you please help us

i think it's DOS Attack
Even i am not able to See evenviewer and Services Restart or Stop

Hi, Swap - There is no such thing as a "DOS Attack". You may be thinking
of a "DDOS Attack" which means a "Denial Of Service" attack and would
not be applicable to your situation.

There is no way for us to troubleshoot your 30-system network in a
newsgroup with so little information. We also seem to have a language
barrier. I say this with no intention to offend you, but if English is
not your first language you may wish to post in one of MS newsgroups for
your native language. Here is a list of MS public newsgroups:

http://aumha.org/nntp.htm

That said, we don't have nearly enough information to help you. Here is
a link that explains what to include in a newsgroup post to get focused
help:

http://www.dts-l.org/goodpost.htm

In troubleshooting, you should always ask yourself these two questions:

The First Question Of Troubleshooting: what changed between the time
things worked and the time they didn't?

The Second Question of Windows Troubleshooting: what is the
malware/virus status of the machine? If you think it is clean, what
programs (and versions) did you use to determine this?

Be sure the computer is clean:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

With 30 systems, you really need a professional to come on-site and look
at what is happening. This will not be a person from your local version
of BigStoreUSA.

Good luck,


Malke

 

[Guest]

Thanks for suggestion

Hi, Swap - There is no such thing as a "DOS Attack". You may be thinking
of a "DDOS Attack" which means a "Denial Of Service" attack and would
not be applicable to your situation.

There is no way for us to troubleshoot your 30-system network in a
newsgroup with so little information. We also seem to have a language
barrier. I say this with no intention to offend you, but if English is
not your first language you may wish to post in one of MS newsgroups for
your native language. Here is a list of MS public newsgroups:

http://aumha.org/nntp.htm

That said, we don't have nearly enough information to help you. Here is
a link that explains what to include in a newsgroup post to get focused
help:

http://www.dts-l.org/goodpost.htm

In troubleshooting, you should always ask yourself these two questions:

The First Question Of Troubleshooting: what changed between the time
things worked and the time they didn't?

The Second Question of Windows Troubleshooting: what is the
malware/virus status of the machine? If you think it is clean, what
programs (and versions) did you use to determine this?

Be sure the computer is clean:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

With 30 systems, you really need a professional to come on-site and look
at what is happening. This will not be a person from your local version
of BigStoreUSA.

Good luck,


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Mr. Grey]

Swap et Malke

1: There is such a thing as a DoS attack...that is, infact a "Denial of
Service" attack...whereas a DDoS attack is a "Distributed Denial of
Service" attack and by definition is typically a DoS attack from
multiple sources..thus Distributed....and infact either one could be
applicable to his situation if this is indeed an attack.

A DoS or DDoS attack is an attack that is designed to make a computer or
network resource unavailable or unusable to it's intended users. DoS
attacks have two "typical" forms: To force the victim computer or
computers to reset or consume all of their resources such that they can
no longer provide the intended service...OR to obstruct the
communication media between the intended users and the victim (like a
website attack blocking the website by flooding it with rubbish) so that
they can no longer communicate adequately.

Now that we have cleared that up let's move on to the actual
problem....Malke's first step is absolutely correct...has anything
changed in the environment (new software to new hardware...)? I would
disagree with the second step, I would probably look through your event
logs to see if they give you any further detail as to what is causing
the shutdown and if anything is being logged, this can typically give
you a bit more insight and possibly you can trace the events back to the
root cause...Of course certainly make sure that your AV/Spyware/Malware
protection is updated etc...but at this point I would say that if this
is indeed an attack/infection, you have already been compromised.

And it would probably not be a bad idea to get some professional help,
any QUALIFIED person should be able to rapidly diagnose and remediate
the situation for you using more advanced tools...I suspect that with 30
systems randomly shutting down and rebooting your business is severely
impacted!

After the issue has been handled, I would also suggest putting together
a security plan and investing in some additional security tools as
needed and directed by the aforementioned qualified personnel ;-)
(IDS/IPS etc...)

If you have addtl info after proceeding with some of the
aforementioned...send it our way...

Regards,
Mr. Grey
You wanna secure da wha?
http://www.redsphereglobal.com

 

[Guest]

Thanks for the Helping us
I will do as u sugges

Swap et Malke

1: There is such a thing as a DoS attack...that is, infact a "Denial of
Service" attack...whereas a DDoS attack is a "Distributed Denial of
Service" attack and by definition is typically a DoS attack from
multiple sources..thus Distributed....and infact either one could be
applicable to his situation if this is indeed an attack.

A DoS or DDoS attack is an attack that is designed to make a computer or
network resource unavailable or unusable to it's intended users. DoS
attacks have two "typical" forms: To force the victim computer or
computers to reset or consume all of their resources such that they can
no longer provide the intended service...OR to obstruct the
communication media between the intended users and the victim (like a
website attack blocking the website by flooding it with rubbish) so that
they can no longer communicate adequately.

Now that we have cleared that up let's move on to the actual
problem....Malke's first step is absolutely correct...has anything
changed in the environment (new software to new hardware...)? I would
disagree with the second step, I would probably look through your event
logs to see if they give you any further detail as to what is causing
the shutdown and if anything is being logged, this can typically give
you a bit more insight and possibly you can trace the events back to the
root cause...Of course certainly make sure that your AV/Spyware/Malware
protection is updated etc...but at this point I would say that if this
is indeed an attack/infection, you have already been compromised.

And it would probably not be a bad idea to get some professional help,
any QUALIFIED person should be able to rapidly diagnose and remediate
the situation for you using more advanced tools...I suspect that with 30
systems randomly shutting down and rebooting your business is severely
impacted!

After the issue has been handled, I would also suggest putting together
a security plan and investing in some additional security tools as
needed and directed by the aforementioned qualified personnel ;-)
(IDS/IPS etc...)

If you have addtl info after proceeding with some of the
aforementioned...send it our way...

Regards,
Mr. Grey
You wanna secure da wha?
http://www.redsphereglobal.com