DDoS attacks ... identifying destination ...
Vlad GALU
dudu at dudu.ro
Thu Sep 6 15:27:23 PDT 2007
On 9/6/07, Marc G. Fournier <scrappy at freebsd.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Today, I got hit by an attack, but haven't been able to easily determine whom
> was being attacked ...
>
> I run ipaudit to monitor bandwidth usage, so I have 'source / destination'
> information, but I'm not finding any particularly easy way to narrow down whom
> was being attacked ...
>
> I run mrtg on the switch so that I know which *server* is being attacked, so I
> need some method of being able to see whom is being attacked so that I can put
> appropriate blocks in place ...
>
> Is there either a command line command, or ports tool, that I can use similar
> to top, or systat -iostat, that will help identify the IP that is being
> attacked?
>
<plug type="shameless">ports/net/glflow</plug>
> Thank you ...
>
> - ----
> Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
> Email . scrappy at hub.org MSN . scrappy at hub.org
> Yahoo . yscrappy Skype: hub.org ICQ . 7615664
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4 (FreeBSD)
>
> iD8DBQFG4EuF4QvfyHIvDvMRArtBAJ476WaXhFxzb5S+QRsJuFPQfs6SNgCePONi
> MCdrm9L85MBseHho0cGM6q8=
> =EfvZ
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
More information about the freebsd-net
mailing list