DDoS attacks ... identifying destination ...
Eric F Crist
ecrist at secure-computing.net
Thu Sep 6 12:42:39 PDT 2007
On Sep 6, 2007, at 1:48 PMSep 6, 2007, Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Today, I got hit by an attack, but haven't been able to easily
> determine whom
> was being attacked ...
>
> I run ipaudit to monitor bandwidth usage, so I have 'source /
> destination'
> information, but I'm not finding any particularly easy way to
> narrow down whom
> was being attacked ...
>
> I run mrtg on the switch so that I know which *server* is being
> attacked, so I
> need some method of being able to see whom is being attacked so
> that I can put
> appropriate blocks in place ...
>
> Is there either a command line command, or ports tool, that I can
> use similar
> to top, or systat -iostat, that will help identify the IP that is
> being
> attacked?
>
> Thank you ...
>
tcpdump might be of use.
-----
Eric F Crist
Secure Computing Networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070906/5eed288d/PGP.pgp
More information about the freebsd-net
mailing list