DDoS attacks ... identifying destination ...
Gary Palmer
gpalmer at freebsd.org
Thu Sep 6 14:26:55 PDT 2007
On Thu, Sep 06, 2007 at 03:48:37PM -0300, Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Today, I got hit by an attack, but haven't been able to easily determine whom
> was being attacked ...
>
> I run ipaudit to monitor bandwidth usage, so I have 'source / destination'
> information, but I'm not finding any particularly easy way to narrow down whom
> was being attacked ...
>
> I run mrtg on the switch so that I know which *server* is being attacked, so I
> need some method of being able to see whom is being attacked so that I can put
> appropriate blocks in place ...
>
> Is there either a command line command, or ports tool, that I can use similar
> to top, or systat -iostat, that will help identify the IP that is being
> attacked?
>
> Thank you ...
net/trafshow will show throughput on various protocols on a host in a more
user friendly format than raw tcpdump alone.
More information about the freebsd-net
mailing list