From owner-freebsd-net@FreeBSD.ORG Thu Sep 6 19:07:57 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36E8216A41A for ; Thu, 6 Sep 2007 19:07:57 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.freebsd.org (Postfix) with ESMTP id E004813C478 for ; Thu, 6 Sep 2007 19:07:56 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from localhost (unknown [200.46.204.183]) by hub.org (Postfix) with ESMTP id 3F665B47B50 for ; Thu, 6 Sep 2007 15:49:25 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024) with ESMTP id 86375-02 for ; Thu, 6 Sep 2007 15:49:25 -0300 (ADT) Received: from fserv.hub.org (blk-89-241-126.eastlink.ca [24.89.241.126]) by hub.org (Postfix) with ESMTP id 8F59BB47B4F for ; Thu, 6 Sep 2007 15:49:19 -0300 (ADT) Received: from [192.168.1.2] (unknown [192.168.1.2]) by fserv.hub.org (Postfix) with ESMTP id B2673E809E for ; Thu, 6 Sep 2007 15:49:27 -0300 (ADT) Date: Thu, 06 Sep 2007 15:48:37 -0300 From: "Marc G. Fournier" To: freebsd-net@freebsd.org Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: DDoS attacks ... identifying destination ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2007 19:07:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Today, I got hit by an attack, but haven't been able to easily determine whom was being attacked ... I run ipaudit to monitor bandwidth usage, so I have 'source / destination' information, but I'm not finding any particularly easy way to narrow down whom was being attacked ... I run mrtg on the switch so that I know which *server* is being attacked, so I need some method of being able to see whom is being attacked so that I can put appropriate blocks in place ... Is there either a command line command, or ports tool, that I can use similar to top, or systat -iostat, that will help identify the IP that is being attacked? Thank you ... - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG4EuF4QvfyHIvDvMRArtBAJ476WaXhFxzb5S+QRsJuFPQfs6SNgCePONi MCdrm9L85MBseHho0cGM6q8= =EfvZ -----END PGP SIGNATURE-----