Date: Thu, 6 Sep 2007 17:15:15 -0400 From: Gary Palmer <gpalmer@freebsd.org> To: "Marc G. Fournier" <scrappy@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: DDoS attacks ... identifying destination ... Message-ID: <20070906211515.GA8194@in-addr.com> In-Reply-To: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org> References: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2007 at 03:48:37PM -0300, Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Today, I got hit by an attack, but haven't been able to easily determine whom > was being attacked ... > > I run ipaudit to monitor bandwidth usage, so I have 'source / destination' > information, but I'm not finding any particularly easy way to narrow down whom > was being attacked ... > > I run mrtg on the switch so that I know which *server* is being attacked, so I > need some method of being able to see whom is being attacked so that I can put > appropriate blocks in place ... > > Is there either a command line command, or ports tool, that I can use similar > to top, or systat -iostat, that will help identify the IP that is being > attacked? > > Thank you ... net/trafshow will show throughput on various protocols on a host in a more user friendly format than raw tcpdump alone.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070906211515.GA8194>