Date: Thu, 6 Sep 2007 14:42:35 -0500 From: Eric F Crist <ecrist@secure-computing.net> To: Marc G. Fournier <scrappy@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: DDoS attacks ... identifying destination ... Message-ID: <8CAB10E6-C13C-4DCB-B5C0-FE5D7DF00410@secure-computing.net> In-Reply-To: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org> References: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sep 6, 2007, at 1:48 PMSep 6, 2007, Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Today, I got hit by an attack, but haven't been able to easily > determine whom > was being attacked ... > > I run ipaudit to monitor bandwidth usage, so I have 'source / > destination' > information, but I'm not finding any particularly easy way to > narrow down whom > was being attacked ... > > I run mrtg on the switch so that I know which *server* is being > attacked, so I > need some method of being able to see whom is being attacked so > that I can put > appropriate blocks in place ... > > Is there either a command line command, or ports tool, that I can > use similar > to top, or systat -iostat, that will help identify the IP that is > being > attacked? > > Thank you ... > tcpdump might be of use. ----- Eric F Crist Secure Computing Networks [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFG4FgryuaZYRUu2ukRAvRHAKCLX2rJ6EFcvIY2YH8pywkYjUrE5QCfV1An bJdX351wGpQ9ELnBUL8QAuA= =F0t6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8CAB10E6-C13C-4DCB-B5C0-FE5D7DF00410>