From owner-freebsd-net@FreeBSD.ORG Thu Sep 6 20:25:39 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 353DD16A419 for ; Thu, 6 Sep 2007 20:25:39 +0000 (UTC) (envelope-from oli@unixcraft.org) Received: from 42.mail-out.ovh.net (42.mail-out.ovh.net [213.251.189.42]) by mx1.freebsd.org (Postfix) with SMTP id 9248A13C483 for ; Thu, 6 Sep 2007 20:25:38 +0000 (UTC) (envelope-from oli@unixcraft.org) Received: (qmail 10474 invoked by uid 503); 6 Sep 2007 19:59:09 -0000 Received: from b6.ovh.net (HELO mail140.ha.ovh.net) (213.186.33.56) by 42.mail-out.ovh.net with SMTP; 6 Sep 2007 19:59:09 -0000 Received: from b0.ovh.net (HELO queue-out) (213.186.33.50) by b0.ovh.net with SMTP; 6 Sep 2007 19:58:57 -0000 Received: from 150.21.202.62.fix.bluewin.ch (HELO localhost) (62.202.21.150) by ns0.ovh.net with SMTP; 6 Sep 2007 19:58:55 -0000 Date: Thu, 6 Sep 2007 21:59:36 +0200 From: Olivier Brisson To: freebsd-net@freebsd.org Message-ID: <20070906195936.GB81651@haribo.unixcraft.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Ovh-Remote: 62.202.21.150 (150.21.202.62.fix.bluewin.ch) X-Ovh-Local: 213.186.33.20 (ns0.ovh.net) X-Spam-Check: DONE|H 0.5/N Subject: Re: DDoS attacks ... identifying destination ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2007 20:25:39 -0000 * Marc G. Fournier [070906 21:28]: > > Is there either a command line command, or ports tool, that I can use similar > to top, or systat -iostat, that will help identify the IP that is being > attacked? In some way, you could also use wireshark: http://www.wireshark.org/ Olivier