From owner-freebsd-net@FreeBSD.ORG  Thu Sep  6 20:50:22 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7D8F916A418;
	Thu,  6 Sep 2007 20:50:22 +0000 (UTC) (envelope-from mtm@FreeBSD.Org)
Received: from rogue.navcom.lan (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 54D6013C45E;
	Thu,  6 Sep 2007 20:50:15 +0000 (UTC) (envelope-from mtm@FreeBSD.Org)
Received: by rogue.navcom.lan (Postfix, from userid 1001)
	id 877F826A9; Thu,  6 Sep 2007 23:50:12 +0300 (EAT)
Date: Thu, 6 Sep 2007 23:50:12 +0300
From: Mike Makonnen <mtm@FreeBSD.Org>
To: "Marc G. Fournier" <scrappy@freebsd.org>
Message-ID: <20070906205012.GA60071@rogue.navcom.lan>
References: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD/7.0-CURRENT (i386)
Cc: freebsd-net@freebsd.org
Subject: Re: DDoS attacks ... identifying destination ...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2007 20:50:22 -0000

On Thu, Sep 06, 2007 at 03:48:37PM -0300, Marc G. Fournier wrote:
> 
> Is there either a command line command, or ports tool, that I can use similar 
> to top, or systat -iostat, that will help identify the IP that is being 
> attacked?
> 

I've found net-mgmt/iftop to be very usefull in the past.

Cheers.
-- 
Mike Makonnen         | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc
mmakonnen @ gmail.com | AC7B 5672 2D11 F4D0 EBF8  5279 5359 2B82 7CD4 1F55
mtm @ FreeBSD.Org     | FreeBSD - http://www.freebsd.org