Date: Fri, 7 Sep 2007 01:27:12 +0300 From: "Vlad GALU" <dudu@dudu.ro> To: "Marc G. Fournier" <scrappy@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: DDoS attacks ... identifying destination ... Message-ID: <ad79ad6b0709061527j2d835c7ch9b8ea89dda831adb@mail.gmail.com> In-Reply-To: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org> References: <B619D4EFFD109A19C9A24EFC@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/6/07, Marc G. Fournier <scrappy@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Today, I got hit by an attack, but haven't been able to easily determine whom > was being attacked ... > > I run ipaudit to monitor bandwidth usage, so I have 'source / destination' > information, but I'm not finding any particularly easy way to narrow down whom > was being attacked ... > > I run mrtg on the switch so that I know which *server* is being attacked, so I > need some method of being able to see whom is being attacked so that I can put > appropriate blocks in place ... > > Is there either a command line command, or ports tool, that I can use similar > to top, or systat -iostat, that will help identify the IP that is being > attacked? > <plug type="shameless">ports/net/glflow</plug> > Thank you ... > > - ---- > Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) > Email . scrappy@hub.org MSN . scrappy@hub.org > Yahoo . yscrappy Skype: hub.org ICQ . 7615664 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.4 (FreeBSD) > > iD8DBQFG4EuF4QvfyHIvDvMRArtBAJ476WaXhFxzb5S+QRsJuFPQfs6SNgCePONi > MCdrm9L85MBseHho0cGM6q8= > =EfvZ > -----END PGP SIGNATURE----- > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ad79ad6b0709061527j2d835c7ch9b8ea89dda831adb>