From owner-freebsd-net@FreeBSD.ORG Thu Sep 6 22:27:22 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DEA2816A417 for ; Thu, 6 Sep 2007 22:27:22 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.190]) by mx1.freebsd.org (Postfix) with ESMTP id 7E92713C461 for ; Thu, 6 Sep 2007 22:27:22 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: by fk-out-0910.google.com with SMTP id b27so301149fka for ; Thu, 06 Sep 2007 15:27:13 -0700 (PDT) Received: by 10.82.158.12 with SMTP id g12mr1783532bue.1189117632832; Thu, 06 Sep 2007 15:27:12 -0700 (PDT) Received: by 10.82.148.14 with HTTP; Thu, 6 Sep 2007 15:27:12 -0700 (PDT) Message-ID: Date: Fri, 7 Sep 2007 01:27:12 +0300 From: "Vlad GALU" To: "Marc G. Fournier" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: freebsd-net@freebsd.org Subject: Re: DDoS attacks ... identifying destination ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2007 22:27:23 -0000 On 9/6/07, Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Today, I got hit by an attack, but haven't been able to easily determine whom > was being attacked ... > > I run ipaudit to monitor bandwidth usage, so I have 'source / destination' > information, but I'm not finding any particularly easy way to narrow down whom > was being attacked ... > > I run mrtg on the switch so that I know which *server* is being attacked, so I > need some method of being able to see whom is being attacked so that I can put > appropriate blocks in place ... > > Is there either a command line command, or ports tool, that I can use similar > to top, or systat -iostat, that will help identify the IP that is being > attacked? > ports/net/glflow > Thank you ... > > - ---- > Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) > Email . scrappy@hub.org MSN . scrappy@hub.org > Yahoo . yscrappy Skype: hub.org ICQ . 7615664 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.4 (FreeBSD) > > iD8DBQFG4EuF4QvfyHIvDvMRArtBAJ476WaXhFxzb5S+QRsJuFPQfs6SNgCePONi > MCdrm9L85MBseHho0cGM6q8= > =EfvZ > -----END PGP SIGNATURE----- > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.