On Sep 6, 2007, at 1:48 PMSep 6, 2007, Marc G. Fournier wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Today, I got hit by an attack, but haven't been able to easily determine whomwas being attacked ...I run ipaudit to monitor bandwidth usage, so I have 'source / destination' information, but I'm not finding any particularly easy way to narrow down whomwas being attacked ...I run mrtg on the switch so that I know which *server* is being attacked, so I need some method of being able to see whom is being attacked so that I can putappropriate blocks in place ...Is there either a command line command, or ports tool, that I can use similar to top, or systat -iostat, that will help identify the IP that is beingattacked? Thank you ...
tcpdump might be of use. ----- Eric F Crist Secure Computing Networks
PGP.sig
Description: This is a digitally signed message part
