On Thursday 06 September 2007 14:59:36 Olivier Brisson wrote: > * Marc G. Fournier <[EMAIL PROTECTED]> [070906 21:28]: > > Is there either a command line command, or ports tool, that I can use > > similar to top, or systat -iostat, that will help identify the IP that is > > being attacked? > > In some way, you could also use wireshark: > http://www.wireshark.org/ > > Olivier > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
In the past, I've used DoSDetector to some success: /usr/ports/net/dosdetector "DoSDetector analyzes and detects suspicious IP traffic and alerts about it. It can detect worm traffic, SYN flood, icmp flood, udp flood attacks and more. It's configurable via a rule set; when an IP exceeds the score limit, DoSDetector prints a warning. WWW: http://dark-zone.eu/resources/unix/dosdetector/"; Combined w/ NetFlow exports on your edge routers provides even more accuracy in at least identifying the router and interface the traffic is coming in from and then acting accordingly to mitigate its effects. Many of the CAIDA tools (http://www.caida.org/tools/) can also help with identifying the source and destination of the anoomalous traffic. Hope this information proves to be of some value. Cheers, -- Art Mason [EMAIL PROTECTED] Intensive Network Security Rackspace Managed Hosting (800) 961-4454 ext. 4290 Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace Managed Hosting. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at [EMAIL PROTECTED], and delete the original message. Your cooperation is appreciated. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
