Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need help with a few issues
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need help with a few issues

Hi all, I need help with following issues

1.How to find from which IP you are being attacked(DDOS) on a dedicated server? Any specific tool?

2.How to monitor outbound traffic for KVM(I know a few scripts & tools for OPENvz but not for KVM)? How to determine if one or more of your vps clients are sending outbound DDOS?

Thank you in advance to whoever tries to help

Comments

  • Ping every IP, the ones not responding are being DDoSed?
    you could make a script that runs every x min and pings.

  • @Sledger said:
    Hi all, I need help with following issues

    1.How to find from which IP you are being attacked(DDOS) on a dedicated server? Any specific tool?

    2.How to monitor outbound traffic for KVM(I know a few scripts & tools for OPENvz but not for KVM)? How to determine if one or more of your vps clients are sending outbound DDOS?

    Thank you in advance to whoever tries to help

    Do you know what type of attack it is? It will help inform the best tool for the job. How much control do you have over the server and the network? Are you able to access the switch in any way?

  • Shoaib_AShoaib_A Member
    edited December 2013

    @Virtovo said:
    Do you know what type of attack it is? It will help inform the best tool for the job. How much control do you have over the server and the network? Are you able to access the switch in any way?

    Most of these attacks are UDP & SYN.I have SSH/full root access to the server.

  • This is the point which is of more concern, may be some of the providers or users can shed light on it:

    How to monitor outbound traffic for KVM(I know a few scripts & tools for OpenVZ but not for KVM)? How to determine if a client is sending outbound DDOS?

  • @Sledger said:
    This is the point which is of more concern, may be some of the providers or users can shed light on it:

    How to monitor outbound traffic for KVM(I know a few scripts & tools for OpenVZ but not for KVM)? How to determine if a client is sending outbound DDOS?

    I really wouldnt know about it

    but if you need a DoS attack script thats commonly used to execute a DoS attack from a server i can provide you one
    maybe you can try blocking/testing it yourself.

  • @Mark_R said:

    Thank you but I am not interested in attacking or testing a script, just something simple to monitor outbound traffic/determine outbound DDOS

  • Mark_RMark_R Member
    edited December 2013

    @Sledger said:

    how will you confirm the monitor stuff will work without testing it yourself?
    thats why i provided the script..

    not to be a e-thug lol.

  • @Sledger said:
    Most of these attacks are UDP & SYN.I have SSH/full root access to the server.

    If you want to monitor both inbound and outbound traffic effectively you ideally want to set up a collector on your switch port and use one of the free analysis tools to monitor/collect the information you require. Do you have any control over the switch?

  • @Virtovo said:
    If you want to monitor both inbound and outbound traffic effectively you ideally want to set up a collector on your switch port and use one of the free analysis tools to monitor/collect the information you require. Do you have any control over the switch?

    Its just a Hetzner PX-60 so I can't control the switch I guess

  • Normally if you are with Hetzner and attack is strong, you will find an email in your mail box of IP being nullrouted. :)) not so funny but that what they do.
    You can check active connections to your server with iftop -n command and an old fashioned tcpdump.

Sign In or Register to comment.