New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need help with a few issues
Hi all, I need help with following issues
1.How to find from which IP you are being attacked(DDOS) on a dedicated server? Any specific tool?
2.How to monitor outbound traffic for KVM(I know a few scripts & tools for OPENvz but not for KVM)? How to determine if one or more of your vps clients are sending outbound DDOS?
Thank you in advance to whoever tries to help
Comments
Ping every IP, the ones not responding are being DDoSed?
you could make a script that runs every x min and pings.
Do you know what type of attack it is? It will help inform the best tool for the job. How much control do you have over the server and the network? Are you able to access the switch in any way?
Most of these attacks are UDP & SYN.I have SSH/full root access to the server.
This is the point which is of more concern, may be some of the providers or users can shed light on it:
How to monitor outbound traffic for KVM(I know a few scripts & tools for OpenVZ but not for KVM)? How to determine if a client is sending outbound DDOS?
I really wouldnt know about it
but if you need a DoS attack script thats commonly used to execute a DoS attack from a server i can provide you one
maybe you can try blocking/testing it yourself.
http://justpaste.it/legald0s
Thank you but I am not interested in attacking or testing a script, just something simple to monitor outbound traffic/determine outbound DDOS
how will you confirm the monitor stuff will work without testing it yourself?
thats why i provided the script..
not to be a e-thug lol.
If you want to monitor both inbound and outbound traffic effectively you ideally want to set up a collector on your switch port and use one of the free analysis tools to monitor/collect the information you require. Do you have any control over the switch?
Its just a Hetzner PX-60 so I can't control the switch I guess
Normally if you are with Hetzner and attack is strong, you will find an email in your mail box of IP being nullrouted. ) not so funny but that what they do.
You can check active connections to your server with iftop -n command and an old fashioned tcpdump.
nice perl script