[Dshield] Substantial DDoS: Forensics?

Scott Melnick smelnick at water.com
Thu Aug 17 19:21:05 GMT 2006


> Fortunately, I was running a tail and I saw this pretty early
> (although the server did crash). The question is this; Has anyone out
> there been able to develop a pattern from the IP addresses and the
> firewall (IPtables) log to track down the source? BTW, they have a
> common user agent.

Dave,

If it's a DDos attack indeed then I imagine it would be difficult to
develop a pattern from the attacking IP's as they are probably
compromised Zombie machines that are part of a BOT net and will be
different quite frequently.



Scott M. 




More information about the list mailing list