View Single Post
Old 3rd November 2010
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

First off, how do you know you're being attacked (other than some jerk talking trash on the internet)? What hard evidence do you have?

The first step would be to verify what type of traffic you have running on your network. You can do this by running tcpdump in *capture* mode (-w on an OpenBSD box...requires read priv on /dev/bpf* (by default rw for root only)), then analyze the traffic later (-r on an OpenBSD box).

Once you have a baseline, you can research the traffic types and see what services are causing said traffic. You may find a nefarious program (rootkit or somesuch), but chances are good you'll find out that the traffic is legit.
Reply With Quote