First off, how do you know you're being attacked (other than some jerk talking trash on the internet)? What hard evidence do you have?
The first step would be to verify what type of traffic you have running on your network. You can do this by running tcpdump in *capture* mode (-w on an OpenBSD box...requires read priv on /dev/bpf* (by default rw for root only)), then analyze the traffic later (-r on an OpenBSD box).
Once you have a baseline, you can research the traffic types and see what services are causing said traffic. You may find a nefarious program (rootkit or somesuch), but chances are good you'll find out that the traffic is legit.
|