To be clear on of my server have been temporarily suspend because it was doing an DoS to another remote server.
I was informed by the hosting company of the abnormal activity and I know what was the targeted IP and port.
Now I wan't to have my server up and running but I have no guaranties that it will not happen again through the attack vector.
The only action I have done so far I blocking the outgoing port in my firewall.
I have also look for the IP address in my server's log with no success.
So what else can I do in order to identify which service have been hacked, or at least which mesures can I put in place to mitigate the future risks?
