Find ddos attack on OpenVZ container

Question

How do you figure out which OpenVZ contain is under attack from a dDoS?

I know it is an attack because the b/w and incoming traffic shot WAY up.

Can this be done with netstat? Are some attacks not going to show up on netstat like UDP if they hit a port with no service running? Is there a monitoring service I could maybe install on the host node?

Big increase of incoming traffic on the host node on the B/W charts. — Tiffany Walker, Apr 28 '13 at 05:40

score 0 · Accepted Answer · answered Apr 28 '13 at 11:31

0

Run tcpdump on the host machine for a while and then analyze the captured packets. The IP that shows up most frequently is likely the target of the attack.

answered Apr 28 '13 at 11:31

EEAA

108,414
18
172
242

Find ddos attack on OpenVZ container

1 Answers1