-1
My server got a 13 GBit DDoS attack so LeaseWeb nulled its IP address and the attack ended. My IP address is still blocked. I got a temporary second IP address, which is not yet public.
How can I detect the attack from my logs?
My server runs Windows Server 2008 R2.
MonsterMMORPG
Posted 2012-08-05T22:36:28.103
Reputation: 475
1
I have some doubts you can read anything from logs. The DDoS means that someone instructed a lot of machines, usually Windows machines infected by malware forming a botnet, to issue bogus requests against your IP. You would get those IPs (belonging to morons, but innocent morons) and not for long (because you were null routed so no traffic reached the machine).
chx
Posted 2012-08-05T22:36:28.103
Reputation: 3 069