HELP - How to find a DDOser on my box?

I was told by my DC that one of my servers was DDOSing a different server. How would I go about to start finding and investigating who's doing it - i.e. is it one of my users or an external hacker, and how to try to find teh hole and patch it.

it's a RHEL 3 box with WHM / CPanel

I know it's a big security job but what would be the first steps to try to figure this out on my own...?

 

 

 

 

Top