DOS attack, how to find the source?
I am haveing a problem. My server is now DOS'ed for one day. I found this out in the MRTG statistics. I view the status of my firewall (APF) to find out more. However my firewall doesn't tell me any source ip addresses.
The DOS'er is makeing a lot of connections to the server. The firewall status shows that he is trying to some of the IPs of the server that I don't use for anything (however they are assigned to the server). Now I would like to find out the IP address of the DOS'er. Can anyone tell me how to?
Netstat doesn't show any connections to those IPs I don't use. I only use x.x.x.70 and he is trying to connect to the server on the addresses x.x.x.71 to x.x.x.79. He is always using the same ports. After he has tried to connect to the IPs .71 to .79 he tries it again.
Help please! :-(
Many thanks in advance for your replies!!!
