Outgoing DDOS

Is there a way to detect where the outgoing DDOS from our server is coming from??

Server got unplugged for outgoing DDOS.... (firewall wasn't installed, is now) I noticed firewall blocking a lot of activity in /var/log/messages was wondering if anybody knew a way to track maybe which user this is coming from or how its starting to begin with?

 

 

 

 

Top