In my opinion, one of your VMs is compromised. If you are able to access the hosts, you can check the statistics of the virtual nics of the VMs in the network.
vmname=i-xx-yyy-VM nics=$(virsh domiflist $vmname |awk '{print $1}' |grep vnet) for nic in $nics;do virsh domifstat $vmname $nic |grep tx_bytes done -Wei On Mon, Mar 11, 2024 at 8:44 AM Granwille Strauss <granwi...@namhost.com> wrote: > > Hi Guys > > I ended updating to 4.19 and updated all SystemVMs and routers accordingly. > DC has just informed me again that there is amplified DDOS attacks > originating from my virtual router and from an IP address that's assigned to > no instance or systemvm but shows via UI its assigned. > > Any ideas what I can try to stop this? > >