I also think that a VM has been compromised in your cs installation. This VM is
behind your virtual router and is using the default IP address of it.
I would take a look at every VM in the network of this VR.
Regards,
Swen
-----Ursprüngliche Nachricht-----
Von: Wei ZHOU <ustcweiz...@gmail.com>
Gesendet: Montag, 11. März 2024 08:58
An: Granwille Strauss <granwi...@namhost.com>
Cc: users@cloudstack.apache.org
Betreff: Re: DDOS Attacks from my virtual Router
In my opinion, one of your VMs is compromised.
If you are able to access the hosts, you can check the statistics of the
virtual nics of the VMs in the network.
vmname=i-xx-yyy-VM
nics=$(virsh domiflist $vmname |awk '{print $1}' |grep vnet) for nic in $nics;do
virsh domifstat $vmname $nic |grep tx_bytes done
-Wei
On Mon, Mar 11, 2024 at 8:44 AM Granwille Strauss <granwi...@namhost.com> wrote:
>
> Hi Guys
>
> I ended updating to 4.19 and updated all SystemVMs and routers accordingly.
> DC has just informed me again that there is amplified DDOS attacks
> originating from my virtual router and from an IP address that's assigned to
> no instance or systemvm but shows via UI its assigned.
>
> Any ideas what I can try to stop this?
>
>
