Re: DDOS Attacks from my virtual Router

Mon, 11 Mar 2024 03:09:14 -0700 

Hi Wei
Thank you for the provided script, the stats it shows, is it from initial VM creation date or from the time the server was rebooted? 

On 3/11/24 09:57, Wei ZHOU wrote:

In my opinion, one of your VMs is compromised.

If you are able to access the hosts, you can check the statistics of
the virtual nics of the VMs in the network.

vmname=i-xx-yyy-VM
nics=$(virsh domiflist $vmname |awk '{print $1}' |grep vnet)
for nic in $nics;do
   virsh domifstat $vmname $nic |grep tx_bytes
done



-Wei

On Mon, Mar 11, 2024 at 8:44 AM Granwille Strauss<granwi...@namhost.com>  wrote:

Hi Guys

I ended updating to 4.19 and updated all SystemVMs and routers accordingly. DC 
has just informed me again that there is amplified DDOS attacks originating 
from my virtual router and from an IP address that's assigned to no instance or 
systemvm but shows via UI its assigned.

Any ideas what I can try to stop this?



--
Regards / Groete

<https://www.namhost.com>         Granwille Strauss  // Senior Systems Admin

*e:* granwi...@namhost.com
*m:* +264 81 323 1260 <tel:+264813231260>
*w:* www.namhost.com <https://www.namhost.com/>

<https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>

<https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner>

Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA




The content of this message is confidential. If you have received it by 
mistake, please inform us by email reply and then delete the message. It 
is forbidden to copy, forward, or in any way reveal the contents of this 
message to anyone without our explicit consent. The integrity and 
security of this email cannot be guaranteed over the Internet. 
Therefore, the sender will not be held liable for any damage caused by 
the message. For our full privacy policy and disclaimers, please go to 
https://www.namhost.com/privacy-policy



Powered by AdSigner 
<https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>

Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature

























					Reply via email to