Is it possible to track back someone who DDoS me and changed his IP address?
So I logged in this morning and someone had DDoSed me. Luckily it only affected one of my five servers. The guy didn't even dare to delete the list of zombie servers he used to DDoS me from my logfile, but changed his IP address.
Is there a way I can trace back to him? Is the nmap analyzer built in a way that I can use it on his zombie servers to find his new IP, or it'll only log people connected as root?
Solution 1:
No, you can not find him.
When you get a new IP address from the ISP, there is no link between the old and new IP. There is no way to get the new IP address from the new address. That is what the IP reset is for: giving you a fresh start.
Solution 2:
Onto Lars's answer, in general no.
But if the guy was stupid enough to upload and install a virus onto your server, then his next DDoS attack would be logged on your server.
Secondly, if you still have the list of IPs from the DDoS result, try going on one of those IPs and check thier logs and see if that same guy DDoS'd someone else.
And I have no bet he is going to come back and DDoS you again.