Detect process that is doing an outbound DDoS attack [duplicate]

security linux ddos fedora

My web host has informed me that my Fedora server is the source of an outbound DDoS attack on somebody. The web host didn't give any other information. How can I find out what process is doing the attack so that I can stop it? I realize this is vague but I think if I can view outbound traffic in some way I might be able to find the process that is sending it.

I appreciate I will need to find the point of entry once I have stopped the attack, and likely will need to re-image the server with updates.

Thanks in advance.


You could use something like iptraf (available in a repo near you). This will tell you which ports are being used on your system and at what rate. Once you know which ports are being used you can then use netstat to find the process attached to each port. So if for example you identify that your port 6666 is active you can use

netstat -tunp | grep 6666
tcp   0  77352 192.168.254.188:56405  192.168.254.181:6666   ESTABLISHED 30072/nc

As you can see in this demo pid 30072 is using the port.

Related

ESXi PCI passthrough SmartArray P812 with 12TB MSA60
How to re-create Qmail queue
windows server 2008 cannot connect to internet [closed]
Replicate Gmail [email protected] functionality using Postfix
migrating imap using imapsync
Adding cname without putting the subdomain
TCP/UDP Connection States documentation
Why do nslookup result differ when adding www? [closed]
Two IP addresses one network interface and virtualization
Moving linux server to another hoster
Kerberos pre-authentication failed on nfs mount
Relocating application in nginx