Find ddos attack on OpenVZ container [duplicate] – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, virtualization, vps, virtual-machines, openvz.
How do you figure out which OpenVZ contain is under attack from a dDoS?
I know it is an attack because the b/w and incoming traffic shot WAY up.
Can this be done with netstat? Are some attacks not going to show up on netstat like UDP if they hit a port with no service running? Is there a monitoring service I could maybe install on the host node?
Run tcpdump on the host machine for a while and then analyze the captured packets. The IP that shows up most frequently is likely the target of the attack.