Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 3 subscribers
  • Views 542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

We were under attack - Now I need to grep some Logs

grimphyre
Yesterday our network was under distributed scan / DoS attack.

All attacks were targetted to port 80 with TCP protocol. Attacks came all over the world (korea, turkey, UK, USA ...).

Some ip spoofing was detected too.

How do i get the list of IP's used in attack? I am not very familiar in grepping of logs.


This thread was automatically locked due to age.
Unfiltered HTML