«
»

Detect DDoS Source & Destination IP Address with OURMON

We have OURMON running on one of network segment for quite some time, it is very helpful and resourceful when DDoS attack happened, especially to help our customer to find out which destination is targeted on the attack and from which sources. Below is the graph that we previously captured while running OURMON version 2.70.

OURMON Version 2.81

On the recent released of OURMON, the topn graphs didn’t show the traffic by Mbit/s instead of bit/s. The long no. is confusing when the NOC engineer is doing the monitoring(minimal 7 digits will show up). I have made some changes on omupdate.pl, one of OURMON script that generate html static page, to show extra value – Mbit/s. Our current OURMON graph looks something like below;

Below will show you how to add extra Mbit/s value on your OURMON Topn section;

edit omupdate.pl file

vi /usr/local/mrourmon/bin/omupdate.pl

On line 3137, add the code looks like below;


my $uappf = $items[$i+2];       # old hw app flags
my $uappl = $items[$i+3];       # app lower case
my $uapph = $items[$i+4];       # app upper case
my $bps = int(($items[$i+1] * 8)/30);
my $mbps = sprintf("%.2f", ($bps/1024)/1024); # convert bits to mbits
my $uaf = get_appflag($uappf, $uappl, $uapph);

this line of code my $mbps = sprintf(“%.2f”, ($bps/1024)/1024); is to declare the new variable $mbps and convert the bit/s value to Mbit/s by dividing 1024*1024.

Next is to display the value on the page, do something on line of code 3146;


"bits/sec: $bps, Mbits/sec: $mbps, "

Done, wait for a few second for the web page to refresh with extra Mbit/s value. Btw, you can remove bit/s if you want to, to save some extra space ;)

Related posts:

  1. OURMON Installation and Configuration on FreeBSD 7 with Multi-threading Support OURMON is popular known as open source Network Monitoring and...
  2. Sheep In The Box Source Code Release Many of you who attended HITBSecConf06 might seen Sheep In...
  3. Cacti Spine Source Installation Error on FreeBSD Just noticed FreeBSD’s port still using old version of spine,...
  4. How to Find Out Public IP Address via Command Line in Unix/Linux Machine If you have more than 100 servers in your network;...
  5. split – but no destination parameter to specify first : cd /destination/directory second : split /source/directory/big-huge-file prefix-to-apply-onto-splited-files Voila...
  6. Star Wars ASCII Animation Through Telnet Telnet to mail server port? telnet to web server port?...

This entry was posted on Thursday, June 26th, 2008 at 5:00 pm and is filed under Open Source, Systems. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply