In my opinion, one of your VMs is compromised.
If you are able to access the hosts, you can check the statistics of
the virtual nics of the VMs in the network.
vmname=i-xx-yyy-VM
nics=$(virsh domiflist $vmname |awk '{print $1}' |grep vnet)
for nic in $nics;do
virsh domifstat $vmname $nic |grep tx_bytes
done
-Wei
On Mon, Mar 11, 2024 at 8:44 AM Granwille Strauss <[email protected]> wrote:
>
> Hi Guys
>
> I ended updating to 4.19 and updated all SystemVMs and routers accordingly.
> DC has just informed me again that there is amplified DDOS attacks
> originating from my virtual router and from an IP address that's assigned to
> no instance or systemvm but shows via UI its assigned.
>
> Any ideas what I can try to stop this?
>
>
