Required Client Data

Read Below About What you must do for us and law enforcement to HELP YOU !

Background Server Services or programs operate like a camera recording video in a bank.

These services and programs make it possible for us to see the Distributed Denial of Service Attack in progress, or in effect watch a video of the attack. We require a 45 MB tcpdump and may ask you for a netstat taken during a peak attack period.

Various operating systems require different access levels to run TcpDump and netstat. In Linux the user must have root access on the dedicated server or alternatively will want to call their dedicated web host provider to get it for them. Turn the firewall(s) or filtering off, if you can, for the three to ten minutes you take the tcpdump. The more data the better. But obviously no firewall filters means the entire attack is seen. We can work with whatever raw tcpdump you can get but the results are less informative.

The best Linux command line for DDoS forensics and our Botnet Net Locator is:

tcpdump -i eth0 -s 1700 -w YourFileName

This link provides many variations for different operating systems for tcpdump commands including SunOS, Ultrix, and BSD.

If you supply a text file instead of a raw log it is more time consuming to process and the results not as good. So please follow the above command instructions. More important to you is that we will put a surcharge of $1,500.00 US Funds for our time with no guarantee of results which means no refund if the botnet Command and Control Center is not found. So please take the time to do this correctly and we all win.

This data tells us each IP and the method it used to connect to the machine which is essential to us in determining the type of attack being orchestrated against your server. It is essential. It is a must not a want. We will not look at anything else. This is your data and you have every right to demand it from your hosting company. If they refuse find another vendor as quickly as possible because this one is a loser.

TcpDump prints out the headers of the packets on a network interface that match the boolean expression. It can be run with other flags but we like the above the best because we get better results with those flags. Alternative programs are available for windows servers like windump and wireshark that provide data.