How to Keep DDoS Tools from Getting You Down
Pay attention to your machines!
Egress filter your network, i.e. make sure whatever comes out of your network only has source addresses that belong to you
Ingress filter – confirm that packets coming to you have source addresses that aren’t on your inside network
Use tcpdump on Solaris or Linux to capture logs, and report incident to law enforcement (NIPC)
tcpdump –i interface –s 1500 –w capture_file
snoop –d interface –o capture_file –s 1500