If you have an OVH server and your being DDOS’ed, you would want to ensure the attack is being mitigated. Normally when an attack has been detected, the mitigation will be turned on automatically. Once the attack has passed, your server will return back to normal traffic levels. If you wish to permanently turn on the DDOS protection you can use the following API from OVH:
For the fields, you would specify your IP address. This will put your server on permanent DDOS mitigation from OVH for your server. To check if your server is under mitigation, you can perform an MTR test. This can be done from the terminal or via an web application. The mtr should show something similar to the following:
9.|-- vac3-0-a9.qc.ca.vaccum 0.0% 4 11.9 12.1 11.8 12.6 0.3 10.|-- vac3-1-n7.qc.ca.firewall 0.0% 4 10.8 10.7 10.6 10.9 0.1 11.|-- vac3-2-n7.qc.ca.tilera 0.0% 4 10.7 10.9 10.6 11.4 0.4 12.|-- vac3-3-n7.qc.ca 0.0% 4 10.8 10.8 10.7 10.8 0.1
This means your server is under DDOS protection. If you wish to remove the permanent mitigation, you would use the following API from OVH:
This will allow you to remove your server from the permanent mitigation. Naturally the above chart will not appear in your MTR report.
You can find more information on the OVH website for https://www.ovh.co.uk/anti-ddos/.
To capture the DDOS attack information from the network interface, you would run an tcpdump command to capture the packets of the request made against the server.