In my day to day Job, I have been responsible for mitigating DDoS attacks and making sure that they are detected in a timely manner. The company I work for has an awesome platform to mitigate DDoS attacks which has an alert system and analytics, but I came across a public tool that you can enter an IP or domain into. With DDoS Mon
, you can check if there has been a DDoS against that target.
DDoS Mon gets data from telecoms and other sources around the world to compile a list of DDoS attacks. I have personally used this tool and compared it to known real attacks and let me tell you this tool is very accurate. It's great to be able to quickly search for attacks also it's easy to use the URL to search for an attack.For example, you can use https://ddosmon.net/explore/18.104.22.168
to search for attacks against 22.214.171.124 (level 3 DNS servers).
There is also an API that requests some JSON data so you can parse the data and you need to create an account to get API access.
When searching for attacks against this IP we see the below result
The latest attack was a UDP style attack against this IP. The site also provides valuable insights into DDoS traffic on a global scale check out https://ddosmon.net/insight/
. Here is a snippet of some interesting data there is much more on the site.
In conclusion, this tool is very useful and can be incorporated as another tool in a SOC environment or for any business who suspects they may have experienced attacks but don't have the resources to check.This tool is also great for research purposes.I would like to know what you think about this tool! Send me an email with your thoughts or leave a comment. Have a great day guys!Sean