Was my network part of the Wikileaks attack?

  • 1
  • Question
  • Updated 8 years ago
  • Answered
Is there any way I can detect if any part of my network was involved in the recent Wikileaks related DDOS attack?
Photo of VirtualMe


  • 9 Posts
  • 1 Reply Like

Posted 8 years ago

  • 1
Photo of Michael Finn

Michael Finn

  • 35 Posts
  • 5 Reply Likes
The recent DDOS attacks on the Mastercard Visa and Paypal web sites were designed and organized by an Internet Activist group calling themselves Operation Payback. This group uses open-source tools and communicates using social media sites such as facebook and twitter. Basically they organize groups of ordinary internet users to become a large hive which can be directed towards specific targets such as Mastercard, Visa and Paypal. For more details on this see


So how can you analyze your Network for this activity. Well for example the recent DDOS attacks for Mastercard, Visa and Paypal were all directed towards there websites therefore analyzing the web traffic from your network can be used to determine if any hosts were showing very high levels of web activity towards these sites. The LANGuardians Web reporting module has a extensive set of reports which can be customized to look for a specific set of accesses to websites. Using the Top Websites report which can be found at

Modules - Web - Top Websites

Specify a Website Name filter of visa|mastercard|paypal

Run the report. This will quickly highlight what systems on your network have accessed these websites.

A further report which can highlight this activity is to monitor your network for access to the opensource tool LOIC. To create this use the report which can be found at

Modules - Web - Advanced Reports - Top Websites & URI

Specify a Website Name filter of sourceforge and a filter URI loic.

When you run this report it will highlight any accesses to the LOIC tool on the sourceforge website.