In my day to day Job, I have been responsible for mitigating DDoS attacks and making sure that they are detected in a timely manner.
The company I work for has an awesome platform to mitigate DDoS attacks which have an alert system and analytics but I came across a public tool that you can enter an IP or domain into and check if there has been a DDoS against that target.
Check out https://ddosmon.net/
DDoS Mon gets data from telecoms and other sources around the world to compile a list of DDoS attacks. I have personally used this tool and compared it to known real attacks and let me tell you this tool is very accurate. It’s great to be able to quickly search for attacks also it’s easy to use the URL to search for an attack
For example, you can use https://ddosmon.net/explore/220.127.116.11 to search for attacks against 18.104.22.168(level 3 DNS servers)
There is also an API that requests some JSON data so you can parse the data and you need to create an account to get API access.
When searching for attacks against this IP we see the below result
The latest attack was a UDP style attack against this IP
The site also provides valuable insights into DDoS traffic on a global scale check out https://ddosmon.net/insight/
Here is a snippet of some interesting data there is much more on the site
In conclusion this tool is very useful and can be incorporated as another tool in a SOC environment or for any business who suspects they may have experienced attacks but don’t have the resources to check.
This tool is also great for research purposes.
I would like to know what you think about this tool ! send me a email with you thoughts or leave a comment !
Have a good day !