MaGe Linux Operations

Feb 26, 2017 · Information Security

How We Traced and Stopped a UDP Flood Attack on an Oracle‑Tomcat Server

During the Chinese New Year a client’s Oracle‑Tomcat server was overwhelmed by massive UDP traffic, prompting a forensic investigation that uncovered a hidden Trojan, detailed command‑line analysis, iptables hardening, and the root cause of a weak SSH password left after a hardware upgrade.