What should I do if I am the origin of a DoS/DDoS attack?
This heavily depends on your network security policy. You may for example wish to ultimately prosecute the offender, in which case you will need to take great pains to preserve the chain of evidence. If you wish to stop your systems from being used to launch attacks you should not just reboot them and remove the agent. You will also need to plug any and ALL security holes, otherwise the intruder will break in again in short order. Assuming you cannot patch all the machines then you should try to limit access to them in other ways, by firewalling them off for example. Unfortunately in many environments (especially “public ones” like educational institutions) even updating all the software and making sure the mchines are secure against network attacks will not always be 100% effective. You should install software on all your important network machines and ideally on every single host that can detect changes and additions to the filesystem. This will allow you to hopefully nip attacks in
