Hey all. Does anyone have any good advice for tracking down evidence of a relay attack of any kind. The other day, I was revisiting a book I purchased some time ago call Counter Hack by Ed Skoudis. It went over how netcat could be used to setup multiple relays to attack with a chain of clients and listeners. I was wondering/curious if anyone here has ever had to investigate something of this nature and how they went about doing it other than the obvious - going through the logs and such. It seems like something pretty hard to track down, especially if the attacker was able to relay between cultural barriers (eg a relay on systems across the world to make it harder to track).