Webmaster's Community

Webhosting Forums => Dedicated Server Administration => Topic started by: Savera on July 14, 2012, 07:05:10 AM

Title: How to find number of connection from IPs using netstat (DOS attack)
Post by: Savera on July 14, 2012, 07:05:10 AM: Hi,

Recently I have been trouble as one of the server I have root access was not accessible, it was coming and going. Our network administrator was not available, then I did a search and I found that server must be under DOS attack. I with limited knowledge search internet and found a useful command of netstat from that you can find which IP is making lots of connection , then after finding it, I blocked and server was up and running until out admin fix it permanently.

Here is the command :
Code: [Select]
netstat -n|grep :80|cut -c 45-|cut -f 1 -d ':'|sort|uniq -c|sort -nr|more
It will show you number of connection on port 80 from all IPs, just find one with unusual number of high connection, block it .

Hope it will help others like me, if yes then let me know here :)

SMF 2.0.13 | SMF © 2016, Simple Machines