How to identify a DDOS attack or finding no of connection from an IPAddress

In Linux Web servers, You definitely server 100’s of websites.

Some site may be flooded with connections.


your server may be under DDOS attack.

In this situation you can use the below command

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr

And find the IPAddress, which is having more connections.

And you can Block the same using any firewall installed on your Server.

If you are using Config Server Firewall as firewall

use the command :

csf -d  the ipaddress

(replace the ipaddress with the ip you found on the command)

Feel free to comment about your experience.

About ilangovan ramasamy

I am a IT manager on a Corporate co. Started My Career In a Internet Center. having 10 years on Experience on IT. Very much Interested in knowing New technologies & gadgets. Wrote many Articles & how to’s for Computer Related issues. As I am in to hosting industry We face many issues on work. I thought of sharing my knowledge with you and writing so. If you guys feel something is interesting & helpful, Please do comment on it.

View all posts by ilangovan ramasamy →

0 Comments on “How to identify a DDOS attack or finding no of connection from an IPAddress”

  1. Way cool! Some very valid points! I appreciate you
    writing this post plus the rest of the website is extremely good.


This site uses Akismet to reduce spam. Learn how your comment data is processed.