How to identify a DDOS attack or finding no of connection from an IPAddress

In Linux Web servers, You definitely server 100’s of websites.

Some site may be flooded with connections.

or

your server may be under DDOS attack.

In this situation you can use the below command

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr

And find the IPAddress, which is having more connections.

And you can Block the same using any firewall installed on your Server.

If you are using Config Server Firewall as firewall

use the command :

csf -d  the ipaddress

(replace the ipaddress with the ip you found on the command)

Feel free to comment about your experience.

0 Replies to “How to identify a DDOS attack or finding no of connection from an IPAddress”

  1. Way cool! Some very valid points! I appreciate you
    writing this post plus the rest of the website is extremely good.

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.