Published on: September 10, 2014 by Geo Paul
Scenario:
Some times the webserver become loaded heavily due to large no. of inbound connections and makes the server sluggish or non-responsive. This is quite evident during DOS or DDOS attacks.In DDOS attack detection you can use the following script to identify the IP and the no. of connections active on a server using the following commands
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
or
netstat -plan | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
The output would look like the following
20 2.50.172.59
21 117.247.123.43
29 116.202.39.208
64 92.96.145.2
156 216.70.110.99
The first column represents the no. of connections while the second column represents the source IP
Category : Apache, Howtos, Security
Add new commentSIGN IN