Published on: September 10, 2014 by Geo Paul
Scenario:
Some times the webserver become loaded heavily due to large no. of inbound connections and makes the server sluggish or non-responsive. This is quite evident during DOS or DDOS attacks.In DDOS attack detection you can use the following script to identify the IP and the no. of connections active on a server using the following commands
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
or
netstat -plan | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
The output would look like the following
20 2.50.172.59
21 117.247.123.43
29 116.202.39.208
64 92.96.145.2
156 216.70.110.99
The first column represents the no. of connections while the second column represents the source IP
Category : Apache, Howtos, Security
Geo Paul has good customer management skills and is ready to take up additional responsibilities whenever required. His analytical assessment and adaptability to changing situations and circumstances, makes him one of the highly preferred admin by various clients. He is a jovial guy and love to live life to the fullest.
Add new commentSIGN IN