DDoS attacks are unfortunately no longer a rarity. Nowadays, a server can be attacked with very little effort.
To determine whether your own server is currently under attack, you can use the following commands:
netstat -anp |grep ‚tcp\|udp‘ | awk ‚{print $5}‘ | cut -d: -f1 | sort | uniq -c | sort –n
This command displays a list of connected IP addresses sorted by the number of connections.
A larger DDoS attack, however, uses countless servers that then only establish a few connections each.
This command counts the number of connections to a specific port (port 80 in the example):
netstat -n | grep :80 |wc -l
Leave a comment now