Diagnosing a dos Attack Under Linux

by Vivek Gite on February 17, 2008 · 0 comments

Q. How do I find out if I Linux box is under DoS attack or not form a shell prompt?

A. You can simply use netstat command to print out a list of all open connection to your Linux box. The list will be sorted out using sort command including total number of connections from a specific IP address.

Task: Looking at open connections (DoS)

Login as the root user

Type the following command
# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

See how to find out if your server is under attack or not. You can also list abusive IP address using this method.

Featured Articles:

Share this with other sys admins!
Facebook it - Tweet it - Print it -

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 7 + 5 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Previous post:

Next post: