Diagnosing a dos Attack Under Linux

Q. How do I find out if I Linux box is under DoS attack or not form a shell prompt?

A. You can simply use netstat command to print out a list of all open connection to your Linux box. The list will be sorted out using sort command including total number of connections from a specific IP address.

Task: Looking at open connections (DoS)

Type the following command
# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

See how to find out if your server is under attack or not. You can also list abusive IP address using this method.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft: