How to detect DDoS attack on Linux server?

kumkumsharma

Administrator
Staff member
  • Login to your server via SSH
  • Now run below command which help to find the particular IP address from which attack is goind on.
Code:
# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq –c
  • Next you have to enter this command from which you can get source IP address and number of connections to Linux system.
Code:
# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n
  • Now its time to check all the active connections on HTTP port 80.
Code:
# netstat -n | grep :80 |wc –l
  • If you will find any particular IP address which has too many connections then, it may be possible attack isoccur from this particular IP address, so you have to block this IP address. For that you can use below command.
Code:
# route add ipaddress reject
 
Top