La página personal de Juan Gabriel Covas

Herramientas de usuario

Herramientas del sitio


Averiguar rápidamente si un server está bajo DDoS

Quick and usefull command for checking if a server is under DDoS

# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amount of connections to a server. It is important to remember that the ddos is becoming more sophistcated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

linux/howtos/ddos-detection.txt · Última modificación: 10/07/2020 17:38 por Juanga Covas