Here is a command line to run on your server if you think your server is under attack. It prints our a list of open connections to your server and sorts them by amount.
CentOS: netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
BSD: netstat -na |awk ‘{print $5}’ |cut -d “.” -f1,2,3,4 |sort |uniq -c |sort -n
You can also check for connections by running the following command.
netstat -plan | grep :80 | awk ‘{print $4 }’ | sort -n | uniq -c | sort
These are few step to be taken when you feel the server is under attack:
Step 1: Check the load using the command “w”.
Step 2: Check which service is utilizing maximum CPU by “nice top”. Continue reading “DoS Attack Mitigation”