Your server appearing pretty slow could be many things from wrong configs, scripts and dodgy hardware, but sometimes it could be a cause someone is flooding your server with traffic known as DoS ( Denial of Service ) or DDoS ( Distributed Denial of Service ).<\/p>\n

Denial-of-service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. This attack generally target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.<\/p>\n

<\/a><\/p>\n

DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its services or obstructs the communication media between the users and the victim so that they can no longer communicate adequately.<\/p>\n

In this article you\u2019ll see How to verify DDOS attack with ‘netstat’ command on Linux<\/p>\n

Some of the commands with explanation<\/strong><\/p>\n

netstat -na<\/pre>\n
This display all active Internet connections to the server and only established connections are included.<\/p>\n
netstat -an | grep :80 | sort<\/pre>\n
Show only active Internet connections to the server on port 80, this is the http port and so it\u2019s useful if you have a web server<\/a>, and sort the results and useful in detecting a single flood by allowing you to recognize many connections coming from one IP.<\/p>\n
netstat -n -p|grep SYN_REC | wc -l<\/pre>\n
This command is useful to find out how many active SYNC_REC are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump to pretty high. However, the value always depends on system, so a high value may be average on another server<\/a>.<\/p>\n
netstat -n -p | grep SYN_REC | sort -u<\/pre>\n
List out the all IP addresses involved instead of just count.<\/p>\n
netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'<\/pre>\n
List all the unique IP addresses of the node that are sending SYN_REC connection status.<\/p>\n
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n<\/pre>\n
Use netstat command to calculate and count the number of connections each IP address makes to the server.<\/p>\n
netstat -anp |grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n<\/pre>\n
List count of number of connections the IPs are connected to the server using TCP or UDP protocol.<\/p>\n
netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr<\/pre>\n
Check on ESTABLISHED connections instead of all connections, and displays the connections count for each IP.<\/p>\n
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1<\/pre>\n
Show and list IP address and its connection count that connect to port 80 on the server. Port 80 is used mainly by HTTP web page request.<\/p>\n
How to mitigate a DOS attack<\/strong><\/p>\n
Once that you have found the IP that are attacking your server you can use the following commands to block their connection to your server:<\/p>\n
iptables -A INPUT 1 -s $IPADRESS -j DROP\/REJECT<\/pre>\n
you have to replace $IPADRESS with the IP numbers that you have found with netstat.
\nOr
\nIf you have installed CSF, you can use the below command to block the ip address<\/p>\n
csf -d <ip address><\/pre>\n
After firing the above command, KILL all httpd connections to clean your system and than restart httpd service by
\nusing the following commands:<\/p>\n
killall -KILL httpd\r\nservice httpd restart\r\n\r\n<\/pre>\n
Hope, this article helps your need. Please share your valuable comments to improve us.<\/p>\n
To find, How to Find and Kill All Zombie Processes in Linux : Click here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
...<\/p>\n","protected":false},"author":1,"featured_media":923,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12,14],"tags":[110,111,167],"class_list":["post-857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-security","tag-avoid-ddos","tag-finding-ddos","tag-finding-ddos-with-netstat"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/06\/netstat.jpg?fit=678%2C340&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9NOHH-dP","jetpack-related-posts":[{"id":2070,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/protect-cpanel-server-from-ddos-attacks\/","url_meta":{"origin":857,"position":0},"title":"How Firewalls Protect Your cPanel Server from DDoS Attacks","author":"Cavin","date":"October 24, 2024","format":false,"excerpt":"DDoS Attack - Distributed Denial of Service (DDoS) attacks are one of the most common and disruptive forms of cyberattacks that can target any server connected to the internet. They involve overwhelming a server with an enormous amount of traffic, effectively making it unavailable to legitimate users. In a cPanel\u2026","rel":"","context":"In "VPS"","block_context":{"text":"VPS","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/vps\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2024\/10\/firewalls-protect-your-cpanel-server-hero.jpg?fit=991%2C515&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":675,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/installing-xampp-on-centos7\/","url_meta":{"origin":857,"position":1},"title":"Installing XAMPP on CentOS7","author":"Cavin","date":"January 17, 2018","format":false,"excerpt":"How to install XAMPP on CentOS7 Installing XAMPP on CentOS7, In this tutorial we will learn how to install and configuration of XAMPP on your CentOS 7.3 server. XAMPP, is an open source software that provides users with an out-of-the-box server experience. It is a complex, yet very easy-to-use AMPP\u2026","rel":"","context":"In "LINUX"","block_context":{"text":"LINUX","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/01\/XAMPP.jpg?fit=640%2C260&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/01\/XAMPP.jpg?fit=640%2C260&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/01\/XAMPP.jpg?fit=640%2C260&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":964,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/installing-netdata\/","url_meta":{"origin":857,"position":2},"title":"Installing Netdata – A Real Time Performance Monitoring Tool","author":"Cavin","date":"July 13, 2018","format":false,"excerpt":"How to install Netdata in CentOS 7 Installing Netdata : Netdata is a free open soure software which collects a real-time performance data from Linux systems, Application, SNMP devices and visualize it in the web-based interface. Netdata also provides the visualization of past data\u2019s. In simple word, it provides a\u2026","rel":"","context":"In "MONITORING TOOLS"","block_context":{"text":"MONITORING TOOLS","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/monitoring-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/netdata-2.jpg?fit=640%2C240&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/netdata-2.jpg?fit=640%2C240&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/netdata-2.jpg?fit=640%2C240&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":180,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/10-easy-steps-to-setup-bind-dns\/","url_meta":{"origin":857,"position":3},"title":"10 Easy Steps to setup BIND DNS Server on CentOS 6","author":"Cavin","date":"June 30, 2017","format":false,"excerpt":"10 Easy Steps to setup BIND DNS Server on CentOS 6 BIND (Berkely Internet Name Domain) is a popular software for translating domain names into IP addresses and usually found on Linux servers. This article will explain the basic concepts of DNS BIND and analyse the associated files required to\u2026","rel":"","context":"In "HOWTO'S"","block_context":{"text":"HOWTO'S","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/howtos\/"},"img":{"alt_text":"10 Easy Steps to setup BIND DNS","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2017\/06\/yum-install.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2017\/06\/yum-install.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2017\/06\/yum-install.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":1505,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/how-to-install-postgresql\/","url_meta":{"origin":857,"position":4},"title":"How To Install PostgreSQL 11 \/ 10 on CentOS 7","author":"Cavin","date":"April 15, 2019","format":false,"excerpt":"How To Install PostgreSQL 11 \/ 10 on CentOS 7 PostgreSQL is an object-relational database management system (ORDBMS) available for many platforms including Linux, FreeBSD, Solaris, Microsoft Windows, and Mac OS X. It is an open source DBMS system with an emphasis on extensibility and standards compliance.It can handle workloads\u2026","rel":"","context":"In "DATABASE"","block_context":{"text":"DATABASE","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/database\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2019\/04\/pgsql.jpg?fit=640%2C260&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2019\/04\/pgsql.jpg?fit=640%2C260&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2019\/04\/pgsql.jpg?fit=640%2C260&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":973,"url":"https:\/\/www.webhostingchennai.co.in\/blog\/tools-to-monitor-linux-performance\/","url_meta":{"origin":857,"position":5},"title":"Command Line Tools to Monitor Linux Performance","author":"Cavin","date":"July 26, 2018","format":false,"excerpt":"Command Line Tools to Monitor Linux Performance Here, we are going to see some of the\u00a0Command Line Tools to Monitor Linux Performance 1. Top \u2013 Linux Process Monitoring Linux Top command is a performance monitoring program which is used frequently by many system administrators to monitor Linux performance and it\u2026","rel":"","context":"In "MONITORING TOOLS"","block_context":{"text":"MONITORING TOOLS","link":"https:\/\/www.webhostingchennai.co.in\/blog\/category\/monitoring-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/command-line-monitor.jpg?fit=600%2C240&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/command-line-monitor.jpg?fit=600%2C240&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.webhostingchennai.co.in\/blog\/wp-content\/uploads\/2018\/07\/command-line-monitor.jpg?fit=600%2C240&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts\/857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/comments?post=857"}],"version-history":[{"count":5,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts\/857\/revisions"}],"predecessor-version":[{"id":1160,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/posts\/857\/revisions\/1160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/media\/923"}],"wp:attachment":[{"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/media?parent=857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/categories?post=857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webhostingchennai.co.in\/blog\/wp-json\/wp\/v2\/tags?post=857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}