How to know that your server was under DDOS attack

if you are a server administrator, may be that you know about DDOS attack n damage that uttack for network traffik for web server.
we can see if there are that uttack on our server.

if you use a linux administrator Go to your shell or terminal interface, login as a root an type this
"netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n"

this example:
root@www:/home/www# netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
1 184.73.194.227
1 63.235.28.194
1 69.171.228.12
1 74.125.71.104
2 74.125.71.139
1000 182.7.1.217
root@www:/home/www#

So, how to read from that result?
from that resault there are six IP address connected or access our server, there are :
184.73.194.227
63.235.28.194
69.171.228.12
74.125.71.104
74.125.71.139
182.7.1.217
And front of each number there is a number that show us how many traffic, the greater number it mean that there are more trafic and it can from DDOS atttack
from that result, connection from number six with 1000 traffic it can from DDOS attack

be carefully from that, cos can make slow your server connection...

You can leave a response, or trackback from your own site.

1 Response to "How to know that your server was under DDOS attack"

  1. sbobet says:

    sbo
    sbobet

Post a Comment

Powered by NGELIH