A quick and usefull command for checking if a server is under ddos is: netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n That will list the IPs taking the most amount of connections to a server. It is important to remember that the [...]

It is good to learn all the ip addresses which holds N+ tcp connection to your server. For example, if we want to list ip addresses and connection counts of hosts which has 25+ connection right now: netstat -n –tcp –udp –numeric-hosts | \ grep -v 127.0.0.1 | \ awk ‘{if (/(tcp|udp)/) { print $5 [...]

how to install a mail server based on sendmail that is capable of SMTP-AUTH and TLS. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems. I tested it on Debian Woody so far. This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They [...]

netstat -an |grep 80 netstat -plan|grep :80|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1 netstat -plan|grep :25|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1 watch -n 5 ‘w; ls -alS /usr/local/apache/domlogs/ ‘ Incoming search terms:centos ddos (1)ddos scripts find linux (1)detect ddos centos (1)script detect ddos with apache (1)