Question: How do I detect a DDOS (Distributed denial of service) / DOS attack on a Windows Server 2003 / 2000 / 2008? Can I use Linux netstat command syntax to detect DDoS attacks? Answer:A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. [...]

A quick and usefull command for checking if a server is under ddos is: netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n That will list the IPs taking the most amount of connections to a server. It is important to remember that the [...]

It is good to learn all the ip addresses which holds N+ tcp connection to your server. For example, if we want to list ip addresses and connection counts of hosts which has 25+ connection right now: netstat -n –tcp –udp –numeric-hosts | \ grep -v 127.0.0.1 | \ awk ‘{if (/(tcp|udp)/) { print $5 [...]

how to install a mail server based on sendmail that is capable of SMTP-AUTH and TLS. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems. I tested it on Debian Woody so far. This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They [...]

netstat -an |grep 80 netstat -plan|grep :80|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1 netstat -plan|grep :25|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1 watch -n 5 ‘w; ls -alS /usr/local/apache/domlogs/ ‘ Incoming search terms:centos ddos (3)ddos centos (2)apache detect ddos (1)locate ddos file in linux (1)linux find * -name (1)how to detect [...]