Is this a Syn flood attack?
[root@canada ~]# netstat -an | egrep ":80|:443" | egrep '^tcp' | grep -v LISTEN | awk '{print $5}' | egrep '([0-9]{1,3}\.){3}[0-9]{1,3}' | sed 's/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/' | sort | uniq -c | sort -nr | sed 's/::ffff://' | head -20
122 37.120.xxx.xxx
111 185.104.xxx.xx
95 37.120.xxx.xxx
8 46.105.xxx.xxx
7 75.154.xxx.xxx
7 69.51.xxx.xxx
6 173.176.xxx.xxx
2 66.130.xxx.xxx
2 208.77.xxx.xxx
I want to know if there is a syn flood attack? my websites do not work because of them.
Do you have a way to prevent them from reproducing so many connections?
Please sign in to leave a comment.
Comments
0 comments