Hello, first off my server has been either offline or dead slow for the last 12h. the error showing was: (my server is running CentOS 5) tabell full - dropping the packet Code (markup): then I found out that its a DDoS attack due to the output of these commands: netstat -n | grep :80 |wc -l 19784 netstat -n | grep :80 | grep SYN |wc -l 201 Code (markup): output varies.. for the first command the output was "21220" before restart of server. and then this output: netstat -plan |grep :80 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX //list of IP's which all are 1 also. 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 1 XXX.XXX.XXX.XXX 2 XXX.XXX.XXX.XXX 3 XXX.XXX.XXX.XXX 19847 Code (markup): my question is why is the bottom number having no IP addresses? because i think its the one showing the DDoS attack and I wish to block it in order to get my server back online. thank you
I've seen the output leave out some numbers like that if the screen width was not sufficient to display all of the data. This happens to me when the DNS name is too long to display everything else. Also, you can use IFtop