Find the answer to your Linux question:
Results 1 to 4 of 4
Hello, My server is using too many httpd process..I think iam under DDOs attack..I executed the following command.. Code: netstat -an | grep :80 | sort and the result is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    2

    DDOS attack help me


    Hello,

    My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..

    Code:
    netstat -an | grep :80 | sort
    and the result is this

    Code:
    tcp        0   1491 ::ffff:95.211.10.169:80     ::ffff:213.215.100.110:2263 LAST_ACK    
    tcp        0   1493 ::ffff:95.211.10.169:80     ::ffff:85.207.126.231:52694 LAST_ACK    
    tcp        0   1533 ::ffff:95.211.10.169:80     ::ffff:207.54.100.81:1907   LAST_ACK    
    tcp        0   1555 ::ffff:95.211.10.169:80     ::ffff:94.216.199.59:49666  LAST_ACK    
    tcp        0   1556 ::ffff:95.211.10.169:80     ::ffff:79.199.224.51:1250   LAST_ACK    
    tcp        0   1558 ::ffff:95.211.10.169:80     ::ffff:207.219.125.9:4445   LAST_ACK    
    tcp        0   1569 ::ffff:95.211.10.169:80     ::ffff:122.161.153.56:2788  LAST_ACK    
    tcp        0   1579 ::ffff:95.211.10.169:80     ::ffff:62.31.54.30:50167    LAST_ACK    
    tcp        0   1584 ::ffff:95.211.10.169:80     ::ffff:79.101.147.239:54629 LAST_ACK    
    tcp        0   1604 ::ffff:95.211.10.169:80     ::ffff:89.132.65.227:4880   LAST_ACK    
    tcp        0   1617 ::ffff:95.211.10.169:80     ::ffff:82.25.181.8:4227     LAST_ACK    
    tcp        0   1628 ::ffff:95.211.10.169:80     ::ffff:77.46.252.70:2116    LAST_ACK    
    tcp        0   1723 ::ffff:95.211.10.169:80     ::ffff:88.178.111.6:3838    LAST_ACK    
    tcp        0   3252 ::ffff:95.211.10.169:80     ::ffff:76.120.33.115:4181   LAST_ACK    
    tcp      106      0 ::ffff:95.211.10.169:80     ::ffff:174.132.216.26:38244 ESTABLISHED 
    tcp      163      0 ::ffff:95.211.10.169:80     ::ffff:193.2.216.130:41690  CLOSE_WAIT  
    tcp      164      0 ::ffff:95.211.10.169:80     ::ffff:76.174.2.134:65249   CLOSE_WAIT  
    tcp      177      0 ::ffff:95.211.10.169:80     ::ffff:119.63.194.124:46871 CLOSE_WAIT  
    tcp      196      0 ::ffff:95.211.10.169:80     ::ffff:77.232.69.160:51396  CLOSE_WAIT  
    tcp      213      0 ::ffff:95.211.10.169:80     ::ffff:174.36.52.105:38332  CLOSE_WAIT  
    tcp      218      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:45186  CLOSE_WAIT  
    tcp      218      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:46711  CLOSE_WAIT  
    tcp      218      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:47529  CLOSE_WAIT  
    tcp      219      0 ::ffff:95.211.10.169:80     ::ffff:67.228.157.57:53628  CLOSE_WAIT  
    tcp      225      0 ::ffff:95.211.10.169:80     ::ffff:75.7.19.214:61179    CLOSE_WAIT  
    tcp      226      0 ::ffff:95.211.10.169:80     ::ffff:174.36.52.109:57823  CLOSE_WAIT  
    tcp      226      0 ::ffff:95.211.10.169:80     ::ffff:174.36.52.98:45852   CLOSE_WAIT  
    tcp      228      0 ::ffff:95.211.10.169:80     ::ffff:174.36.52.98:32786   CLOSE_WAIT  
    tcp      231      0 ::ffff:95.211.10.169:80     ::ffff:75.37.34.143:50308   CLOSE_WAIT  
    tcp      247      0 ::ffff:95.211.10.169:80     ::ffff:174.36.52.110:35686  CLOSE_WAIT  
    tcp      253      0 ::ffff:95.211.10.169:80     ::ffff:75.37.34.143:50198   CLOSE_WAIT  
    tcp      253      0 ::ffff:95.211.10.169:80     ::ffff:97.74.24.1:34023     CLOSE_WAIT  
    tcp      275      0 ::ffff:95.211.10.169:80     ::ffff:66.249.68.230:33723  CLOSE_WAIT  
    tcp      332      0 ::ffff:95.211.10.169:80     ::ffff:74.55.61.2:3147      CLOSE_WAIT  
    tcp      367      0 ::ffff:95.211.10.169:80     ::ffff:213.55.78.183:38888  ESTABLISHED 
    tcp      368      0 ::ffff:95.211.10.169:80     ::ffff:93.86.209.115:58909  CLOSE_WAIT  
    tcp      374      0 ::ffff:95.211.10.169:80     ::ffff:87.208.191.218:51908 ESTABLISHED 
    tcp      380      0 ::ffff:95.211.10.169:80     ::ffff:82.236.100.52:3241   ESTABLISHED 
    tcp      405      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:45525  CLOSE_WAIT  
    tcp      405      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:46994  CLOSE_WAIT  
    tcp      405      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:48590  CLOSE_WAIT  
    tcp      413      0 ::ffff:95.211.10.169:80     ::ffff:71.254.106.108:50578 ESTABLISHED 
    tcp      417      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:49632  CLOSE_WAIT  
    tcp      420      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:55229  CLOSE_WAIT  
    tcp      434      0 ::ffff:95.211.10.169:80     ::ffff:92.249.214.140:49432 ESTABLISHED 
    tcp      445      0 ::ffff:95.211.10.169:80     ::ffff:189.19.6.79:62627    CLOSE_WAIT  
    tcp      463      0 ::ffff:95.211.10.169:80     ::ffff:79.47.143.218:1558   ESTABLISHED 
    tcp      468      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:45015  CLOSE_WAIT  
    tcp      468      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:46515  CLOSE_WAIT  
    tcp      468      0 ::ffff:95.211.10.169:80     ::ffff:72.30.142.183:48100  CLOSE_WAIT  
    tcp      502      0 ::ffff:95.211.10.169:80     ::ffff:85.193.245.38:55076  ESTABLISHED 
    tcp      506      0 ::ffff:95.211.10.169:80     ::ffff:72.252.26.104:53420  ESTABLISHED 
    tcp      523      0 ::ffff:95.211.10.169:80     ::ffff:212.175.112.14:53611 CLOSE_WAIT  
    tcp      528      0 ::ffff:95.211.10.169:80     ::ffff:24.203.90.163:2290   ESTABLISHED 
    tcp      529      0 ::ffff:95.211.10.169:80     ::ffff:129.1.31.93:4646     CLOSE_WAIT  
    tcp      536      0 ::ffff:95.211.10.169:80     ::ffff:200.77.144.43:42023  ESTABLISHED 
    tcp      538      0 ::ffff:95.211.10.169:80     ::ffff:87.208.191.218:51909 ESTABLISHED 
    tcp      547      0 ::ffff:95.211.10.169:80     ::ffff:89.134.70.155:4610   CLOSE_WAIT  
    tcp      549      0 ::ffff:95.211.10.169:80     ::ffff:91.150.114.16:11949  ESTABLISHED 
    tcp      552      0 ::ffff:95.211.10.169:80     ::ffff:201.29.216.114:61179 CLOSE_WAIT  
    tcp      553      0 ::ffff:95.211.10.169:80     ::ffff:69.250.23.83:38959   CLOSE_WAIT  
    tcp      553      0 ::ffff:95.211.10.169:80     ::ffff:91.150.114.16:11948  ESTABLISHED 
    tcp      556      0 ::ffff:95.211.10.169:80     ::ffff:24.238.26.131:4387   CLOSE_WAIT  
    tcp      556      0 ::ffff:95.211.10.169:80     ::ffff:24.238.26.131:4388   CLOSE_WAIT  
    tcp      556      0 ::ffff:95.211.10.169:80     ::ffff:91.150.114.16:11946  ESTABLISHED 
    tcp      561      0 ::ffff:95.211.10.169:80     ::ffff:91.150.114.16:11945  ESTABLISHED 
    tcp      565      0 ::ffff:95.211.10.169:80     ::ffff:94.189.144.75:62532  CLOSE_WAIT  
    tcp      566      0 ::ffff:95.211.10.169:80     ::ffff:69.250.23.83:39887   CLOSE_WAIT  
    tcp      566      0 ::ffff:95.211.10.169:80     ::ffff:71.105.25.22:50343   CLOSE_WAIT  
    tcp      569      0 ::ffff:95.211.10.169:80     ::ffff:87.114.146.77:49670  CLOSE_WAIT  
    tcp      572      0 ::ffff:95.211.10.169:80     ::ffff:69.250.23.83:36593   CLOSE_WAIT  
    tcp      572      0 ::ffff:95.211.10.169:80     ::ffff:69.250.23.83:42953   CLOSE_WAIT  
    tcp      572      0 ::ffff:95.211.10.169:80     ::ffff:79.55.86.219:50245   CLOSE_WAIT  
    tcp      574      0 ::ffff:95.211.10.169:80     ::ffff:77.51.10.24:46057    CLOSE_WAIT  
    tcp      577      0 ::ffff:95.211.10.169:80     ::ffff:87.196.21.10:49359   CLOSE_WAIT  
    tcp      583      0 ::ffff:95.211.10.169:80     ::ffff:193.179.147.25:14006 CLOSE_WAIT  
    tcp      584      0 ::ffff:95.211.10.169:80     ::ffff:188.48.82.219:49322  CLOSE_WAIT  
    tcp      590      0 ::ffff:95.211.10.169:80     ::ffff:120.50.180.171:2153  CLOSE_WAIT  
    tcp      604      0 ::ffff:95.211.10.169:80     ::ffff:77.51.10.24:46055    CLOSE_WAIT  
    tcp      612      0 ::ffff:95.211.10.169:80     ::ffff:77.51.10.24:46056    CLOSE_WAIT  
    tcp      613      0 ::ffff:95.211.10.169:80     ::ffff:86.49.14.151:61271   ESTABLISHED 
    tcp      620      0 ::ffff:95.211.10.169:80     ::ffff:89.137.146.69:2894   CLOSE_WAIT  
    tcp      621      0 ::ffff:95.211.10.169:80     ::ffff:76.225.187.232:61191 ESTABLISHED 
    tcp      628      0 ::ffff:95.211.10.169:80     ::ffff:189.84.86.105:1599   CLOSE_WAIT  
    tcp      628      0 ::ffff:95.211.10.169:80     ::ffff:189.84.86.105:1601   CLOSE_WAIT  
    tcp      628      0 ::ffff:95.211.10.169:80     ::ffff:189.84.86.105:1603   CLOSE_WAIT  
    tcp      632      0 ::ffff:95.211.10.169:80     ::ffff:41.5.28.26:18778     CLOSE_WAIT  
    tcp      634      0 ::ffff:95.211.10.169:80     ::ffff:189.30.226.197:61086 CLOSE_WAIT  
    tcp      643      0 ::ffff:95.211.10.169:80     ::ffff:189.123.210.44:4998  CLOSE_WAIT  
    tcp      649      0 ::ffff:95.211.10.169:80     ::ffff:24.250.124.104:42269 CLOSE_WAIT  
    tcp      651      0 ::ffff:95.211.10.169:80     ::ffff:67.10.160.58:32969   CLOSE_WAIT  
    tcp      655      0 ::ffff:95.211.10.169:80     ::ffff:125.165.64.213:1462  CLOSE_WAIT  
    tcp      656      0 ::ffff:95.211.10.169:80     ::ffff:201.34.141.37:45240  ESTABLISHED 
    tcp      661      0 ::ffff:95.211.10.169:80     ::ffff:194.80.32.10:43557   CLOSE_WAIT  
    tcp      726      0 ::ffff:95.211.10.169:80     ::ffff:24.177.14.59:1390    CLOSE_WAIT  
    tcp      731      0 ::ffff:95.211.10.169:80     ::ffff:200.2.152.130:41983  CLOSE_WAIT  
    tcp      733      0 ::ffff:95.211.10.169:80     ::ffff:90.40.196.232:52809  ESTABLISHED 
    tcp      733      0 ::ffff:95.211.10.169:80     ::ffff:90.40.196.232:52816  ESTABLISHED 
    tcp      760      0 ::ffff:95.211.10.169:80     ::ffff:74.216.117.95:60982  CLOSE_WAIT  
    tcp      763      0 ::ffff:95.211.10.169:80     ::ffff:220.227.41.243:42352 ESTABLISHED 
    tcp      865      0 ::ffff:95.211.10.169:80     ::ffff:83.103.111.12:2905   ESTABLISHED 
    tcp      975      0 ::ffff:95.211.10.169:80     ::ffff:82.80.156.64:1263    CLOSE_WAIT
    Am i under DDos...Attack ..if so please tell me how to avoid this...

  2. #2
    Just Joined!
    Join Date
    Mar 2008
    Posts
    69
    Quote Originally Posted by dheeraj4uuu View Post
    Hello,

    My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..

    Am i under DDos...Attack ..if so please tell me how to avoid this...
    What makes you think your server is being attacked? You say your comp is having too many httpd processes? Can you explain that? Are you running too many occurences of apache?

    As far as your netstat, check out the man page for netstat, page 8.

    here is some info based on your report. This is just listing what is happening at the moment.

    What makes you think you are in a DDOS attack? Is your server crashing, not able to get to it? What is going on as far as a ddos attack?

    OUTPUT
    Active Internet connections (TCP, UDP, raw)
    Proto
    The protocol (tcp, udp, raw) used by the socket.

    Recv-Q
    The count of bytes not copied by the user program connected to this
    socket.

    Send-Q
    The count of bytes not acknowledged by the remote host.

    Local Address
    Address and port number of the local end of the socket. Unless the
    --numeric (-n) option is specified, the socket address is resolved to
    its canonical host name (FQDN), and the port number is translated into
    the corresponding service name.

    Foreign Address
    Address and port number of the remote end of the socket. Analogous to
    "Local Address."

    State
    The state of the socket. Since there are no states in raw mode and usu-
    ally no states used in UDP, this column may be left blank. Normally
    this can be one of several values:

    ESTABLISHED
    The socket has an established connection.

    CLOSED The socket is not being used.

    CLOSE_WAIT
    The remote end has shut down, waiting for the socket to close.

    LAST_ACK
    The remote end has shut down, and the socket is closed. Waiting
    for acknowledgement.

  3. #3
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,482
    Try this

    ps -A | grep httpd

    This will show how many httpd processes are running. An apache server can handle 256 of these - although it may be configured to handle less.
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    Conkybots: Interactive plugins for your Conkys!

  4. #4
    Linux Newbie
    Join Date
    Apr 2008
    Location
    India
    Posts
    170
    it might help you

    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    netstat -a -n|grep -E "^(tcp)"| cut -c 68-|sort|uniq -c|sort -n
    Regards
    David Anand
    -->Success is the list of failures ...!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •