Linux See if the CC attack command is introduced

View the number of connections for all 80 ports

Netstat-nat|grep-i "|wc-l"

To sort the connected IP by number of connections

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n

View TCP connection Status

Netstat-nat |awk ' {print $} ' |sort|uniq-c|sort-rn
Netstat-n | awk '/^tcp/{++s[$NF]}; End {for (a in S) print A, s[a]} '
Netstat-n | awk '/^tcp/{++state[$NF]}; End {for (key) print key, "\ T", State[key]} '
Netstat-n | awk '/^tcp/{++arr[$NF]}; End {to (k in arr) print K, "\ T", arr[k]} '
Netstat-n |awk '/^tcp/{print $NF} ' |sort|uniq-c|sort-rn
Netstat-ant | awk ' {print $NF} ' | Grep-v ' [A-z] ' | Sort | Uniq-c

View the 20 IP with the highest number of 80 port connections

Netstat-anlp|grep 80|grep Tcp|awk ' {print $} ' |awk-f: ' {print $} ' |sort|uniq-c|sort-nr|head-n20
Netstat-ant |awk '/:80/{split ($5,ip, ":"); ++a[ip[1]]}end{for (i in A) print A,i} ' |sort-rn|head-n20

Use tcpdump to sniff 80-port access to see who is the tallest

Tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "." ' {print $. ' $ "." $ "." $} ' | Sort | uniq-c | Sort-nr |head-20

Find more time_wait connections

Netstat-n|grep Time_wait|awk ' {print $} ' |sort|uniq-c|sort-rn|head-n20

Find more SYN connections

Netstat-an | grep SYN | awk ' {print $} ' | Awk-f: ' {print $} ' | Sort | uniq-c | Sort-nr | More

The command for a single IP is:

Iptables-i input-s 211.1.0.0-j DROP
The command for the IP segment is:

Iptables-i input-s 211.1.0.0/16-j DROP
Iptables-i input-s 211.2.0.0/16-j DROP
Iptables-i input-s 211.3.0.0/16-j DROP
The order for the entire paragraph is:

Iptables-i input-s 211.0.0.0/8-j DROP
The orders for a few paragraphs are:

Iptables-i input-s 61.37.80.0/24-j DROP
Iptables-i input-s 61.37.81.0/24-j DROP
There are three ways to start running from the server:

1, add it to the/etc/rc.local.
2, Iptables-save >/etc/sysconfig/iptables can put your current iptables rules into/etc/sysconfig/iptables, system start iptables automatically hold
Yes.
3, service Iptables save can also put your current iptables rules in/etc/sysconfig/iptables, the system starts iptables automatic execution.
The latter two better this, the general Iptables service will be in the Network service before the start, more secure.
Words to be solved:

iptables-d input-s IP Address-j REJECT
Iptables-f all cleared up.