If you suspect a Dos attack in Linux, you can enter netstat-angrep-I "server IP address: 80 "awk'' {print} 'sortuniq-csort-nnetstat-angrepSYNwc-l this command will automatically count the number of Tcp connections in various states, if SYN_RECV is very high
If you suspect a Dos attack in Linux, you can enter
Netstat-an grep-I "server IP Address: 80" awk ''{print} 'sort uniq-c sort-n
Netstat-an grep "SYN" wc-l
This command will automatically count the number of Tcp connections in various states. if SYN_RECV is high, the possibility of tcp-based ddos attacks cannot be ruled out. in this case, you can enable tcp_syncookies and enter the following command
Echo 1>/proc/sys/net/ipv4/tcp_syncookies
If no/proc/sys/net/ipv4/tcp_syncookies are available, your kernel is not supported and you need to recompile the kernel.
At the same time, the number of syn retries is reduced.
Echo 1>/proc/sys/net/ipv4/tcp_syn_retries
Echo 1>/proc/sys/net/ipv4/tcp_synack_retries
Increase syn_backlog to ensure user access (memory consumption, too high ..)
Echo "2048">/proc/sys/net/ipv4/tcp_max_syn_backlog
If it still does not work, it can only be handed over to the corresponding hardware firewall.