DoS Attack Detection In Linux

You can simply use netstat command to print out a list of all open connection to your Linux box. The list will be sorted out using sort command including total number of connections from a specific IP address.

Login as the root user and type the following command,

# netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n