May 23 2007
Linux quick recipes
I sometimes need quick reminders for commands that I type on the Linux console. Some weeks go by where I don’t have to run any of these commands so it is always good to have them listed here in case I need a refresher.
1.-Problem: You are getting too many remote tcp connections and you want to know
what IP address might causing a DOS attack:
you can cut and paste this string.
netstat -anp | grep "tcp\|udp" | awk '{ print $5 }' | cut -d: -f1 | sort | uniq -c | sort -n
now you can firewall those ip addresses using
this little script.
create a little script
pico -w /sbin/block.sh
then paste this .
#!/bin/sh
### Block ip addresses ####
/sbin/iptables -I INPUT -s $1 -j DROP
then save the file and chmod 700 /sbin/block.sh
After you save the file you can just type
/sbin/block.sh Type_IP_Address_here
example
/sbin/block.sh 61.61.233.134
now if you run iptables –list
[root@penguincares root]# iptables –list
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all — 61-61-233-134.cm.ubbn.net anywhere
acct_int all — anywhere anywhere
acct_ext all — anywhere anywhere
As you can see I have blocked the above ip using that little script.