KozmoK
Active member
I often have to track down people by IP, and I would like to search by IP address.
For Example: I have a script on cron that calculates how many SYN_RECV my server is getting, if over a certain threashold - it sends me an email so I can find out why they are trying to DDOS me, or if they are having connection issues. I'd like to know what user that is easily.
P.S. I didnt make the cron script picked it up years ago from somewhere.
syn_count=36
netstat -ntp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 **.167.147.104:22 68.233.249.182:41360 SYN_RECV -
tcp 0 0 **.167.147.219:22 68.233.249.182:56191 SYN_RECV -
tcp 0 0 **.167.147.104:22 68.233.249.182:38350 SYN_RECV -
tcp 0 0 **.167.147.121:22 68.233.249.182:48540 SYN_RECV -
tcp 0 0 **.167.147.219:22 68.233.249.182:54686 SYN_RECV -
....
..
.
if anyone wants this cron script let me know.
For Example: I have a script on cron that calculates how many SYN_RECV my server is getting, if over a certain threashold - it sends me an email so I can find out why they are trying to DDOS me, or if they are having connection issues. I'd like to know what user that is easily.
P.S. I didnt make the cron script picked it up years ago from somewhere.
syn_count=36
netstat -ntp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 **.167.147.104:22 68.233.249.182:41360 SYN_RECV -
tcp 0 0 **.167.147.219:22 68.233.249.182:56191 SYN_RECV -
tcp 0 0 **.167.147.104:22 68.233.249.182:38350 SYN_RECV -
tcp 0 0 **.167.147.121:22 68.233.249.182:48540 SYN_RECV -
tcp 0 0 **.167.147.219:22 68.233.249.182:54686 SYN_RECV -
....
..
.
if anyone wants this cron script let me know.
Upvote
3