You can use this command to see the number of connections per IP. It's a bit easier on the eye that the raw output of netstat.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
If you suspect any IPs there with too many connections you can obviously add the IP to the deny list in your firewall
APF: apf -d xx.xx.xx.xx
CSF: csf -d xx.xx.xx.xx
OR if you dont use APF or CSF, just add it straight into iptables
iptables -I INPUT 1 -s -j DROP xx.xx.xx.xx
- 43 Users Found This Useful