Friday, October 30, 2009

DOS

SkyHi @ Friday, October 30, 2009
Attacker's ip:

[home@]# netstat -ntu |awk '{print $5}'| cut -d: -f1 | sort | uniq -c |sort -nr

or better
-bash-3.00$ netstat -ntu |awk '{print $5}'| cut -d: -f1 | uniq -c |sort -nr


20 192.168.0..46
7 192.168.0..16
6 64.180.101.157
5 74.37.178.89
4 24.85.255.237
4 192.168.0..236
2 96.54.64.154
2 64.59.144.87
2 64.180.39.28
2 192.168.0..18
1 servers)
1 Address
1 96.49.98.91
1 79.21.99.6
1 70.79.180.109
1 67.218.116.130
1 67.195.112.44
1 67.195.111.152
1 67.174.99.48
1 24.78.246.41
1 216.104.15.130
1 205.189.8.130
1 192.168.0..235
1 174.6.25.230
1 173.66.78.212

OR
Ex. ::ffff:67.195.37.154:59987
netstat -ntu | awk '{print $5}'| cut -d: -f4 | sort | uniq -c |sort -nr

Victim's ip:

[home@]# netstat -ntu |awk '{print $4}'| cut -d: -f1 | sort | uniq -c |sort -nr
20 192.168.0..46
7 192.168.0..16
6 64.180.101.157
5 74.37.178.89
4 24.85.255.237
4 192.168.0..236
2 96.54.64.154
2 64.59.144.87
2 64.180.39.28
2 192.168.0..18
1 servers)
1 Address
1 96.49.98.91
1 79.21.99.6
1 70.79.180.109
1 67.218.116.130
1 67.195.112.44
1 67.195.111.152
1 67.174.99.48
1 24.78.246.41
1 216.104.15.130
1 205.189.8.130
1 192.168.0..235
1 174.6.25.230
1 173.66.78.212