Netstat :: How To List IP Addresses?

May 19, 2009

My site is under attack, when i run this command
[php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php
it show

1 116.xxx

1 118.xxx

1 203.xx

1 222.xxx

1 Address

1 servers)

3 115.xxx

3 123.xxx

4 58.xxx

10 127.0.0.1

694

What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?

View 5 Replies


ADVERTISEMENT

Listing/banning Ipv6 Addresses From Netstat Output

Jan 19, 2008

I've been happily banning ip's using the output from

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:

tcp6 0 0 ::ffff:12.123.123.123:80 ::ffff:12.123.12.:12382 ESTABLISHED-

(actual ip addresses changed)

As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.

View 0 Replies View Related

How Do I See A List Of Blocked IP Addresses

Feb 15, 2008

to know whatever command to use to see which ip's are blocked from my server.

View 10 Replies View Related

List Of IP Addresses That Is Block By APF And Anti Ddos?

Jan 29, 2008

how can i know the list of IP that is block by APF and anti-dos?

View 2 Replies View Related

Netstat -an Or -tln

Aug 9, 2008

netstat -tln shows my port 80 is listening.

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

but netstat -an shows nothing about port 80

actually my web can not be accessed. it shows "Cannot find server or DNS Error " under Internet Explorer.

View 4 Replies View Related

Netstat, Csf

Jun 11, 2007

I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.

Recently csf blocked an IP address for flooding.

My server ip address is something like 192.168.1.201.

The ip that csf blocked was 192.168.1.20.

That IP belongs to an other server that is not ours.

netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.

My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).

iptraf also was showing the server was connecting to itself on the lo interface.

My questions are:
csf is based on netstat for tracking connections?
has anyone had ths type of problem before?
If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?

View 0 Replies View Related

Netstat & APF Cron Job

Oct 28, 2008

Netstat & APF cron job ...

View 7 Replies View Related

SSH Command :: Netstat -alpn?

Dec 25, 2008

what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply

netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c

View 10 Replies View Related

-bash: Netstat: Command Not Found

Apr 2, 2008

i got a new sever and was looking at few thing.

just ran netstat and saw this -bash: netstat: command not found

how can i correct it?

View 7 Replies View Related

Netstat Results Show 3 Ips In Same Location With Several Connections

Mar 13, 2008

I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.

This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total

I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number:
86.104.230.29:59009
86.104.117.45:18065
89.37.137.157:41593

As far as I can tell they are from Romania, and there are several connections.

I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.

netstat:

Code:
tcp 0 0 mydomain.com:http 86.104.117.98:34060 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.82:59022 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.219:52276 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.163:25383 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.154:20794 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.235:39094 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.127:61711 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.127:5748 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.37:63424 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.228:54121 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.226:39605 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.91:6446 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.10:54841 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.100:22842 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.118:32674 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.80:16559 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.64:47817 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.136:21718 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.246:37288 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.28:62119 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.190:4468 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.8:25247 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.100:35503 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.199:20896 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.237:saft SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.199:47952 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.118:60561 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.181:10844 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.125:50584 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.253:17855 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.10:25740 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.109:29528 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.62:47349 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.55:4614 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.226:22001 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.163:11790 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.44:8911 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.46:telnets SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.190:27377 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.181:34031 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.19:41722 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.100:57151 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.145:61402 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.53:52461 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.26:42463 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.217:35530 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.35:63414 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.154:56638 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.26:43972 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.172:6922 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.17:3683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.210:2397 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.46:18754 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.244:4032 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.235:8602 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.82:39495 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.19:28848 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.163:47624 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.8:2683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.55:43300 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.37:1664 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.118:36892 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.17:7317 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.109:56229 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.217:45257 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.73:15278 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.64:14076 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.116:14567 SYN_RECV

View 3 Replies View Related

Netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

Feb 1, 2007

What does this string do? I copy and paste it into my SSH Shell and i get ip addresses and numbers next to them.

Each number means one connection?

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

View 1 Replies View Related

Meaning Of "netstat"

Dec 17, 2007

Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):

Code:
[root@]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is:

Quote:

tcp 0 0 mydomain.com:http [somehostname].amenworld.com:40867 TIME_WAIT

I can't seem to make any sense of it, what are they doing and why are they always "connected' to my server?

I could just be over reacting on some of this stuff but just curious about what this all means.

View 2 Replies View Related

VPS For Mailing List

Sep 25, 2008

one of my client have an in-house subscriber list with 30000 email build with their offline promotional campaign. They need to send 4 to 5 email in a month and the list might expand to 60000 in a year.

they are using a mailing program to schedule the mailing at 250 email per hour as according to the limit of their ISP and they are looking for a better solution.

i want to suggest them taking a VPS but i'm new to VPS so i'm here to looking for suggestion that i can recommend to my client.

View 6 Replies View Related

On-Net Building List

May 18, 2009

Does anyone know why companies like Level3/Yipes/Abovenet/Global Crossing don't make their on-net building list available readily? Cogent/Zayo/etc have it listed right on their website....Zayo even gives you this downloadable KMZ file for Google Earth.

I'm working with a few clients who run their own data center/web hosting facilities and are looking at new spaces in various Class A office buildings. Obviously, I can go around and call all the providers, but it becomes a voicemail game.

View 14 Replies View Related

List Of Available VPS Platforms?

Jul 8, 2008

Anyone got a list of available VPS platforms, perhaps with feedback? I run Plesk so I was going to run with Virtuozzo but I see Parallels don't want to give us pricing and I don't have time for that kind of rubbish. What alternatives are there?

View 2 Replies View Related

New VPS And Mailing List

May 28, 2008

Just got a new WiredTree VPS up and running. Service has been great so far. Make that super!

VPS newbie question: I would like to set a limit on emails for all domains but mine to some number per hour, but I would like mine to be unlimited. I'm not going to be sending a lot, but, when necessary, they will need to go fast. So far, the only way I have figured out how to keep unlimited for me is to not set a throttle at all and allow Mailman only on admin domains. If any user has to have lists, then I can authorize it then and maybe keep tabs on it.(There's probably a lot better way to say that, but I'm tired :-)

View 0 Replies View Related

List Of Some Of The Top VPS Providers?

Apr 19, 2008

Can anyone give me a list of some of the top VPS providers?

View 13 Replies View Related

A List Of Xen VPS Providers

Apr 28, 2008

I'm currently trying to gather a list of Xen VPS Prviders, maybe you can help me out making it a little bit longer?

Listed here in no particular order:

provps
gate2vn
xeneurope
gplhost
serveraxis
myvpshost
crucial paradgim
clustered

I know there are a lot more to it. But could you help me out making it longer?

View 14 Replies View Related

List Too Long

Jul 17, 2007

root@server [~]# replace ns3.host.com ns1.host.com -- /var/named/*
-bash: /usr/bin/replace: Argument list too long

How can I work past this?

Using Centos 4.5 / cpanel

View 4 Replies View Related

Mailing List

Aug 23, 2007

I have a client who is interested in settin up a paying mailing list for a website I built for him.

I figured since he doesn't want to spend $3000 for a full CMS, I would just do things manually.

A customer would pay through Paypal. He would then check PayPal for any new subscribers dailys, add them if new, and then send out his newsletter daily to the people who have paid.

In the mailing list software, there would be a box for how many days this person would be allowed to be sent an e-mail and then once his subscription was up, an e-mail would be sent out (the last part is optional).

Does anyone have any insight of a program/script that would work in this manner? Or maybe a decently cheap script that they know of? This site is a non-profit, donation site.

View 4 Replies View Related

Can Any One Give Me A List Of Non Over Reseller?

Mar 10, 2008

I can see that almost all the web hosting companies have been overselling. Can anyone give some suggestion.Tell me a couple of non overseller.

View 14 Replies View Related

Possible Trojan List By WHM - Do I Need To Worry?

Nov 8, 2007

I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here:

Scan for Trojan Horses

Appears Clean

/dev/stderr

Scanning for Trojan Horses.....

Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/xmlcatalog
Possible Trojan - /usr/bin/xmllint
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /usr/lib/libxml2.la
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/bin/Wand-config
Possible Trojan - /usr/bin/animate
Possible Trojan - /usr/bin/compare
Possible Trojan - /usr/bin/composite
Possible Trojan - /usr/bin/conjure
Possible Trojan - /usr/bin/convert
Possible Trojan - /usr/bin/display
Possible Trojan - /usr/bin/identify
Possible Trojan - /usr/bin/import
Possible Trojan - /usr/bin/mogrify
Possible Trojan - /usr/bin/montage
Possible Trojan - /usr/bin/curl-config
Possible Trojan - /usr/bin/curl
Possible Trojan - /usr/lib/libcurl.so.3.0.0
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so
Possible Trojan - /usr/sbin/pureauth
25 POSSIBLE Trojans Detected

Is there anything that looks fishy here?

View 3 Replies View Related

Why Don't Providers List RAM Speed

Mar 28, 2009

I'm curious as to why more dedicated server providers don't list RAM
speed in their server specs. To me, server performance is very important,
and the speed of the ram can certainly affect that.

It also might not be obvious to many people how to determine the speed
of the ram in your system. You can use the program lshw...

PHP Code:

#lshw
...
 *-bank:1
             description: DIMM 1333 MHz (0.8 ns)
             vendor: Manufacturer01 
             physical id: 1
             serial: 00000000
             slot: DIMM1
             size: 2GiB
             width: 64 bits
             clock: 1333MHz (0.8ns)
... 

View 14 Replies View Related

Clients IP Keep Getting Black List

Jun 17, 2009

I have 20 clients who are on different networks and countries but all of the sudden their IP's are keep getting black list in spamhause, CBL, dsbl etc and they can not send email i am so very tired of this,

View 7 Replies View Related

Server IP On Spam List

Jan 1, 2009

I recieved a new block of ips from my server folks and this block is worse than before, the main ip is on more than 10 spam lists.

How do I resolve this? Is there a way a server company can select a clean block of ips?

can I set the email program to use a separate ip or something intead of changing ips of server?

View 3 Replies View Related

Short List Of Hosts

Sep 7, 2008

I have a short list of hosts I'm considering for either my main or backup host. I am currently with A Small Orange in Atlanta who seems to be fairly stable.

Here's the list:

iHubNet.com
MidPulse.com
SharkSpace.com
AspirationHosting.com

I like that iHubNet has their own servers. The comments that folks like Matt A make on this board to be helpful have caught my attention.

My web site has a domain and two parked domains. About 50 subdomanins and is typically 300 to 450MB in size. It uses about that much in bandwidth a month, mostly from clients downloading audio mp3's of voiceover work. The site staying online is important.

I just don't seem to read much on this board about some of these hosts and was wondering if anyone had any experience with them?

View 14 Replies View Related

Qmail User List

Jul 24, 2008

How can i sort user who are using 100MB above space in qmail.

View 0 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved