Linux debian 2.6.18-6-686-bigmem #1 SMP Fri Dec 12 17:49:59 UTC 2008 i686 GNU/Linux
I typed:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
To calculate and count the number of connections each IP address makes to the server and I managed to set iptables to drop packets from IP i've found to have over 400 connections. However right now I get this (using the above command; pasting only those with high values):
467
1357 127.0.0.1
As you can see there are 467 from unknown(?) ip and 1357 from localhost, which I both completely don't understand. Other thing is, I'm sure the other IP I blocked with iptables is still sending me packets, but that I can't block (just to drop them, as I did). So what to do now? That's how it looks right now (after setting up iptables for the abusive IP):
Traffic average for eth0
rx 1210.70 kB/s 19216 packets/s
tx 14.63 kB/s 126 packets/s
|