These were found in a google cached page:
URL:Â http://www.cyberls.com/forum/index.php?t=tree&th=52&
List of connected ips to port 80 : netstat -apn|grep :80|awk ‘{print $5}’ | awk -F\: ‘{print $1} ‘> /tmp/iplist
List of connected ips in a sort way so that you can find no of conn from each : netstat -apn|grep :80|awk ‘{print $5}’ |sort
List of establish connections to port 80 netstat -apn|grep :80 |grep EST |awk ‘{print $5}’ |sort >s.txt
List of TIME_WAIT connections to port 80 and their count:
netstat -pan | sort +4 | grep TIME_WAIT | awk ‘{print $5}’ | sed -e s/’:.*’/”/g | sort | uniq -c | sort -k 1 -nr | head -n 20
netstat -apn | grep TIME_WAIT |awk ‘{print $5}’|awk -F\: ‘{print $1}’|sort| uniq -c | sort -k 1 -nr|head -n 20
List of TIME_WAIT connections to port 80 with more than 15 connections:
netstat -pan | sort +4 | grep TIME_WAIT | awk ‘{print $5}’ | sed -e s/’:.*’/”/g | sort | uniq -c | sort -k 1 -nr | head -n 20 |awk ‘{ if ($1 > 15) print $2 }’
and with a facility to block them
netstat -pan | sort +4 | grep TIME_WAIT | awk ‘{print $5}’ | sed -e s/’:.*’/”/g | sort | uniq -c | sort -k 1 -nr | head -n 20 |awk ‘{ if ($1 > 15) print $2 }’> s.txt; for i in `cat s.txt `;do /sbin/iptables -I INPUT -s $i -p tcp –dport 80:80 -j DROP ; done