To display how many http connections are open at the moment, enter:

netstat | grep http | wc -l


netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

You can perform simple

netstat -no

command and take a look how many SYN_RECV and TIME_WAIT active connection active to your server.

View SYN:

netstat -no | grep SYN


you can set the connection limits for IP with IPTables. Current setting will limit incoming connections for port 80 up to 3 per 1 ip

iptables  -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 3 -j DROP

Make sure NEW incoming tcp connections are SYN packets; otherwise we need to drop them:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Force Fragments packets check

iptables -A INPUT -f -j DROP

drop incoming malformed XMAS packets:

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Drop NULLED packets:

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP


Add the limitations to /etc/sysctl.conf

net.ipv4.tcp_max_syn_backlog = 4096     
net.ipv4.tcp_synack_retries = 2                

You can also use CSF firewall. Just set next parameter:




To test your server for vulnerability, you can use Backbox Linux, it has a various testing tools preinstalled.
For example, to test your domain for resistance to DDoS attacks you can use slowhttptest which is in Backbox installation. Example command:

slowhttptest -c 1000 -B -g -o output-file-name -i 100 -r 300 -s 10240 -u http://www.example.com/url/page.html -x 20

Now here are detailed options:

-a start start value of ranges-specifier for range header test
-b bytes limit of range-specifier for range header test
-c number of connections limited to 1024
-H, B, or R specify to slow down in headers section or in message body.
           -R enables range test
-g generate statistics in CSV and HTML formats, pattern is slow_xxx.csv/html,
  where xxx is the time and date
-i seconds interval between follow up data in seconds, per connection
-l seconds test duration in seconds
-o file custom output file path and/or name, effective if -g is specified
-r connections per second connection rate
-s bytes value of Content-Length header, if -B specified
-t verb custom verb to use
-u URL target URL, the same format you type in browser, e.g https://host:port/
-v level verbosity level of log 0-4
-x bytes max length of follow up data

You can also make tests with next nmap and hping2:

 nmap -v -f FIREWALL-IP
 nmap -v -sX FIREWALL-IP
 nmap -v -sN FIREWALL-IP
 hping2 -X FIREWALL-IP

Was this answer helpful?

 Print this Article

Also Read

How to check connectivity/network speed of your VPS

If you concerned about network speed of your vps you can test it by downloading some test...


FreePBX is an open source GUI (graphical user interface) that controls and manages Asterisk (PBX)...

LXDE + xrdp

How to install Lightweight X11 Desktop Environment (LXDE) on Ubuntu. apt-get update...

FFmpeg on Centos 6

Install repo and ffmpeg # rpm -ihv...

Adding a new disk drive to Centos 6

Installing a new HDD The disk drives in Centos is named hd* or sd*. In system with only one...