To display how many http connections are open at the moment, enter:

netstat | grep http | wc -l


netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

You can perform simple

netstat -no

command and take a look how many SYN_RECV and TIME_WAIT active connection active to your server.

View SYN:

netstat -no | grep SYN


you can set the connection limits for IP with IPTables. Current setting will limit incoming connections for port 80 up to 3 per 1 ip

iptables  -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 3 -j DROP

Make sure NEW incoming tcp connections are SYN packets; otherwise we need to drop them:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Force Fragments packets check

iptables -A INPUT -f -j DROP

drop incoming malformed XMAS packets:

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Drop NULLED packets:

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP


Add the limitations to /etc/sysctl.conf

net.ipv4.tcp_max_syn_backlog = 4096     
net.ipv4.tcp_synack_retries = 2                

You can also use CSF firewall. Just set next parameter:




To test your server for vulnerability, you can use Backbox Linux, it has a various testing tools preinstalled.
For example, to test your domain for resistance to DDoS attacks you can use slowhttptest which is in Backbox installation. Example command:

slowhttptest -c 1000 -B -g -o output-file-name -i 100 -r 300 -s 10240 -u http://www.example.com/url/page.html -x 20

Now here are detailed options:

-a start start value of ranges-specifier for range header test
-b bytes limit of range-specifier for range header test
-c number of connections limited to 1024
-H, B, or R specify to slow down in headers section or in message body.
           -R enables range test
-g generate statistics in CSV and HTML formats, pattern is slow_xxx.csv/html,
  where xxx is the time and date
-i seconds interval between follow up data in seconds, per connection
-l seconds test duration in seconds
-o file custom output file path and/or name, effective if -g is specified
-r connections per second connection rate
-s bytes value of Content-Length header, if -B specified
-t verb custom verb to use
-u URL target URL, the same format you type in browser, e.g https://host:port/
-v level verbosity level of log 0-4
-x bytes max length of follow up data

You can also make tests with next nmap and hping2:

 nmap -v -f FIREWALL-IP
 nmap -v -sX FIREWALL-IP
 nmap -v -sN FIREWALL-IP
 hping2 -X FIREWALL-IP

Was this answer helpful?

 Print this Article

Also Read

Centos 6 Webserver

In this article we will install some software that is useful on a webserver based on...

NFS on Centos 6

How to install NFS on Centos 6 yum install nfs-utils nfs-utils-lib Set nfs to start...


How to install nginx on Centos Add nginx repo first. To add it, create the file...


 First of all make sure you have the ports 20-21 opened in your firewall. If not, you...


How to install squid with tor [NOTE: According to vpsget.com AUP/TOS you can use private proxy...