floodCheck


1
2
3
4
5
6
7
8

#!/bin/bash
#
# Check for SYN flooding

# the two 'rev' are so we can trim the port # while not mangling IPv6
# -d on uniq to only show entries with more then 1 half oppen connection
netstat -tn | grep SYN_RECV | awk '{print $5}' | rev | cut -d\: -f 2- | rev | sort | uniq -c -d