The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
Reload this Page netstat - possible reasons for high IP count ???
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: netstat - possible reasons for high IP count ???
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 11-18-2008
PWSwebmaster PWSwebmaster is offline
Registered User
  
 

Join Date: Feb 2006
Location: Canada
Posts: 33
netstat - possible reasons for high IP count ???
One of my servers started getting heavily loaded a few weeks ago for a few hours, so I did some studying and wrote a script to use netstat to get the IP addresses connected and the count. I put a new chain in iptables and if an IP is using more than 40 connections, it gets added to that chain which is then flushed every hour just to make sure no legitimate IP is blocked forever. If an IP is connected more than 100 times, it gets added directly to the INPUT chain and therefore is permanent until manually removed.

I'm mainly trying to figure out if those counts are good limits. Can there be legitimate reasons for an IP to be using more than 40 connections at a time? I tested going to a web page with 200 thumbnail images, and even then my IP was only listed a few times.