DoS Detect and Block
The following provides output concerning connections to your web server in a ‘TIME WAIT’ status.
netstat -antlp | grep :80 | grep -v TIME_WAIT | awk '{print $5}' | awk -F : '{print $1}' | sort | uniq -c | sort -n | tail -n15
Large number of these connections from numerous sources are indicative of a denial of service attack. To remedy this, the following will place all sources identified into your software firewall:
for i in `netstat -antlp | grep :80 | grep -v TIME_WAIT | awk '{print $5}' | awk -F : '{print $1}' | sort | uniq -c | sort -n | tail -n15 | awk '{print $2}'` ; do iptables -A INPUT -s $i -j DROP ; done