If the Linux system under suspicion has DOS attack, can input
Netstat - an grep - I "server IP address: 80" awk "{locate 14, 20: print} ' 'time uniq - c time - n
Netstat - an grep "SYN" wc - l
This command will automatically statistical Tcp connection number of each state, if SYN_RECV high's words, he cannot eliminate have based on Tcp protocol ddos attack may, at this moment, can open tcp_syncookies and enter this command
Echo 1 > / proc/sys/asp.net/ipv4 / tcp_syncookies
If no/proc/sys/asp.net/ipv4 / tcp_syncookies illustrate your kernel does not support, need to recompile the kernel
While lowering syn retry count
Echo 1 > / proc/sys/asp.net/ipv4 / tcp_syn_retries
Echo 1 > / proc/sys/asp.net/ipv4 / tcp_synack_retries
Increase syn_backlog, in order to ensure that the user access (consumes memory for price, set too high.).
Echo "2048" > / proc/sys/asp.net/ipv4 / tcp_max_syn_backlog
If or not, so only to corresponding hardware firewall.