Генератор запоминающихся паролей

How to remove records from active connections and ip_conntrack by IP

Someone can opens hundreds tabs with autoupdate pages in browser and make lot of persistent open connections to the server. If you want to drop his connections, you have to find him at first:

sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED' | wc -l
sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED'
netstat -tulpan | grep 'ESTABLISHED' | wc -l
netstat -tulpan | grep 'ESTABLISHED'

If you found a lot of connections from one IP, check it: (Replace 255.255.255.255 to necessary IP)

sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED' | grep '255.255.255.255' | wc -l
netstat -tulpan | grep '255.255.255.255' | wc -l
whois 255.255.255.255

Look to the web server logs whether the activity is suspicious:

cat /var/log/nginx/access.log | grep '255.255.255.255'

Then drop user connections:

sudo cutter 255.255.255.255
sudo conntrack -D conntrack --orig-src 255.255.255.255
sudo cat /proc/net/ip_conntrack | grep '255.255.255.255' | wc -l
sudo cat /proc/net/ip_conntrack | grep 'ESTABLISHED' | wc -l
 51   20 d  
Popular