Konsola girdikten sonra netstat -np | grep SYN_RECV
yazdıktan sonra
root@client-196-20 [~]# netstat -np | grep SYN_RECV
tcp 0 0 62.*.*.*:80 85.106.132.234:28008 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28014 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1175 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1179 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28007 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28010 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28009 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1172 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1177 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.102.50.22:50706 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1173 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1178 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28005 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28001 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1167 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1171 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1168 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.102.50.22:50707 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28011 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28006 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1176 SYN_RECV -
tcp 0 0 62.*.*.*:80 85.106.132.234:28002 SYN_RECV -
tcp 0 0 62.*.*.*:80 81.215.237.83:1174 SYN_RECV -
SYN_RECV başlıklı tüm ip ler SYN Flood yapan ip adresleridir.
O anki saldırıyo kesmek için şu iki iptables komutunu kullanıyorum :
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A INPUT -p tcp -m tcp -d 80 -j DROP
Saldırıdan sonra
netstat -np | grep SYN_RECV
saldırının yok oldugunu göreceksiniz 
