- Site keeps loading.
- SQL connection timeout .
- Site timeout error.
- Unable to send or receive emails.
Steps to Check if the Windows server in under DDoS attack.
NETSTAT is a command line utility. It shows current TCP/IP network connections as well as protocol statistics in a system.
- Open the Command Prompt
- Check how many connections are made on your server by typing command
netstat –ano
Now, Here
a – Shows all connections and listening ports.
n – Shows port numbers and addresses in numerical value.
o – this shows the owning process ID associated with every connection.
The command ” netstat -ano > netstat.txt ” creates a txt file naming as “netstat.txt”
This file will lists all the listening ports and their corresponding IP connections. -
By using the below command, check the total number of connections at port 80
netstat -ano | find /i /c “:80”
netstat -ano | find /i “80” -
Now check the IP address that has maximum connections at port “80” and output the result to another file.
-
Check the IP with maximum connections and block its access using IP security policy.
-
Now, how do you check the number of connections made from a specific IP? To check the number of connections made from a specific IP, you can run the following command.
netstat -ano | find /i /c “IP Address”
Using the above commands you can easily find out if your Windows server is under attack or not.
If you suspect your server is being attacked, block traffic from the attacking IP addresses or contact your hosting provider.