Debian netstat output. What do the lines mean?

Flanker3812015-05-28 16:54:35

PHP

Flanker381, 2015-05-28 16:54:35

Good day. The load on the server running Debian 7 periodically increases. It looks like a DDOS is going on.
10serv.com/borba-s-ddos-atakoy-s-pomoshhyu-d-dos-d...
From this article I took a command to display the number of current connections with different ip. I got the following conclusion:

As soon as STREAM is more than 200, the server becomes ill.
Actually, what do the lines STREAM and DGRAM mean? The author of the article does not have them in the output.
There are a significant number of cron tasks spinning on the server, about 100 at the same time at the peak, for a similar increase in load occurs at off-peak times. Also, RAM and swap space are significantly eaten up at these moments.

Answer the question

In order to leave comments, you need to log in

6 answer(s)

Sergey Popov, 2018-07-18
@logpol32

Quotation marks escape characters.
`обратные кавычки`are used when you need to escape a column name if it matches a reserved keyword.
'Одинарные кавычки'should be used when you write dates and strings.
"Двойные кавычки"should be used to write a direct query.
Example
I remind you. When querying the database from a script, especially if you use any data received from the user (from sessions and cookies to input fields), you should either use prepared queries in emulation mode, or escape the string before inserting data into the query.

Maxim Fedorov, 2018-07-18
@qonand

slash quotes `` are used to escape database keywords
regular '' to indicate
PS strings and learn not to insert unprepared variables in queries if you don't want to suffer from sql injection problems

Denis Davydenko, 2018-07-18
@GooseTheDestroyer

This is not an exhaustive answer, but from personal experience.
The quotes are needed when the table name matches the syntax. Those. for example, if you have a "create" table in your database, then the query without quotes will take it as part of the query, and not as the name of the table.

Dmitry Dart, 2018-07-18
@gobananas

It is always desirable to frame the names of fields and columns with a symbol `
Sometimes it happens that the user uses a reserved word as a field name, for example desc, then:
WHERE descwill not work
WHERE `desc`will work
Here are single quotes for concatenation, do not confuse them with others, you cannot `user_id`=$user_id и так `user_id`='$user_id'.write`user_id`=`$user_id`

Power, 2015-05-28
@Power

Look at the output of the command for yourself
and you will understand that STREAM and DGRAM refer to unix sockets, which have nothing to do with network connections.
A more correct command would be:
but even then it will stumble on addresses like ::ffff:192.168.1.1.

Flanker381, 2015-05-28
@Flanker381

In both versions of the command there is a line without an ip address:
Tell me, what connections are related to them?
TCP connection can only be external? The Ddos-Deflate script described in this article 10serv.com/borba-s-ddos-atakoy-s-pomoshhyu-d-dos-d... does not respond at all during a sudden load spike.
Again, this is not "live" traffic. This happens even at night when there are almost no visitors. External server ping disabled. In iptables, limited the number of TCP connections per port 80 from one ip to 15:
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 10 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with icmp-port-unreachable