[root@ns333111 ~]# sudo netstat -tpn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 208 37.187.125.144:22 194.79.60.168:58513 ESTABLISHED 5067/sshd: root@pts
tcp 0 1 37.187.125.144:54174 162.254.197.21:27019 SYN_SENT 4330/./srcds_linux
tcp6 0 3827 37.187.125.144:80 95.139.102.26:54291 ESTABLISHED 3427/httpd
[root@ns333111 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 37.187.125.144 netmask 255.255.255.0 broadcast 37.187.125.255
inet6 2001:41d0:a:f690::1 prefixlen 128 scopeid 0x0<global>
inet6 fe80::222:4dff:feab:41ab prefixlen 64 scopeid 0x20<link>
ether 00:22:4d:ab:41:ab txqueuelen 1000 (Ethernet)
RX packets 201588 bytes 20189482 (19.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 275646 bytes 128025115 (122.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xd0400000-d0420000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 46 bytes 4286 (4.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46 bytes 4286 (4.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ns333111 ~]# sudo tcpdump -v -n -w attack.log -c 50
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
50 packets captured
490 packets received by filter
0 packets dropped by kernel
[root@ns333111 ~]# sudo tcpdump -nr attack.log |awk '{print $3}' |grep -oE '[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}' |sort |uniq -c |sort -rn
reading from file attack.log, link-type EN10MB (Ethernet)
28 37.187.125.144
9 92.222.172.140
5 95.153.165.225
5 134.255.149.134
3 194.79.60.168
[root@ns333111 ~]# sudo tcpdump -nr attack.log
reading from file attack.log, link-type EN10MB (Ethernet)
18:13:10.034528 IP 37.187.125.144.27018 > 92.222.172.140.27005: UDP, length 349
18:13:10.034588 IP 37.187.125.144.27018 > 194.79.60.168.cap: UDP, length 188
18:13:10.034785 IP 37.187.125.144.27018 > 134.255.149.134.27005: UDP, length 188
18:13:10.034904 IP 37.187.125.144.27018 > 95.153.165.225.37595: UDP, length 447
18:13:10.035099 IP 37.187.125.144.27018 > 194.79.60.168.noteit: UDP, length 455
18:13:10.035211 IP 37.187.125.144.27018 > 92.222.172.140.23664: UDP, length 214
18:13:10.041921 IP 134.255.149.134.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.044684 IP 92.222.172.140.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.046848 IP 37.187.125.144.27018 > 194.79.60.168.cap: UDP, length 69
18:13:10.046883 IP 37.187.125.144.27018 > 134.255.149.134.27005: UDP, length 69
18:13:10.047122 IP 37.187.125.144.27018 > 92.222.172.140.23664: UDP, length 94
18:13:10.050007 IP 92.222.172.140.23664 > 37.187.125.144.27018: UDP, length 54
18:13:10.051725 IP 95.153.165.225.37595 > 37.187.125.144.27018: UDP, length 68
18:13:10.056115 IP 95.153.165.225.37595 > 37.187.125.144.27018: UDP, length 76
18:13:10.056408 IP 134.255.149.134.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.058076 IP 194.79.60.168.noteit > 37.187.125.144.27018: UDP, length 50
18:13:10.061287 IP 92.222.172.140.27005 > 37.187.125.144.27018: UDP, length 108
18:13:10.064058 IP 37.187.125.144.27018 > 194.79.60.168.cap: UDP, length 73
18:13:10.064078 IP 37.187.125.144.27018 > 92.222.172.140.27005: UDP, length 347
18:13:10.064133 IP 37.187.125.144.27018 > 134.255.149.134.27005: UDP, length 73
18:13:10.064380 IP 37.187.125.144.27018 > 95.153.165.225.37595: UDP, length 334
18:13:10.064409 IP 37.187.125.144.27018 > 194.79.60.168.noteit: UDP, length 339
18:13:10.064465 IP 37.187.125.144.27018 > 92.222.172.140.23664: UDP, length 99
18:13:10.065761 IP 92.222.172.140.23664 > 37.187.125.144.27018: UDP, length 54
18:13:10.068131 IP 37.187.125.144.ssh > 194.79.60.168.58513: Flags [P.], seq 1489131710:1489131854, ack 1490744102, win 146, length 144
18:13:10.069025 IP 134.255.149.134.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.076369 IP 95.153.165.225.37595 > 37.187.125.144.27018: UDP, length 78
18:13:10.076848 IP 37.187.125.144.27018 > 194.79.60.168.cap: UDP, length 136
18:13:10.076876 IP 37.187.125.144.27018 > 194.79.60.168.noteit: UDP, length 139
18:13:10.076880 IP 37.187.125.144.27018 > 95.153.165.225.37595: UDP, length 396
18:13:10.076885 IP 37.187.125.144.27018 > 134.255.149.134.27005: UDP, length 136
18:13:10.077186 IP 37.187.125.144.27018 > 92.222.172.140.23664: UDP, length 162
18:13:10.077668 IP 194.79.60.168.cap > 37.187.125.144.27018: UDP, length 52
18:13:10.079306 IP 92.222.172.140.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.083207 IP 92.222.172.140.23664 > 37.187.125.144.27018: UDP, length 54
18:13:10.083552 IP 134.255.149.134.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.093973 IP 95.153.165.225.37595 > 37.187.125.144.27018: UDP, length 78
18:13:10.094044 IP 37.187.125.144.27018 > 194.79.60.168.cap: UDP, length 71
18:13:10.094076 IP 37.187.125.144.27018 > 92.222.172.140.27005: UDP, length 352
18:13:10.094344 IP 37.187.125.144.27018 > 134.255.149.134.27005: UDP, length 76
18:13:10.094453 IP 37.187.125.144.27018 > 194.79.60.168.noteit: UDP, length 79
18:13:10.094629 IP 37.187.125.144.27018 > 92.222.172.140.23664: UDP, length 101
18:13:10.096040 IP 92.222.172.140.27005 > 37.187.125.144.27018: UDP, length 108
18:13:10.098935 IP 92.222.172.140.23664 > 37.187.125.144.27018: UDP, length 54
18:13:10.102016 IP 134.255.149.134.27005 > 37.187.125.144.27018: UDP, length 50
18:13:10.102032 IP 95.153.165.225.37595 > 37.187.125.144.27018: UDP, length 78
18:13:10.103012 IP 194.79.60.168.noteit > 37.187.125.144.27018: UDP, length 50
18:13:10.107999 IP 92.222.172.140.23664 > 37.187.125.144.27018: UDP, length 54
18:13:10.108831 IP 37.187.125.144.27018 > 194.79.60.168.cap: UDP, length 132
18:13:10.108862 IP 37.187.125.144.27018 > 134.255.149.134.27005: UDP, length 136
Фильтрация со стороны провайдера есть и если мне попытаются забить канал то провайдер подцепит мне фильтр.