(view this code in a separate window)

#!/bin/sh
#
# Print all half open connections (those with a
# SYN packet recieved, but no responding ACK yet.
# Caused by SYN scans and SYN DoS or DDoS attacks.

while [ 1 ]; do
	echo -n "half-open connections: "
	netstat -nat | grep SYN_RECV | wc -l
	sleep 1;
done