This is a simply command in Linux to check the no. of connection opened per IP.
/bin/netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr |more
Detect size of transfer
iftop -i interface
Auto block DDOS IP ((D)DoS-Deflate)
http://deflate.medialayer.com/
mod_evasive
http://www.eth0.us/mod_evasive