Can i hide the real IP of my machine in "netstat -n"? Perhaps using the iptables masquerade function?
(When the user is logged into the application and runs the netstat -n command, he can view the machine's ip.)
The purpose of hiding the real ip from my machine is to prevent ddos attacks on my application.
Many thanks!
I think that you have one or two misunderstandings on how network, computers and ddos attacks works.
First of all, people that is "in the application" - using your server as webserver or application / database server - don't have access to run netstat, ifconfig or other commands. If "the application" is some kind of terminal, they have, but these users are probably not strangers from the internet, they are trusted users.
Secondly, targets for ddos attack are normally found by looking up their ip-address via DNS if the target is a specific well-known servic, not by logging in into the server - which anyway would require the hosrname or ip. Or just scanning the internet more or less randomly to find ip-addresses that answers a connect attempt on port 80.
Ip-addresses and host-names are like phone numbers. Anyone on the network can call your number - they do not need to know who you are.
Professional companies having services available on the internet, pays their ISP for blocking ddos attacks - and this is not cheap. The ISP has a bigger connection to the internet, than you have to the ISP, so he can normally block the attack,If it is a larger attack, the ISP might need to have his internet connection provider to do the blocking
