DDos protection. Simple but effective script
Recently, I have been concerned with finding an adequate solution to protect some controlled resources from DDos attacks.
The first thing they advised was Cisco Guard. But as it required something light and not so expensive, I decided to look in the direction of software products.
After a short googling I stumbled upon a small violinist (D) DoS-Deflate
It works quite simple - every minute, the command is started according to crown
and select all IPs the number of connections from which exceeds the limit specified in the config (default 150).
Ban time is also configured in the config. You can also choose which firewall to work with - iptables or apf (add-on iptables).
The solution is quite obvious, the verbal descriptions skipped before, but I haven’t met such a ready implementation before.
UPD: do not forget that this script, by virtue of its simplicity, will not save you from serious custom attacks, but most of the coochackers will stop
The first thing they advised was Cisco Guard. But as it required something light and not so expensive, I decided to look in the direction of software products.
After a short googling I stumbled upon a small violinist (D) DoS-Deflate
It works quite simple - every minute, the command is started according to crown
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nand select all IPs the number of connections from which exceeds the limit specified in the config (default 150).
Ban time is also configured in the config. You can also choose which firewall to work with - iptables or apf (add-on iptables).
The solution is quite obvious, the verbal descriptions skipped before, but I haven’t met such a ready implementation before.
UPD: do not forget that this script, by virtue of its simplicity, will not save you from serious custom attacks, but most of the coochackers will stop
')
Source: https://habr.com/ru/post/39509/
All Articles