Hi everybody,
I found a bash script against ddos attacks type SYN flood but I have one problem, It is make for Linux OS (with iptables). There is the script:
I try to adapt it for Packet filter but I'm not sure it will works, there is my script:
Does it seems correct ? The line which is the problem is:
I put this for packet filter:
It is not exactly the same thing, this part found the ips which attacks my server on SYN flood:
I want ban those ips, so I want add them in the table flooders which I block in my Packet filter rules. Will it works ? And if not could you help me ?
I found a bash script against ddos attacks type SYN flood but I have one problem, It is make for Linux OS (with iptables). There is the script:
Code:
#!/bin/bash
while true;
do
for i in ` netstat -tanpu | grep "SYN_RECV" | awk {'print $5'} | cut -f 1 -d ":" | sort | uniq -c | sort -n | awk {'if ($1 > 5) print $2'}` ;
do
echo $i;
iptables -A INPUT -s $i/24 -j DROP && /etc/init.d/httpd restart;
sleep 1;
done;
netstat -tanpu | grep "0.0.0.0:80" | grep LISTEN || /etc/init.d/httpd restart;
sleep 5;
done
I try to adapt it for Packet filter but I'm not sure it will works, there is my script:
Code:
#!/bin/bash
while true;
do
for i in ` netstat -tanpu | grep "SYN_RECV" | awk {'print $5'} | cut -f 1 -d ":" | sort | uniq -c | sort -n | awk {'if ($1 > 5) print $2'}` ;
do
echo $i;
pfctl -t flooders -T add $i && /etc/init.d/httpd restart;
sleep 1;
done;
netstat -tanpu | grep "0.0.0.0:80" | grep LISTEN || /etc/init.d/httpd restart;
sleep 5;
done
Does it seems correct ? The line which is the problem is:
Code:
iptables -A INPUT -s $i/24 -j DROP && /etc/init.d/httpd restart;
Code:
pfctl -t flooders -T add $i && /etc/init.d/httpd restart;
It is not exactly the same thing, this part found the ips which attacks my server on SYN flood:
Code:
for i in ` netstat -tanpu | grep "SYN_RECV" | awk {'print $5'} | cut -f 1 -d ":" | sort | uniq -c | sort -n | awk {'if ($1 > 5) print $2'}` ;
I want ban those ips, so I want add them in the table flooders which I block in my Packet filter rules. Will it works ? And if not could you help me ?