Jul 01 2009

[Linux, FreeBSD] Small Anti-DDOS Shell Script for FreeBSD

Category: Articles,Linux administrationFractalizeR @ 3:21 pm

Struggling with DDoS on my friend’s site, I wrote small Anti-DDoS script, that in original just lists all IPs, that have more than X active connections open to your server. It was originally written for FreeBSD.

#!/bin/sh
# Set here a minimum number of connections for action to be executed (150 by default).
FR_MIN_CONN=150
TMP_PREFIX='/tmp/frrr'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
netstat -ntu -f inet| awk '{if(NR>2 && NF=6) print $5}' | cut -d. -f1-4 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' | sort | uniq -c | sort -nr > $TMP_FILE
while read line; do
 CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
 CURR_LINE_IP=$(echo $line | cut -d" " -f2)
 if [ $CURR_LINE_CONN -lt $FR_MIN_CONN ]; then
 break
 fi
 
 # You can insert your own logic here (e.g. ban with your favourite firewall). Now it just prints the IP to console.
 echo $CURR_LINE_IP
done < $TMP_FILE
rm -f $TMP_PREFIX.*

I think this will work on general Linux also. You just need to change “cut -d.” to “cut -d:” in the listing and, probably, “/bin/sh” to “/bin/bash”.

Tags: , ,

3 Responses to “[Linux, FreeBSD] Small Anti-DDOS Shell Script for FreeBSD”

  1. igorglock says:

    o_0

    16: Syntax error: “done” unexpected (expecting “then”)

  2. igorglock says:

    oh… stupid Charset 😉

    fixxed

Leave a Reply

You must be logged in to post a comment. Login now.