| |
1, Shell Scripting
#! / Bin / bash
/ Bin / netstat -na | grep ESTABLISHED | awk '{print $ 5}' | awk -F: '{print $ 1}' | sed '/ ^ $ / d' | sort | uniq -c | sort -rn | head - n 10 | grep -v -E '192.168 | 127.0' | sed '/ ^ $ / d' | awk '{if; {print $ 2} ($ 2 = null && $ 1> 10!)}'> / tmp / dropip
for i in $ (cat / tmp / dropip)
do
/ Sbin / iptables -A INPUT -s $ i -j DROP
echo "$ i kill at` date` ">> / var / log / ddos
done
2. Increase execute permissions
chmod + x /root/bin/dropip.sh
3. Add to the scheduled task, once per minute
crontab -e
* / 1 * * * * /root/bin/dropip.sh
Explanation:
The above script is relatively simple, but very practical, the most important is the second line, to get the most ESTABLISHED connections before 10 ip and written to a temporary file / tmp / dropip, excluding the internal ip section 192.168 |. 127.0 for beginning through loop dropip inside ip iptables through all drop off, and then written to the log file / var / log / ddos |
|
|
|