nixCraft
Linux / UNIX Tech Support Forum
A script top stop small scale syn flood ?
This is a discussion on A script top stop small scale syn flood ? within the Shell scripting forums, part of the Development/Scripting category; Hi guys, I know very little about shell scripting so I could really use some help. I really hope what ...
|
|||||||
| Shell scripting You can discuss the shell scripting, request shell scripts and scripting techniques |
 |
|
|
LinkBack | Thread Tools | Display Modes |
09-06-2009, 03:29 AM
|
|||
|
|||
A script top stop small scale syn flood ?
Hi guys,
I know very little about shell scripting so I could really use some help. I really hope what I had in mind is possible to realize with some script since alternative is to purchase a hardware firewall which are expensive for me to rent from hosting companies. Our site has been getting syn flood attacks but they are not very massive, coming from few ips at the time. But it still causes a load to go higher and slows down the page loading. What I had in mind is a script that would run this command: netstat -ntu | grep SYN_RECV which gives an output like this: Code:
tcp 0 0 200.55.55.15:80 41.219.58.5:4772 SYN_RECV tcp 0 0 200.55.55.15:80 82.151.89.21:4805 SYN_RECV tcp 0 0 200.55.55.15:80 84.150.243.31:60048 SYN_RECV tcp 0 0 200.55.55.15:80 217.171.181.137:61908 SYN_RECV tcp 0 0 200.55.55.15:80 41.219.58.5:4770 SYN_RECV tcp 0 0 200.55.55.15:80 88.247.216.117:2597 SYN_RECV tcp 0 0 200.55.55.15:80 88.247.216.117:2595 SYN_RECV tcp 0 0 200.55.55.15:80 86.11.22.135:1090 SYN_RECV So I was thinking it would be good to set up a script which would run netstat command like 10 times with 10 second interval in between and grep those visitor ips that repeated in 8 out of 10 of those results and then block them with iptables. Thanks in advance for any help 
|
| Sponsored Links | ||
|
|
|
11-06-2009, 02:14 AM
|
||||
|
||||
|
How about iptables configuration?
Code:
# Block sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Sync"
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP
__________________
Vivek Gite Linux Evangelist  Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group. Always use CODE tags for posting system output and commands! Do you run a Linux? Let's face it, you need help
|
|
| Tags |
| iptables , iptables stop syn flood , linux , linux stop syn flood , syn flood attacks |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Small Issue : please help resolvinig it | ermunishanand | Shell scripting | 1 | 11-10-2008 01:54 AM |
| Change /tmp path on KDE as it is too small for KDE | marccarter0 | Ubuntu / Debian | 2 | 26-05-2008 09:34 PM |
| Small handy one liners | digen | Getting started tutorials | 0 | 07-02-2007 03:40 PM |
| Apache SYN Flood Attacks and how to stop / avoid them | cbzee | Web servers | 1 | 21-12-2006 03:30 AM |
| start up and stop the running script | mala_un | Shell scripting | 9 | 26-07-2006 07:10 AM |
All times are GMT +5.5. The time now is 06:52 PM.
