Linux DDoS Defense attack

Source: Internet
Author: User

Linux Ddos Defense Attack

[[email protected] ~]# Netstat-ntu |awk ' {print $} ' |grep ' [0-9] ' |cut-d:-f1 |sort |uniq-c|sort-n # view stats number of IP links

Installing the configuration DDoS deflate

[Email protected] ~]# CD/USR/LOCAL/SRC

[Email protected] src]# wget http://www.inetbase.com/scripts/ddos/install.sh

[[email protected] src]# chmod 744 install.sh # Add executable permissions

[[email protected] src]#./install.sh # perform installation, enter q exit instructions after installation

[Email protected] ddos]# Cd/usr/local/ddos

[[email protected] ddos]# ls

ddos.conf ddos.sh ignore.ip.list LICENSE

##############################################################################

ddos.conf--ddos-deflate configuration file, which configures various behavior to prevent DDoS ddos.sh--ddos-deflate main program, using shell, the whole program function module Ignore.ip.list--Whitelist , the IP in the file exceeds the set number of connections and is not blocked by Ddos-deflate LICENSE-The Ddos-deflate program's release protocol

The default configuration for DDoS deflate is located in/usr/local/ddos/ddos.conf, which defaults to the following:

Progdir= "/usr/local/ddos" prog= "/usr/local/ddos/ddos.sh" ignore_ip_list= "/usr/local/ddos/ignore.ip.list"// IP address Whitelist cron= "/etc/cron.d/ddos.cron"//Timed Execution Program apf= "/ETC/APF/APF" ipt= "/sbin/iptables"

Freq=1//Check time interval, default 1 minutes

no_of_connections=150//Maximum number of connections, more than this number of IP will be blocked, the general default can be

Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0.

Kill=1//whether to block IP, by default

email_to= "root"//when the IP is blocked to send mail to the designated mailbox, recommended to use, change to their own mailbox

ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation

View line 117th of the/usr/local/ddos/ddos.sh file

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-nr > $BAD _ip_list

Modified to:

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sed-n '/[0-9]/p ' | Sort | uniq-c | Sort-nr > $BAD _ip_list

Add no minutes to execute ddos.sh script in crontab

# CRONTAB-E

*/1 * * * */bin/bash/usr/local/ddos/ddos.sh

Test DDoS defenses.

Test Tool AB, source installation Apache2 generally have installed AB. Which AB can be used to see if there is an installation.

If the executable is not installed

# yum-y Install Httpd-tools

[Email protected] desktop]$ ab-n 150 192.168.0.102/

[[email protected] ~]# Netstat-ntu |awk ' {print $} ' |cut-d:-f1 |grep ' [0-9] ' |sort |uniq-c |SORT-NR

151 192.168.0.101

1 23.32.248.91

[Email protected] desktop]# iptables-l

Chain INPUT (Policy ACCEPT)

Target Prot opt source destination

DROP All--192.168.0.101 anywhere

This prohibits the access of 192.168.0.101.

[Email protected] desktop]# iptables-f #清除规则

[Email protected] desktop]# service iptables Save #保存规则

Linux DDoS Defense attack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.