Linux Ddos Defense Attack
[[email protected] ~]# Netstat-ntu |awk ' {print $} ' |grep ' [0-9] ' |cut-d:-f1 |sort |uniq-c|sort-n # view stats number of IP links
Installing the configuration DDoS deflate
[Email protected] ~]# CD/USR/LOCAL/SRC
[Email protected] src]# wget http://www.inetbase.com/scripts/ddos/install.sh
[[email protected] src]# chmod 744 install.sh # Add executable permissions
[[email protected] src]#./install.sh # perform installation, enter q exit instructions after installation
[Email protected] ddos]# Cd/usr/local/ddos
[[email protected] ddos]# ls
ddos.conf ddos.sh ignore.ip.list LICENSE
##############################################################################
ddos.conf--ddos-deflate configuration file, which configures various behavior to prevent DDoS ddos.sh--ddos-deflate main program, using shell, the whole program function module Ignore.ip.list--Whitelist , the IP in the file exceeds the set number of connections and is not blocked by Ddos-deflate LICENSE-The Ddos-deflate program's release protocol
The default configuration for DDoS deflate is located in/usr/local/ddos/ddos.conf, which defaults to the following:
Progdir= "/usr/local/ddos" prog= "/usr/local/ddos/ddos.sh" ignore_ip_list= "/usr/local/ddos/ignore.ip.list"// IP address Whitelist cron= "/etc/cron.d/ddos.cron"//Timed Execution Program apf= "/ETC/APF/APF" ipt= "/sbin/iptables"
Freq=1//Check time interval, default 1 minutes
no_of_connections=150//Maximum number of connections, more than this number of IP will be blocked, the general default can be
Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0.
Kill=1//whether to block IP, by default
email_to= "root"//when the IP is blocked to send mail to the designated mailbox, recommended to use, change to their own mailbox
ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation
View line 117th of the/usr/local/ddos/ddos.sh file
Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-nr > $BAD _ip_list
Modified to:
Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sed-n '/[0-9]/p ' | Sort | uniq-c | Sort-nr > $BAD _ip_list
Add no minutes to execute ddos.sh script in crontab
# CRONTAB-E
*/1 * * * */bin/bash/usr/local/ddos/ddos.sh
Test DDoS defenses.
Test Tool AB, source installation Apache2 generally have installed AB. Which AB can be used to see if there is an installation.
If the executable is not installed
# yum-y Install Httpd-tools
[Email protected] desktop]$ ab-n 150 192.168.0.102/
[[email protected] ~]# Netstat-ntu |awk ' {print $} ' |cut-d:-f1 |grep ' [0-9] ' |sort |uniq-c |SORT-NR
151 192.168.0.101
1 23.32.248.91
[Email protected] desktop]# iptables-l
Chain INPUT (Policy ACCEPT)
Target Prot opt source destination
DROP All--192.168.0.101 anywhere
This prohibits the access of 192.168.0.101.
[Email protected] desktop]# iptables-f #清除规则
[Email protected] desktop]# service iptables Save #保存规则
Linux DDoS Defense attack