Linux anti-DDoS attack software Ddos-deflate detailed

Source: Internet
Author: User
Tags chmod iptables

Ddos-deflate Installation and Configuration

1, installation

The code is as follows Copy Code
wget http://www.inetbase.com/scripts/ddos/install.sh
Chmod 0700 install.sh
./install.sh

2, configuration

The configuration file is/usr/local/ddos/ddos.conf and is configured as follows by default

The code is as follows Copy Code
Freq=1
no_of_connections=150
Apf_ban=0
Kill=1
Email_to= "Test@qq.com"
ban_period=600

Explanation of configuration parameters:

Freq=1 detection interval, default is one minute, if you modify this to reset the cron Job
no_of_connections=150 Maximum number of connections, exceeding this will prohibit IP
Apf_ban=1, using APF set to 1, using iptables set to 0
kill=1, whether IP is prohibited
email_to= "root"; mail notification, write a mailbox to receive mail
ban_period=600 prohibit IP length, default is 600 seconds

IP address white list:/usr/local/ddos/ignore.ip.list
Unloading

The code is as follows Copy Code
wget Http://www.inetbase.com/scripts/ddos/uninstall.ddos
Chmod 0700 Uninstall.ddos
./uninstall.ddos

View IP

The code is as follows Copy Code

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n

To do a test to see if you can seal off the IP.

The code is as follows Copy Code
Iptables-l-N

As shown below, the 192.168.1.200 is sealed off:

Add: Protect against DDoS attack scripts

  code is as follows copy code


#防止SYN攻击 Lightweight prevention
Iptables-n Syn-flood
iptables-a input-p TCP--sy N-j syn-flood
iptables-i syn-flood-p tcp-m limit--limit 3/s--limit-burst 6-j return
Iptables-a Syn-flood -j REJECT
#防止DOS太多连接进来, you can allow the extranet network card to be up to 15 initial connections per IP, over discard
iptables-a input-i eth0-p tcp--syn-m connlimit--connlim It-above 15-j DROP
iptables-a input-p tcp-m State--state established,related-j ACCEPT

#用Iptables抵御DDOS ( parameter is the same as above)
Iptables-a input -P tcp--syn-m limit--limit 12/s--limit-burst 24-j ACCEPT
iptables-a FORWARD -p TCP--syn-m limit--limit 1/s-j ACCEPT
##########################################################

Iptables anti-DDoS attack script

The code is as follows Copy Code

#!/bin/sh
# # define some VARs
max_total_syn_recv= "1000"
max_per_ip_syn_recv= "20"
mark= "Syn_recv"
port= "80"

logfile= "/var/log/netstat_$mark-$PORT"
logfile_ip= "/var/log/netstat_connect_ip.log"
Drop_ip_log= "/var/log/netstat_syn_drop_ip.log"
# # Iptables default rules:accept normailly packages and drop baleful syn*
Iptables-f-T Filter
Iptables-a input-p TCP! --syn-m State--state New-j DROP
Iptables-a input-p all-m State--state invalid-j DROP
Iptables-a input-p all-m State--state established,related-j ACCEPT
# # Initialize
If [-Z $MARK];then
mark= "LISTEN"
Fi
If [-Z $PORT];then
sport= "TCP"
Else
Sport= ": $PORT"
Fi
######################## End
# # Save the results of command netstat to Specifal file
Netstat-atun|grep $MARK |grep $SPORT 2>/dev/null > $LOGFILE

repeat_connect_ip= ' less $LOGFILE |awk ' {print $} ' |cut-f1-d ': ' |sort|uniq-d |tee > $LOGFILE _ip '

If [f $DROP _ip_log];then
For i in ' less $DROP _ip_log ';d o
Iptables-a input-p all-s $i-j DROP
Done
Fi

For i in ' less $LOGFILE _ip ';d o
Repeat_connect_num= ' grep $i $LOGFILE |wc-l '
# # Count Repeat connections, if the accout is large than default Number,then drop packages
If [$REPEAT _connect_num-gt $MAX _per_ip_syn_recv];then
echo "$i $REPEAT _connect_num" >> $DROP _ip_log
Iptables-a input-p all-s $i-j DROP
Fi
Done

all_connect= ' uniq-u $LOGFILE |wc-l '
#echo $ALL _connect
# # Count Repeat connections, if the accout is large than default Number,then drop packages
If [$ALL _connect-gt $MAX _total_syn_recv];then
#echo $ALL _connect
Exit
Fi

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.