Linux DDoS Defense attack

Linux Ddos Defense Attack

[[email protected] ~]# Netstat-ntu |awk ' {print $} ' |grep ' [0-9] ' |cut-d:-f1 |sort |uniq-c|sort-n # view stats number of IP links

Installing the configuration DDoS deflate

[Email protected] ~]# CD/USR/LOCAL/SRC

[Email protected] src]# wget http://www.inetbase.com/scripts/ddos/install.sh

[[email protected] src]# chmod 744 install.sh # Add executable permissions

[[email protected] src]#./install.sh # perform installation, enter q exit instructions after installation

[Email protected] ddos]# Cd/usr/local/ddos

[[email protected] ddos]# ls

ddos.conf ddos.sh ignore.ip.list LICENSE

##############################################################################

ddos.conf--ddos-deflate configuration file, which configures various behavior to prevent DDoS ddos.sh--ddos-deflate main program, using shell, the whole program function module Ignore.ip.list--Whitelist , the IP in the file exceeds the set number of connections and is not blocked by Ddos-deflate LICENSE-The Ddos-deflate program's release protocol

The default configuration for DDoS deflate is located in/usr/local/ddos/ddos.conf, which defaults to the following:

Progdir= "/usr/local/ddos" prog= "/usr/local/ddos/ddos.sh" ignore_ip_list= "/usr/local/ddos/ignore.ip.list"// IP address Whitelist cron= "/etc/cron.d/ddos.cron"//Timed Execution Program apf= "/ETC/APF/APF" ipt= "/sbin/iptables"

Freq=1//Check time interval, default 1 minutes

no_of_connections=150//Maximum number of connections, more than this number of IP will be blocked, the general default can be

Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0.

Kill=1//whether to block IP, by default

email_to= "root"//when the IP is blocked to send mail to the designated mailbox, recommended to use, change to their own mailbox

ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation

View line 117th of the/usr/local/ddos/ddos.sh file

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-nr > $BAD _ip_list

Modified to:

Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sed-n '/[0-9]/p ' | Sort | uniq-c | Sort-nr > $BAD _ip_list

Add no minutes to execute ddos.sh script in crontab

# CRONTAB-E

*/1 * * * */bin/bash/usr/local/ddos/ddos.sh

Test DDoS defenses.

Test Tool AB, source installation Apache2 generally have installed AB. Which AB can be used to see if there is an installation.

If the executable is not installed

# yum-y Install Httpd-tools

[Email protected] desktop]$ ab-n 150 192.168.0.102/

[[email protected] ~]# Netstat-ntu |awk ' {print $} ' |cut-d:-f1 |grep ' [0-9] ' |sort |uniq-c |SORT-NR

151 192.168.0.101

1 23.32.248.91

[Email protected] desktop]# iptables-l

Chain INPUT (Policy ACCEPT)

Target Prot opt source destination

DROP All--192.168.0.101 anywhere

This prohibits the access of 192.168.0.101.

[Email protected] desktop]# iptables-f #清除规则

[Email protected] desktop]# service iptables Save #保存规则

Linux DDoS Defense attack