Simulating a shell script to resolve Dos attacks

Method 1:

#!/bin/sh

While True

Do

awk ' {print $} '. Access.log|grep–v "^$" |sort|uniq–c >/tmp/access.log

#netstat –an|grep est|awk–f ' [:]+ ' {print $6} ' |sort|uniq–c >/tmp/access.log determine network Connections

EXEC </tmp/access.log

While Read line

Do

Ip= ' echo $line |awk ' {print $} '

Count= ' echo $line |awk ' {print $} '

If [$count –gt] && [' Iptables–l-n|grep ' $ip "|wc–l '-LT 1]

Then

Iptables–a input–s $ip-j DROP

echo "$line is dropped" >>/tmp/droplist.log

Fi

Done

Sleep 180

Done

Method 2:

#!/bin/sh

If [$#-ne 1];then

echo "Usage:$0 ARG"

Exit

Fi

IPT () {

awk ' {print '} ' $ |sort|uniq-c|sort-rn-k1 >/tmp/access.log

EXEC </tmp/access.log

While Read line

Do

Ip= ' echo $line |awk ' {print $} '

Count= ' echo $line |awk ' {print $} '

If ["$count"-gt 100-a ' iptables-l-n|grep "$ip" |wc-l '-lt 1];then

Iptables-i input-s "$ip"-j DROP

echo "$ip" >>/tmp/ip_$ (date +%f). log

Fi

Done

}

Del () {

touch/tmp/ip_$ (date +%f-d ' -1day '). Log

EXEC </tmp/ip_$ (date +%f-d ' -1day '). Log

While Read line

Do

If [' Iptables-l-n|grep ' $line "|wc-l '-le 1];then

iptables-d input-s $line-j DROP

Fi

Done

}

Main () {

While True

Do

IPT $

Sleep 5

Del

Done

}

Main $*

Simulating a shell script to resolve Dos attacks