Using the shell to resolve DDoS attack instances

Source: Internet
Author: User

Note: Depending on the number of web logs or network connections, monitor the number of concurrent connections for an IP or PV to 100 in a short time

that is, call the firewall command to seal off the corresponding IP, monitoring frequency every 3 minutes

the firewall command is: iptables-a input-s 10.0.1.10-j DROP

Ideas:

1. Analyze logs, extract IP and PV numbers

2.while statement, read the extracted IP and PV number, and implement a 3-minute loop

3. Call the firewall command

Use while to read the log method:

1.cat A.log | While Read line

Do

Done

2.exec<a.log | While Read line

Do

Done

3.while Read Line

Do

Done<a.log

Script:

#!/bin/bash#author: liuwei#site: www.51liuzw.comwhile truedo#cat 12_01.log | awk   ' {print $1} '  | sort | uniq -c > a.lognetstat -an |  grep ESTAB | awk -F  "[ :]+"   ' {print $6} '  | sort |  uniq -c > b.logexec<a.logwhile read linedo         pv= ' echo  $line  | awk  ' {print $1} '          ip= ' echo  $line  | awk  ' {print $2} '          if [  $PV  -gt 5 ] && [  ' iptables -l  -n | grep  $ip  | wc -l '  -eq 0 ];then                 iptables -a input -s   $IP  -j droP        fidonesleep 180done 

Implementation ideas:

1. Extract the IP and PV numbers according to the log, or IP and PV based on the number of network connections

2. Determine when PV is greater than you can accept the maximum value, the IP into the firewall

3. Can be implemented every 3 minutes with crontab

Knowledge Points:

Awk-f "[:]+"

-F: You need to add this option when specifying delimiters

[:]+: A space or colon is a delimiter, + denotes a space or colon appears at least once


This article is from the "burning Years of Passion" blog, please be sure to keep this source http://liuzhengwei521.blog.51cto.com/4855442/1773802

Using the shell to resolve DDoS attack instances

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.