Recently I wanted, but couldn’t find any software to install on Debian Linux to prevent simple DoS attacks, but found some scripts on the internet. Those scripts take same IP connections count, and if IP connection count greater then already specified value (you can specify this value) it shows this IP, but I wanted to block attacker IP for few seconds and then allow again. So I wrote simple shell script. The script denies access from attacker IP on specified time and after the time allows access again. You can specify max connection number from same IP when connection number exceeds limit, the script will block access from the IP on server.
Script originally is written for Linux Debian squeeze
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
#!/bin/bash declare -r BLOCKIPLIST=ipblock.list #block ip list file if not exists it creates automatic. declare -r FR_MIN_CONN=30 # minimum connection from one ip declare -r UNBLOCKTIME=60 # unblock atacker ip after .. seconds declare -r CHECLTIMEOUT=30 # check ip lists (seconds , this is script timeout) blockip() { BLNUMO=$(iptables -L INPUT -n --line-numbers | grep $1 | cut -d" " -f1) if [ ${#BLNUMO} -lt 1 ]; then iptables -I INPUT -s $1 -j DROP echo -e $1 `date '+%s'` >> $BLOCKIPLIST fi return } unblockips() { TMP_PREFIXI='/tmp/brrrr' TMP_FILEI=`mktemp $TMP_PREFIXI.XXXXXXXX` while read line; do IPP=$(echo $line | cut -d" " -f1) TT=$(echo $line | cut -d" " -f2) CURT=$(echo `date '+%s'`) #SXV=$CURT-$TT if [ $(( CURT - TT )) -lt $UNBLOCKTIME ]; then echo -e $line >> $TMP_FILEI else if [ ${#IPP} -gt 7 ]; then BLNUM=$(iptables -L INPUT -n --line-numbers | grep $IPP | cut -d" " -f1) if [ ${#BLNUM} -gt 0 ]; then echo $BLNUM iptables -D INPUT $BLNUM fi fi fi #echo $line done < $BLOCKIPLIST cp $TMP_FILEI $BLOCKIPLIST rm -f $TMP_PREFIXI.* } TMP_PREFIX='/tmp/frrr' #echo $BLOCKIPLIST if [ -f BLOCKIPLIST ]; then echo Loaded $BLOCKIPLIST file else echo -e " " > $BLOCKIPLIST fi while true do TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX` netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > $TMP_FILE while read line; do CURR_LINE_CONN=$(echo $line | cut -d" " -f1) CURR_LINE_IP=$(echo $line | cut -d" " -f2) if [ $CURR_LINE_CONN -gt $FR_MIN_CONN ]; then IPCK=$(echo $CURR_LINE_IP | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$') if [ ${#IPCK} -gt 7 ]; then #echo $CURR_LINE_CONN" " $CURR_LINE_IP #iptables -I INPUT -s $CURR_LINE_IP -j DROP blockip $CURR_LINE_IP fi fi done < $TMP_FILE rm -f $TMP_PREFIX.* unblockips sleep $CHECLTIMEOUT done |
How to install:
First download script
wget http://sizeofint.com/wp-content/uploads/antidos.sh
then set permissions
chmod 0700 antidos.sh
and run script
./antidos.sh &