+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Coding Support Forums (https://www.supportforums.net/forumdisplay.php?fid=18)
+---- Forum: Python Programming Language (https://www.supportforums.net/forumdisplay.php?fid=32)
+---- Thread: Simple DDoS Mitigation [<20 lines] (/showthread.php?tid=242)
Simple DDoS Mitigation [<20 lines] - Fallen - 10-05-2009
This is a simple *nix DDoS mitigation script I wrote for my own server. It uses some AWK magic, with netstat, to show connections per IP on the server. If an IP has more connections then the set limit, a NullRoute will be added for the offending IP. It will then wait the specified time and repeat. This has proved to be effective with simple DDoS attacks.
CONLIMIT = Maximum connections from a single IP
SLEEP = Time in seconds to wait before repeating the cycle
Code:
#!/usr/bin/env python
import os, time
CONLIMIT = 20
SLEEP = 12
Round = 0
Banned = 0
while True:
Round += 1
for Line in os.popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", "r").read().split("\n"):
List = Line.split(" ")
try:
if int(List[-2]) > CONLIMIT:
os.system( "route add %s gw 127.0.0.1 lo" % ( List[ -1 ] ) )
print "Banning %s...." % ( List[ -1 ] )
Banned += 1
except Exception:
pass
print "Round: %s Bans: %s" % ( str(Round), str(Banned) )
time.sleep(SLEEP)RE: Simple DDoS Mitigation [<20 lines] - Nyx- - 10-05-2009
wow awesome script ^__^
RE: Simple DDoS Mitigation [<20 lines] - MyNameIs940 - 10-05-2009
How does it add it I don't understand python, does it use iptables or what? I found a script that uses iptables and looks just like this one, same netstat command. (netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n)
http://deflate.medialayer.com/
RE: Simple DDoS Mitigation [<20 lines] - Elektrisk - 10-05-2009
Great script. This seemed to work well on your forums
RE: Simple DDoS Mitigation [<20 lines] - St0rmW1nd - 10-05-2009
Great script, code looks neat
RE: Simple DDoS Mitigation [<20 lines] - Fallen - 10-05-2009
(10-05-2009, 02:50 PM)MyNameIs940 Wrote: How does it add it I don't understand python, does it use iptables or what? I found a script that uses iptables and looks just like this one, same netstat command. (netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n)
http://deflate.medialayer.com/
yeah thats how it counts, using AWK
RE: Simple DDoS Mitigation [<20 lines] - MyNameIs940 - 10-05-2009
(10-05-2009, 03:54 PM)Fallen Wrote: yeah thats how it counts, using AWK
Ah ok, but this still wastes your banwidth which sucks
but atleast people can still have access to your site.
RE: Simple DDoS Mitigation [<20 lines] - S0rath 0f the Black Sun - 10-08-2009
(10-05-2009, 04:00 PM)MyNameIs940 Wrote: Ah ok, but this still wastes your banwidth which sucks
Better than having low level skids DDoSing your site with a basic ddos. At least it still allows access for the honest user.
Great script Fallen, and it's short, neat and easy to understand too.
RE: Simple DDoS Mitigation [<20 lines] - Dr.Viper - 10-08-2009
Awesome script dude.
Thnx.
RE: Simple DDoS Mitigation [<20 lines] - Socrates - 10-08-2009
You always make good programs.
