+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Coding Support Forums (https://www.supportforums.net/forumdisplay.php?fid=18)
+---- Forum: Python Programming Language (https://www.supportforums.net/forumdisplay.php?fid=32)
+---- Thread: Simple DDoS Mitigation [<20 lines] (/showthread.php?tid=242)
RE: Simple DDoS Mitigation [<20 lines] - Akshay* - 10-08-2009
gud useful thing.
thanx
RE: Simple DDoS Mitigation [<20 lines] - GhostRaider - 10-10-2009
Nice program I'm using it right now and it works fine but what does the round and banned stand for?
RE: Simple DDoS Mitigation [<20 lines] - Guerriero420 - 10-10-2009
(10-05-2009, 02:26 PM)Fallen Wrote: This is a simple *nix DDoS mitigation script I wrote for my own server. It uses some AWK magic, with netstat, to show connections per IP on the server. If an IP has more connections then the set limit, a NullRoute will be added for the offending IP. It will then wait the specified time and repeat. This has proved to be effective with simple DDoS attacks.
CONLIMIT = Maximum connections from a single IP
SLEEP = Time in seconds to wait before repeating the cycle
Code:#!/usr/bin/env python
import os, time
CONLIMIT = 20
SLEEP = 12
Round = 0
Banned = 0
while True:
Round += 1
for Line in os.popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", "r").read().split("\n"):
List = Line.split(" ")
try:
if int(List[-2]) > CONLIMIT:
os.system( "route add %s gw 127.0.0.1 lo" % ( List[ -1 ] ) )
print "Banning %s...." % ( List[ -1 ] )
Banned += 1
except Exception:
pass
print "Round: %s Bans: %s" % ( str(Round), str(Banned) )
time.sleep(SLEEP)
Don't know too much about python but, good going.
RE: Simple DDoS Mitigation [<20 lines] - Fallen - 10-10-2009
(10-10-2009, 08:12 AM)GhostRaider Wrote: Nice program I'm using it right now and it works fine but what does the round and banned stand for?
Just variables used inside the program, round is how many rotations the script has gone through and banned is how many offending IP's the script has banned
RE: Simple DDoS Mitigation [<20 lines] - GhostRaider - 10-10-2009
Cool so I'm gussing it can dos sites also right?
RE: Simple DDoS Mitigation [<20 lines] - Fallen - 10-10-2009
(10-10-2009, 09:23 AM)GhostRaider Wrote: Cool so I'm gussing it can dos sites also right?
you mean attack sites?
RE: Simple DDoS Mitigation [<20 lines] - GhostRaider - 10-11-2009
yes attack sites.
RE: Simple DDoS Mitigation [<20 lines] - Fallen - 10-11-2009
(10-11-2009, 03:28 PM)GhostRaider Wrote: yes attack sites.
no.
All this script does is just how many connections to the server a single IP has, and if the number of connections is above the limit, acts upon it.
RE: Simple DDoS Mitigation [<20 lines] - nevets04 - 10-12-2009
Simple, but effective. Good Job Fallen.
RE: Simple DDoS Mitigation [<20 lines] - wat - 11-08-2009
Bump for great justice!