Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Simple DDoS Mitigation [<20 lines]
#1
This is a simple *nix DDoS mitigation script I wrote for my own server. It uses some AWK magic, with netstat, to show connections per IP on the server. If an IP has more connections then the set limit, a NullRoute will be added for the offending IP. It will then wait the specified time and repeat. This has proved to be effective with simple DDoS attacks.

CONLIMIT = Maximum connections from a single IP
SLEEP = Time in seconds to wait before repeating the cycle

Code:
#!/usr/bin/env python
import os, time
CONLIMIT = 20
SLEEP = 12
Round = 0
Banned = 0
while True:
Round += 1
for Line in os.popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", "r").read().split("\n"):
  List = Line.split(" ")
  try:
   if int(List[-2]) > CONLIMIT:
    os.system( "route add %s gw 127.0.0.1 lo" % ( List[ -1 ] ) )
    print "Banning %s...." % ( List[ -1 ] )
    Banned += 1
  except Exception:
    pass
print "Round: %s Bans: %s" % ( str(Round), str(Banned) )
time.sleep(SLEEP)
[Image: nv70ad.png]
Terrorcore, unleash, extermination
Hyper real, cold blood, determination
fudge them, I like this sensation
Incredible, I from the annihilation
Reply


Messages In This Thread
Simple DDoS Mitigation [<20 lines] - by Fallen - 10-05-2009, 02:26 PM
RE: Simple DDoS Mitigation [<20 lines] - by Nyx- - 10-05-2009, 02:42 PM
RE: Simple DDoS Mitigation [<20 lines] - by wat - 11-08-2009, 07:31 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)