On 06/22/2011 01:38 PM, Frank Murphy wrote:
> How could I modify the script,
>
> netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
>
> so I can see the banned ip addresses.
> I nstead of just:
>
> "Banned the following ip addresses on Wed Jun 22 10:15:01 IST 2011
>
> 234 with 234 connections"
Looks like the script has a bug. The line that outputs this is:
echo "$CURR_LINE_IP with $CURR_LINE_CONN connections" >> $BANNED_IP_MAIL
So it certainly appears to be trying to output the IP in the message.
CURR_LINE_IP is set here (a few lines up):
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
At a guess I would think that this cut line is not correct for the output format
of the data generated by the netstat | awk | cut | sort | blah line (awk|cut?
seriously? :).
> ddos deflate: http://deflate.medialayer.com/
I would just not use this to be honest - aside from some pretty basic scripting
bugs and style faux-pas the idea of dealing with a DDoS by adding local iptables
rules has some pretty big conceptual problems - if the attacker has sufficient
hosts in the DoS to actually swamp the target's connection (i.e. it's an
effective attack and not merely a gesture) no amount of local firewall rules
will help.
Regards,
Bryn.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
