DDoS deflate–Iptables减轻被DDOS/CC攻击 |
| 发表者:admin分类:网络安全2015-03-24 08:47:56 阅读[2103] |
DDoS deflate–Iptables减轻被DDOS/CC攻击
互联网上被DDOS,CC是家常便饭,在没有硬防的情况下,寻找软件代替是最直接的方法,比如用iptables,但是iptables不能在自动屏蔽,
只能手动屏蔽,今天我给大家介绍的就是一款可以自动屏蔽DDOS,CC,SYN攻击的软件:DDoS Deflate。
#: wget http://www.inetbase.com/scripts/ddos/install.sh#: chmod 0700 install.sh#: ./install.shddos.conf ? DDoS-Deflate 的配置文件,其中配置防止ddos时的各种行为
ddos.sh ? DDoS-Deflate 的主程序,使用shell编写的,整个程序的功能模块
ignore.ip.list ? 白名单,该文件中的ip超过设定的连接数时,也不被 DDoS-Deflate 阻止
LICENSE ? DDoS-Deflate 程序的发布协议
##### Paths of the script and other filesPROGDIR=”/usr/local/ddos”PROG=”/usr/local/ddos/ddos.sh”IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list” # 白名单.如有反向代理,注意添加本机地址和本机外网IP地址,防止提供反向代理的主机被判定为攻击.CRON=”/etc/cron.d/ddos.cron”APF=”/etc/apf/apf”IPT=”/sbin/iptables”##### frequency in minutes for running the script##### Caution: Every time this setting is changed, run the script with ?cron##### option so that the new frequency takes effectFREQ=1##### How many connections define a bad IP? Indicate that below. # 单IP发起连接数阀值,不建议设置太低.NO_OF_CONNECTIONS=150##### APF_BAN=1 (Make sure your APF version is atleast 0.96)##### APF_BAN=0 (Uses iptables for banning ips instead of APF) #一般情况下你是使用iptables来做防火墙,所以这里你需要将 APF_BAN的值改为0.APF_BAN=1##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)##### KILL=1 (Recommended setting)KILL=1 //是否屏蔽IP,默认即可##### An email is sent to the following address when an IP is banned. # 当单IP发起的连接数超过阀值后,将发邮件给指定的收件人.##### Blank would suppress sending of mailsEMAIL_TO=”root” //这里是邮箱,可以替换成你的邮箱##### Number of seconds the banned ip should remain in blacklist. # 设置被挡IP多少秒后移出黑名单.BAN_PERIOD=600netstat-ntu | awk'{print $5}'| cut-d: -f1 | sort| uniq-c | sort-nr > $BAD_IP_LISTnetstat-ntu | awk'{print $5}'| cut-d: -f1 | sed-n '/[0-9]/p'| sort| uniq-c | sort-nr > $BAD_IP_LIST#://www.inetbase.com/scripts/ddos/uninstall.ddos#:0700 uninstall.ddos#:/uninstall.ddosvi /usr/local/ddos/ignore.ip.list //手工设置白名单IPchattr +i /usr/local/ddos/ignore.ip.list //强制不允许修改chattr -i /usr/local/ddos/ignore.ip.list //解除不允许修改
注意:
在实际使用中发现有些不稳定,有时候将白名单中的ip地址也加入了防火墙策略。经过研究发现需要更改2个地方加以改进:
1,ip地址过滤的不够细致
在117行,更还此段代码为:netstat -ntu | awk '{print $5}' | egrep -o "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}" | sort | uniq -c | sort -nr > $BAD_IP_LIST
2,注释掉134行:echo $CURR_LINE_IP >> $IGNORE_IP_LIST
1.如何判断是否生效
使用web压力测试,自己攻击自己,详细文章,过几天会介绍
2.重新启动VPS脚本会自动运行吗?
会自动运行
3.运行必要软件是什么
iptables和sendmail 安装方法 yum install iptables或sendmail sendmail可以不装。
如果屏蔽后,请用iptables -L -n 命令查看被屏蔽的IP
安装脚本install.sh内容:
#!/bin/sh
if [ -d '/usr/local/ddos' ]; then
echo; echo; echo "Please un-install the previous version first"
exit 0
else
mkdir /usr/local/ddos
fi
clear
echo; echo 'Installing DOS-Deflate 0.6'; echo
echo; echo -n 'Downloading source files...'
wget -q -O /usr/local/ddos/ddos.conf http://www.inetbase.com/scripts/ddos/ddos.conf
echo -n '.'
wget -q -O /usr/local/ddos/LICENSE http://www.inetbase.com/scripts/ddos/LICENSE
echo -n '.'
wget -q -O /usr/local/ddos/ignore.ip.list http://www.inetbase.com/scripts/ddos/ignore.ip.list
echo -n '.'
wget -q -O /usr/local/ddos/ddos.sh http://www.inetbase.com/scripts/ddos/ddos.sh
chmod 0755 /usr/local/ddos/ddos.sh
cp -s /usr/local/ddos/ddos.sh /usr/local/sbin/ddos
echo '...done'
echo; echo -n 'Creating cron to run script every minute.....(Default setting)'
/usr/local/ddos/ddos.sh --cron > /dev/null 2>&1
echo '.....done'
echo; echo 'Installation has completed.'
echo 'Config file is at /usr/local/ddos/ddos.conf'
echo 'Please send in your comments and/or suggestions to zaf@vsnl.com'
echo
cat /usr/local/ddos/LICENSE | less
转载请标明出处【DDoS deflate–Iptables减轻被DDOS/CC攻击】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
| Tags: | [阅读全文...] |
最新评论