You can find the ips which have most number of connections with the command below.
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
The result of above command will look something like that is given below.
1 192.168.1.1
1 192.168.1.2
15 192.168.2.26
25 192.168.2.27
30 192.168.1.29
39 192.168.1.32
100 192.168.1.50
You can use the following script to block the ips causing ddos.
#!/bin/bash
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > test.out
for i in `cat test.out | awk '{print $2}' `
do
{
if [ "$i" != "127.0.0.1" ] && [ `cat test.out | grep $i | awk '{print$1}'` -gt 35 ] && [ "$i" != "0.0.0.0" ]
then
iptables -A INPUT -s $i -j DROP
echo "Writing the rule :iptables -A INPUT -s $i -j DROP"
fi
}
done
No comments:
Post a Comment