Protection against DDos. Simple but effective script

    Recently I was preoccupied with finding an adequate solution to protect some controlled resources from DDos attacks.
    The first thing they advised was Cisco Guard. But since it required something lightweight and not so expensive, I decided to look towards software products.
    After a short google, I came across a small script (D) DoS-Deflate

    It works quite simply - every minute a command is launched on the crown
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    and all IPs are selected, the number of connections from which exceeds the limit specified in the config file (default is 150).
    Ban time is also configured in the config. You can also choose which firewall to work with - iptables or apf (add-on for iptables).

    The solution is quite obvious, the verbal descriptions slipped through before that, but I had never seen such a ready-made implementation.

    UPD: do not forget that this script, due to its simplicity, will not save you from serious custom attacks, but most kulhackers will stop

    Also popular now: