linux防ddos攻击工具 DoS Deflate

DoS Deflate 是一个轻量级阻止拒绝服务攻击的bash shell脚本。我们可以根据自己需要修改特定参数,来达到目的!
安装/卸载都很简单,分别执行下面三步就可以了:

#安装
wget http://www.inetbase.com/scripts/ddos/install.sh  
chmod 0700 install.sh  
./install.sh  

#卸载 
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos  
chmod 0700 uninstall.ddos  
./uninstall.ddos 

#查看一下install.sh文件
[root@localhost src]#less install.sh   
#!/bin/sh  
if [ -d '/usr/local/ddos' ]; then  
        echo; echo; echo "Please un-install the previous version first"  
        exit 0  
else  
        mkdir /usr/local/ddos  
fi  
clear  
echo; echo 'Installing DOS-Deflate 0.6'; echo  
echo; echo -n 'Downloading source files...'  
wget -q -O /usr/local/ddos/ddos.conf http://www.inetbase.com/scripts/ddos/ddos.conf  
echo -n '.'  
wget -q -O /usr/local/ddos/LICENSE http://www.inetbase.com/scripts/ddos/LICENSE  
echo -n '.'  
wget -q -O /usr/local/ddos/ignore.ip.list http://www.inetbase.com/scripts/ddos/ignore.ip.list  
echo -n '.'  
wget -q -O /usr/local/ddos/ddos.sh http://www.inetbase.com/scripts/ddos/ddos.sh  
chmod 0755 /usr/local/ddos/ddos.sh  
cp -s /usr/local/ddos/ddos.sh /usr/local/sbin/ddos  
echo '...done'  
 
echo; echo -n 'Creating cron to run script every minute.....(Default setting)'  
/usr/local/ddos/ddos.sh --cron > /dev/null 2>&1  
echo '.....done'  
 
 
echo; echo 'Installation has completed.'  
echo 'Config file is at /usr/local/ddos/ddos.conf'  
echo 'Please send in your comments and/or suggestions to zaf@vsnl.com'  
echo  
cat /usr/local/ddos/LICENSE | less 

从install.sh可以看出DoS Deflate安装过程主要是下载四个文件


ddos.conf    DoS Deflate配置文件
LICENSE    说明文件
ignore.ip.list   白名单文件
ddos.sh          核心安装脚本

和执行/usr/local/ddos/ddos.sh --cron 这个脚本。

[root@localhost src]# cat /usr/local/ddos/ddos.sh  
#!/bin/sh  
##############################################################################  
# DDoS-Deflate version 0.6 Author: Zaf <zaf@vsnl.com>                        #  
##############################################################################  
# This program is distributed under the "Artistic License" Agreement         #  
#                                                                            #  
# The LICENSE file is located in the same directory as this program. Please  #  
#  read the LICENSE file before you make copies or distribute this program   #  
##############################################################################  
load_conf()  
{  
        CONF="/usr/local/ddos/ddos.conf" 
        if [ -f "$CONF" ] && [ ! "$CONF" ==     "" ]; then  
                source $CONF  
        else  
                head  
                echo "\$CONF not found."  
                exit 1  
        fi  
}  
##加载配置文件/usr/local/ddos/ddos.conf  
 
head()  
{  
        echo "DDoS-Deflate version 0.6"  
        echo "Copyright (C) 2005, Zaf <zaf@vsnl.com>"  
        echo  
}  
##显示版本,作者信息  
 
showhelp()  
{  
        head  
        echo 'Usage: ddos.sh [OPTIONS] [N]'  
        echo 'N : number of tcp/udp     connections (default 150)'  
        echo 'OPTIONS:'  
        echo '-h | --help: Show this help screen'  
        echo '-c | --cron: Create cron job to run this script regularly (default 1 mins)'  
        echo '-k | --kill: Block the offending ip making more than N connections'  
}  
##显示使用方式  
 
unbanip()  
{  
        UNBAN_SCRIPT=`mktemp /tmp/unban.XXXXXXXX`  
        TMP_FILE=`mktemp /tmp/unban.XXXXXXXX`  
        UNBAN_IP_LIST=`mktemp /tmp/unban.XXXXXXXX`  
        echo '#!/bin/sh' > $UNBAN_SCRIPT  
        echo "sleep $BAN_PERIOD" >> $UNBAN_SCRIPT  
        if [ $APF_BAN -eq 1 ]; then  
                while read line; do  
                        echo "$APF -u $line" >> $UNBAN_SCRIPT  
                        echo $line >> $UNBAN_IP_LIST  
                done < $BANNED_IP_LIST  
        else  
                while read line; do  
                        echo "$IPT -D INPUT -s $line -j DROP" >> $UNBAN_SCRIPT  
                        echo $line >> $UNBAN_IP_LIST  
                done < $BANNED_IP_LIST  
        fi  
        echo "grep -v --file=$UNBAN_IP_LIST $IGNORE_IP_LIST > $TMP_FILE" >> $UNBAN_SCRIPT  
        echo "mv $TMP_FILE $IGNORE_IP_LIST" >> $UNBAN_SCRIPT  
        echo "rm -f $UNBAN_SCRIPT" >> $UNBAN_SCRIPT  
        echo "rm -f $UNBAN_IP_LIST" >> $UNBAN_SCRIPT  
        echo "rm -f $TMP_FILE" >> $UNBAN_SCRIPT  
        . $UNBAN_SCRIPT &  
}  
##用于取消已经被禁止访问的ip  
 
add_to_cron()  
{  
        rm -f $CRON  
        sleep 1  
        service crond restart  
        sleep 1  
        echo "SHELL=/bin/sh" > $CRON  
        if [ $FREQ -le 2 ]; then  
                echo "0-59/$FREQ * * * * root /usr/local/ddos/ddos.sh >/dev/null 2>&1" >> $CRON  
        else  
                let "START_MINUTE = $RANDOM % ($FREQ - 1)"  
                let "START_MINUTE = $START_MINUTE + 1"  
                let "END_MINUTE = 60 - $FREQ + $START_MINUTE"  
                echo "$START_MINUTE-$END_MINUTE/$FREQ * * * * root /usr/local/ddos/ddos.sh >/dev/null 2>&1" >> $CRON  
        fi  
        service crond restart  
}  
##执行主程序,生成crontab,在安装的时候执行一次  
 
 
load_conf  
while [ $1 ]; do  
        case $1 in  
                '-h' | '--help' | '?' )  
                        showhelp  
                        exit  
                        ;;  
                '--cron' | '-c' )  
                        add_to_cron  
                        exit  
                        ;;  
                '--kill' | '-k' )  
                        KILL=1 
                        ;;  
                 *[0-9]* )  
                        NO_OF_CONNECTIONS=$1  
                        ;;  
                * )  
                        showhelp  
                        exit  
                        ;;  
        esac  
        shift  
done  
 
TMP_PREFIX='/tmp/ddos' 
TMP_FILE="mktemp $TMP_PREFIX.XXXXXXXX" 
BANNED_IP_MAIL=`$TMP_FILE`  
BANNED_IP_LIST=`$TMP_FILE`  
echo "Banned the following ip addresses on `date`" > $BANNED_IP_MAIL  
echo >> $BANNED_IP_MAIL  
BAD_IP_LIST=`$TMP_FILE`  
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST  
cat $BAD_IP_LIST  
if [ $KILL -eq 1 ]; then  
        IP_BAN_NOW=0 
        while read line; do  
                CURR_LINE_CONN=$(echo $line | cut -d" " -f1)  
                CURR_LINE_IP=$(echo $line | cut -d" " -f2)  
                if [ $CURR_LINE_CONN -lt $NO_OF_CONNECTIONS ]; then  
                        break  
                fi  
                IGNORE_BAN=`grep -c $CURR_LINE_IP $IGNORE_IP_LIST`  
                if [ $IGNORE_BAN -ge 1 ]; then  
                        continue  
                fi  
                IP_BAN_NOW=1 
                echo "$CURR_LINE_IP with $CURR_LINE_CONN connections" >> $BANNED_IP_MAIL  
                echo $CURR_LINE_IP >> $BANNED_IP_LIST  
                echo $CURR_LINE_IP >> $IGNORE_IP_LIST  
                if [ $APF_BAN -eq 1 ]; then  
                        $APF -d $CURR_LINE_IP  
                else  
                        $IPT -I INPUT -s $CURR_LINE_IP -j DROP  
                fi  
        done < $BAD_IP_LIST  
        if [ $IP_BAN_NOW -eq 1 ]; then  
                dt=`date`  
                if [ $EMAIL_TO != "" ]; then  
                        cat $BANNED_IP_MAIL | mail -s "IP addresses banned on $dt" $EMAIL_TO  
                fi  
                unbanip  
        fi  
fi  
rm -f $TMP_PREFIX.* 

整个脚本判断的根据通过单个ip连接数,然后根据/usr/local/ddos/ddos.conf里面定义的NO_OF_CONNECTIONS的值判断有没有达到drop条件,如果达到再根据里面定义(APF_BAN默认是APF,如需要iptables需要改)使用:iptables或者APF来drop掉这个ip地址,让它在规定的时间内(由BAN_PERIOD定义)无法访问该服务器。可以看出整个脚本如果使用iptables过滤的话是很简单的,完全自己可以写一个脚本来实现上面功能。

#!/bin/bash  
 
NO_OF_CONNECTIONS=100 
BLACKLIST=/var/tmp/black  
WHITELIST=/var/tmp/white  
#cat ${ACCCESS_LOG} | awk '{print $1}' | sort | uniq -c | sort -r -n | head -n 200 >> my_check  
 
if [ ! -f ${BLACKLIST} ]; then  
    touch ${BLACKLIST}  
fi  
 
if [ ! -f ${WHITELIST} ]; then  
    touch ${WHITELIST}  
fi  
 
while read Num Ipaddr ;do  
    if [ $(grep -c $Ipaddr ${WHITELIST}) -ne 0 ]; then  
        echo 'Allow IP:' $Ipaddr  
        continue  
    fi  
    if [ $(grep -c $Ipaddr ${BLACKLIST}) -eq 0 ] ; then  
        if [ $Num -gt $NO_OF_CONNECTIONS ];then  
            echo 'Deny IP:' $Ipaddr   
            echo $Ipaddr >> ${BLACKLIST}  
            iptables -I INPUT -p tcp --dport 80 -s $Ipaddr -j DROP  
        fi  
    fi  
done <<-'EOF'   
`netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr`  
EOF 

只是上面的脚本少了解封被禁止的ip过程,我个人认为解封没有太大意义.无论是DoS Deflate或者是上面我自己写的脚本,最重要的都是NO_OF_CONNECTIONS值设置。

 

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值