Friday, October 1, 2010

Chống DOS đơn giản dạng SYN attack

If you want to block an ip when it reaches a limited number of connections then here is your solution
This script limits to 100 connections and on port 80, you can change both of them and run this at cron on every 1 minute.

#!/bin/bash

#Collecting list of ip addresses connected to port 80

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/blocked.ip.txt