Shulou(Shulou.com)06/01 Report--

DoS Deflate is a lightweight bash shell script that prevents denial of service. We can modify specific parameters according to our own needs to achieve our goal!

Installing / uninstalling is easy, just perform the following three steps:

Wget http://www.inetbase.com/scripts/ddos/install.shchmod 0700 install.sh./install.shwget http://www.inetbase.com/scripts/ddos/uninstall.ddoschmod 0700 uninstall.ddos./uninstall.ddos [root@localhost src] # less install.shrunk; thenecho; echo; echo "Please un-install the previous version first" exit 0elsemkdir / usr/local/ddosficlearecho; echo 'Installing DOS-Deflate 0.6mm; echoecho Echo-n 'Downloading source files...'wget-Q-O / usr/local/ddos/ddos.conf http://www.inetbase.com/scripts/ddos/ddos.confecho-n'. 'wget-Q-O / usr/local/ddos/LICENSE http://www.inetbase.com/scripts/ddos/LICENSEecho-n'. 'wget-Q-O / usr/local/ddos/ignore.ip.list http://www.inetbase.com/scripts/ddos/ignore.ip.listecho-n' . 'wget-Q-O / usr/local/ddos/ddos.sh http://www.inetbase.com/scripts/ddos/ddos.shchmod 0755 / usr/local/ddos/ddos.shcp-s / usr/local/ddos/ddos.sh / usr/local/sbin/ddosecho'... done'echo Echo-n 'Creating cron to run script every minute. (Default setting)' / usr/local/ddos/ddos.sh-- cron > / dev/null 2 > & 1echo '.done'echo; echo' Installation has completed.'echo 'Config file is at / usr/local/ddos/ddos.conf'echo' Please send in your comments and/or suggestions to zaf@vsnl.com'echocat / usr/local/ddos/LICENSE | less

From install.sh, we can see that the main process of DoS Deflate installation is to download four files (

Ddos.conf DoS Deflate profile

LICENSE description file

Ignore.ip.list whitelist file

Ddos.sh Core installation script

) and execute the script / usr/local/ddos/ddos.sh-- cron.

[root@localhost src] # cat / usr/local/ddos/ddos.sh#!/bin/sh#### DDoS-Deflate version 0.6 Author: Zaf # # This program is distributed under the "Artistic License" Agreement # The LICENSE file is located in the same directory as this program. Please # # read the LICENSE file before you make copies or distribute this program # load_conf () {CONF= "/ usr/local/ddos/ddos.conf" if [- f "$CONF "] & [!" $CONF "="] Thensource $CONFelseheadecho "\ $CONF not found." exit 1fi} # # load configuration file / usr/local/ddos/ddos.confhead () {echo "DDoS-Deflate version 0.6" echo "Copyright (C) 2005, Zaf" echo} # # display version Author information showhelp () {headecho 'Usage: ddos.sh [OPTIONS] [N]' echo'N: number of tcp/udp connections (default 150) 'echo' OPTIONS:'echo'- h |-- help: Show this help screen'echo'- c |-- cron: Create cron job to run this script regularly (default 1 mins) 'echo'-k |-- kill: Block the offending ip making more than N connections'} # # shows the usage unbanip () {UNBAN_SCRIPT= `mktemp / tmp/unban. XXXXXXXX`TMP _ FILE= `mktemp / tmp/ unban.XXXXXXXXXX`Unban _ IP_LIST= `mktemp / tmp/ unban.XXXXXXXX`echo'#! / bin/sh' > $UNBAN_SCRIPTecho "sleep $BAN_PERIOD" > > $UNBAN_SCRIPTif [$APF_BAN-eq 1] Thenwhile read line; doecho "$APF-u $line" > > $UNBAN_SCRIPTecho $line > > $UNBAN_IP_LISTdone > $UNBAN_SCRIPTecho $line > > $UNBAN_IP_LISTdone > $UNBAN_SCRIPTecho "mv $TMP_FILE $IGNORE_IP_LIST" > > $UNBAN_SCRIPTecho "rm-f $UNBAN_SCRIPT" > > $UNBAN_SCRIPTecho "rm-f $UNBAN_IP_LIST" > $UNBAN_SCRIPTecho "rm-f $TMP_FILE" > > $UNBAN_SCRIPT. $UNBAN_SCRIPT &} # # used to cancel ipadd_to_cron () {rm-f $CRONsleep 1service crond restartsleep 1echo "SHELL=/bin/sh" > $CRONif [$FREQ-le 2] Thenecho "0-59/$FREQ * root / usr/local/ddos/ddos.sh > / dev/null 2 > & 1" > $CRONelselet "START_MINUTE = $RANDOM% ($FREQ-1)" let "START_MINUTE = $START_MINUTE + 1" let "END_MINUTE = 60-$FREQ + $START_MINUTE" echo "$START_MINUTE-$END_MINUTE/$FREQ * root / usr/local/ddos/ddos.sh > / dev/null 2 > & 1" > > $CRONfiservice crond restart} # # execute the main program Generate crontab and execute load_confwhile once during installation [$1] Docase $1 in'-h' |'--help' |'?) showhelpexit;;'--cron' |'- c') add_to_cronexit;;'--kill' |'- k') KILL=1;;* [0-9] *) NO_OF_CONNECTIONS=$1;;*) showhelpexit EsacshiftdoneTMP_PREFIX='/tmp/ddos'TMP_FILE= "mktemp $TMP_PREFIX.XXXXXXXX" BANNED_IP_MAIL= `$TMP_ FILE`BANNED _ IP_LIST=` $TMP_ FILE`echo "Banned the following ip addresses on `date`" > $BANNED_IP_MAILecho > > $BANNED_IP_MAILBAD_IP_LIST= `$ TMP_ FILE`netstat-ntu | awk'{print $5}'| cut-d:-F1 | sort | uniq-c | sort-nr > $BAD_IP_LISTcat $BAD_IP_LISTif [$KILL-eq 1]; DoCURR_LINE_CONN=$ (echo $line | cut-d ""-F1) CURR_LINE_IP=$ (echo $line | cut-d ""-f2) if [$CURR_LINE_CONN-lt $NO_OF_CONNECTIONS]; thenbreakfiIGNORE_BAN= `grep-c $CURR_LINE_IP $IGNORE_IP_ list `if [$IGNORE_BAN-ge 1] ThencontinuefiIP_BAN_NOW=1echo "$CURR_LINE_IP with $CURR_LINE_CONN connections" > > $BANNED_IP_MAILecho $CURR_LINE_IP > > $BANNED_IP_LISTecho $CURR_LINE_IP > > $IGNORE_IP_LISTif [$APF_BAN-eq 1]; then$APF-d $CURR_LINE_IPelse$IPT-I INPUT-s $CURR_LINE_IP-j DROPfidone > my_checkif [!-f ${BLACKLIST}]; thentouch ${BLACKLIST} fiif [!-f ${WHITELIST}]; thentouch ${WHITELIST} fiwhile read Num Ipaddr Doif [$(grep-c $Ipaddr ${WHITELIST})-ne 0]; thenecho 'Allow IP:' $Ipaddrcontinuefiif [$(grep-c $Ipaddr ${BLACKLIST})-eq 0]; thenif [$Num-gt $NO_OF_CONNECTIONS]; thenecho' Deny IP:' $Ipaddrecho $Ipaddr > > ${BLACKLIST} iptables-I INPUT-p tcp-dport 80-s $Ipaddr-j DROPfifidone

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.