update ddos script

ad0f8f1d · Vitaly Lipatov · 2f779e48 · 2f779e48 · ad0f8f1d
Commit ad0f8f1d authored Aug 11, 2015 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 28 deletions

load_avg_vz.sh common/load_avg_vz.sh +0 -10

check_ddos_ip.sh ddos/check_ddos_ip.sh +16 -18

No files found.
--- a/common/load_avg_vz.sh
+++ b/common/load_avg_vz.sh
-#!/bin/sh
-for id in $(vzlist | sed -e "s| *\([0-9]*\).*|\1|g") ; do
-    CONF=/etc/vz/conf/$id.conf
-    test -r $CONF || continue
-    eval `cat $CONF | grep ^HOSTNAME | sed -e "s|office.etersoft.ru||g"`
-    printf "%4s (%20s):" $id $HOSTNAME
-    vzctl exec $id uptime
-done
-echo "---"
-uptime
--- a/ddos/check_ddos_ip.sh
+++ b/ddos/check_ddos_ip.sh
 #!/bin/bash
 cd /root/bin
-IFDEV=breth0
+# Сколько запросов анализируем за раз
-# Сколко запоов анализием за аз
 NUMP=10000
-# Сколко поенов може занима один аде
+# Сколько процентов может занимать один адрес
 MAXPERC=15
-# акимм вемени на tcpdmp
+# Максимум времени на tcpdmp
 TIMEP=15
 get_already_dropped()
 {
-        /sbin/iptables -L -n | grep DROP | awk '{print $4;}' > ipt.dropped.list
+	/sbin/iptables -L -n | grep DROP | awk '{print $4;}' > ipt.dropped.list
 }
 do_drop()
 {
-        grep -q "$1" ipt.dropped.list white.list && return 1
+	grep -q "$1" ipt.dropped.list white.list && return 1
-        echo "$1 # $2 percent, $(date)" >> dropped.list
+	echo "$1 # $2 percent, $(date)" >> dropped.list
-        /sbin/iptables -A INPUT -s $1 -j DROP
+	/sbin/iptables -A INPUT -s $1 -j DROP
 }
 get_already_dropped
 SECST=$(date "+%s")
-timeout -s SIGQUIT $TIMEP /usr/sbin/tcpdump -n -c $NUMP -f -i $IFDEV dst 212.176.192.225 or dst 212.176.200.17 | \
+timeout -s SIGQUIT $TIMEP /usr/sbin/tcpdump -n -c $NUMP -f -i inet dst 212.176.192.225 or dst 212.176.200.17 | \
-        awk '{print $3;}' | \
+	awk '{print $3;}' | \
-        sed 's/\([[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*\)\..*/\1/g' > full.list
+	sed 's/\([[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*\)\..*/\1/g' > full.list
 SECST=$(($(date "+%s")-$SECST))
 NUMP=$(cat full.list | wc -l)
@@ -36,12 +34,12 @@ cat full.list | sort | uniq -c | sort -r -n > attack.list
 TOTALATTACKED=0
 while read c ip ; do
-        #echo $c = $ip
+	#echo $c = $ip
-        perc=$((100*$c/$NUMP))
+	perc=$((100*$c/$NUMP))
-        if [ $perc -gt $MAXPERC ] ; then
+	if [ $perc -gt $MAXPERC ] ; then
-                do_drop $ip $perc && echo "Drop IP $ip with $perc percent traffic" || echo "IP $ip already dropped"
+		do_drop $ip $perc && echo "Drop IP $ip with $perc percent traffic" || echo "IP $ip already dropped"
-                TOTALATTACKED=$(($TOTALATTACKED+$perc))
+		TOTALATTACKED=$(($TOTALATTACKED+$perc))
-        fi
+	fi
 done < attack.list
 echo "Checked packages: $NUMP ($SECST secs). Traffic: $(($NUMP/$SECST)) rps. Atacker percent: $TOTALATTACKED" | tee result.out