1

I have a lot of request from data centers to my web server on FreeBSD and sometimes it've have a lot of performance problem with my web projects. Adding to IPFW list all IP's data centers is impossible.

I don't want to use a large Anti-DDoS systems, instead want to create bash script for getting connections to my server, filter by IP and add to IPFW table IP addresses which now connect in more than 5 threads. Or maybe creating several tables on IPFW, and adding by table:

0 < 5: - nothing 5 < 10: - table 1 (15 minutes ban) 10 < 15: - table 2 (30 minutes ban) 15 < 20: - table 3 (60 minutes ban) more 20: - table 4 (1 day ban) Filter by IP should to skip Google IP's and others search engines ip's by hostname.

It's my script for grep connections, and sorting:

netstat -nptcp | egrep -v 'Active|Address' | awk '{print $5}' | cut -d. -f 1-4 | sort | uniq -c | sort -n | tail -n 30

Parsing log files it is too bad idea, because the log file sometimes is big, and I must to additional resources web server to parse and sorting.

I need realisation on bash script for check and filter connections. Maybe, know you simple solution for me?

Yevhen L.
  • 11
  • 4
  • 1
    There really is nothing you can do on your host to mitigate a DDOS attack. By the time that the packets get to your host for inspection, they have done their job and swamped your resources. – user9517 Oct 11 '15 at 11:43
  • The simple solution will protect a server from grabbing and parsing by multi threads from dedicated servers or vps/vds, because usual in dedicated servers have limited ip addresses. – Yevhen L. Oct 11 '15 at 11:50

0 Answers0