Simple DDoS Mitigation [<20 lines]

[Fallen]

This is a simple *nix DDoS mitigation script I wrote for my own server. It uses some AWK magic, with netstat, to show connections per IP on the server. If an IP has more connections then the set limit, a NullRoute will be added for the offending IP. It will then wait the specified time and repeat. This has proved to be effective with simple DDoS attacks.

CONLIMIT = Maximum connections from a single IP
SLEEP = Time in seconds to wait before repeating the cycle

Code:

#!/usr/bin/env python
import os, time
CONLIMIT = 20
SLEEP = 12
Round = 0
Banned = 0
while True:
Round += 1
for Line in os.popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", "r").read().split("\n"):
  List = Line.split(" ")
  try:
   if int(List[-2]) > CONLIMIT:
    os.system( "route add %s gw 127.0.0.1 lo" % ( List[ -1 ] ) )
    print "Banning %s...." % ( List[ -1 ] )
    Banned += 1
  except Exception:
    pass
print "Round: %s Bans: %s" % ( str(Round), str(Banned) )
time.sleep(SLEEP)