Support Forums

Support Forums > Categories > Coding Support Forums > Python Programming Language > Simple DDoS Mitigation [<20 lines]
Full Version: Simple DDoS Mitigation [<20 lines]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3

Fallen

10-05-2009, 02:26 PM
This is a simple *nix DDoS mitigation script I wrote for my own server. It uses some AWK magic, with netstat, to show connections per IP on the server. If an IP has more connections then the set limit, a NullRoute will be added for the offending IP. It will then wait the specified time and repeat. This has proved to be effective with simple DDoS attacks.

CONLIMIT = Maximum connections from a single IP
SLEEP = Time in seconds to wait before repeating the cycle

Code:
#!/usr/bin/env python
import os, time
CONLIMIT = 20
SLEEP = 12
Round = 0
Banned = 0
while True:
Round += 1
for Line in os.popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", "r").read().split("\n"):
  List = Line.split(" ")
  try:
   if int(List[-2]) > CONLIMIT:
    os.system( "route add %s gw 127.0.0.1 lo" % ( List[ -1 ] ) )
    print "Banning %s...." % ( List[ -1 ] )
    Banned += 1
  except Exception:
    pass
print "Round: %s Bans: %s" % ( str(Round), str(Banned) )
time.sleep(SLEEP)

Nyx-

10-05-2009, 02:42 PM
wow awesome script ^__^

MyNameIs940

10-05-2009, 02:50 PM
How does it add it I don't understand python, does it use iptables or what? I found a script that uses iptables and looks just like this one, same netstat command. (netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n)


http://deflate.medialayer.com/

Elektrisk

10-05-2009, 02:59 PM
Great script. This seemed to work well on your forums Smile

St0rmW1nd

10-05-2009, 03:00 PM
Great script, code looks neat Smile

Fallen

10-05-2009, 03:54 PM
(10-05-2009, 02:50 PM)MyNameIs940 Wrote: [ -> ]How does it add it I don't understand python, does it use iptables or what? I found a script that uses iptables and looks just like this one, same netstat command. (netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n)


http://deflate.medialayer.com/

yeah thats how it counts, using AWK

MyNameIs940

10-05-2009, 04:00 PM
(10-05-2009, 03:54 PM)Fallen Wrote: [ -> ]yeah thats how it counts, using AWK

Ah ok, but this still wastes your banwidth which sucks Sad but atleast people can still have access to your site.

S0rath 0f the Black Sun

10-08-2009, 05:06 AM
(10-05-2009, 04:00 PM)MyNameIs940 Wrote: [ -> ]Ah ok, but this still wastes your banwidth which sucks Sad but atleast people can still have access to your site.

Better than having low level skids DDoSing your site with a basic ddos. At least it still allows access for the honest user.


Great script Fallen, and it's short, neat and easy to understand too. Big Grin

Dr.Viper

10-08-2009, 07:46 AM
Awesome script dude.
Thnx.

Socrates

10-08-2009, 03:03 PM
You always make good programs. Tongue
Pages: 1 2 3
Support Forums > Categories > Coding Support Forums > Python Programming Language > Simple DDoS Mitigation [<20 lines]