Autor: G. Plasky
Descripción: Script que permite detectar y prevenir pequeños Syn Floods en cualquier puerto
#!/bin/bash
#####################################
# #
# SYN Flood Detection #
# by G. Plasky #
# A simple script to detect and #
# prevent SYN floods on any port #
# #
#####################################
if [ $EUID -ne 0 ]; then
echo "You must be root to execute this script"
exit 1
fi
PATH=/bin:/usr/bin:/sbin:/usr/sbin
BACKLOG=2048
RETRIES=4
SYN=`netstat -anp| grep SYN_RECV |wc -l`
#SYN=200
if [[ $SYN -ge 200 ]]
then
echo "We appear to have a SYN flood. $SYN SYN packets detected."
echo -n "Display netstat output? "
read NET
if [[ $NET -eq "yes" || $NET -eq "y" ]]
then
echo `netstat -anp|grep SYN_RECV|more`
fi
echo "Take preventative countermeasures? "
read PREV
if [[ $PREV -eq "yes" || $PREV -eq "y" ]]
then
echo "Enabling SYN cookies protection."
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo "Increasing the backlog queue to $BACKLOG."
sysctl -w net.ipv4.tcp_max_syn_backlog="$BACKLOG" &> /dev/null
echo "Decreasing SYNACK retransmission time to $RETRIES."
sysctl -w net.ipv4.tcp_synack_retries="$RETRIES" &> /dev/null
fi
else
echo "There doesn't appear to be a SYN flood right now. $SYN SYN packets detected."
fi
Permisos: chmod 700 synflooddetector.bash
Ejecución: sudo ./synflooddetector.bash
0 comentarios:
Publicar un comentario