当前位置:网站首页>Solve DoS attack production cases
Solve DoS attack production cases
2022-07-06 18:39:00 【JohnnyFang】
The requirements of this experiment are : according to web Number of log or network connections , Monitor when a IP Number of concurrent connections or in a short time PV achieve 100, Call the firewall command to block the corresponding IP, Monitoring frequency every 5 minute . The firewall command is :iptables -A INPUT -s IP -j REJECT.
Because the monitoring frequency is every 5 Minutes at a time , We can use scripts + Plan tasks to operate .
- Create script
First, create two files to store the ip Situation and forbidden ip Information , Then create the script dos.sh. Script ,ss -nt | awk -F" +|:" '/ESTAB/{print $6}' | sort | uniq -c The command can filter out the currently connected hosts Ip And number of connections , We input this information into dos.txt in , And then use it exec Command from the dos.txt The information is read from the file ; At the same time, we will single ip Number of connections and ip Set as variables respectively $nums and $ip, When reading line by line , If $nums achieve 100( Greater than or equal to -ge), Will ip Prohibition , At the same time dos_drop.txt write in $ip is dorpped( Here's the picture ).
perform chmod +x dos.sh Command gives script execution permission , perform bash dos.sh Command view effect , Because of the problem of the author's experiment , So for the time being, there is only dos.txt There are records in the document ( Here's the picture ).
In order to see the effect as soon as possible , The author first sets the upper limit of the number of connections to 3, After execution ,dos_drop.txt There are also records in the document ( Here's the picture ).
* So in the above script , Better add “sleep 10” Or a longer time limit , Otherwise, it will be banned all the time ip Enter information into dos_drop.txt In file , It may cause the remote connection to crash .
- Create a scheduled task
The creation of planned tasks was mentioned in the homework of last week , I won't go into details here , perform crontab -e Command to create a scheduled task , In case of unclear , Write directly above PATH route , Because it's every 5 Once per minute , The first part of the planning task is */5( Here's the picture ).
To this step , We can let the host check by itself according to the time ip Connection , And count the information into the corresponding file to view .
边栏推荐
猜你喜欢
使用cpolar建立一个商业网站(1)
C#/VB.NET 给PDF文档添加文本/图像水印
徐翔妻子应莹回应“股评”:自己写的!
[.Net core] solution to error reporting due to too long request length
SQL injection - access injection, access offset injection
关于npm install 报错问题 error 1
Maixll-Dock 摄像头使用
Docker installation redis
图之广度优先遍历
Distiller les connaissances du modèle interactif! L'Université de technologie de Chine & meituan propose Virt, qui a à la fois l'efficacité du modèle à deux tours et la performance du modèle interacti
随机推荐
SQL优化问题的简述
Breadth first traversal of graph
C language college laboratory reservation registration system
Docker installation redis
DOM简要
CSRF漏洞分析
Splay
POJ 2208 已知边四面体六个长度,计算体积
Maixll dock camera usage
Jushan database was among the first batch of financial information innovation solutions!
celery最佳实践
用友OA漏洞学习——NCFindWeb 目录遍历漏洞
node の SQLite
小程序在产业互联网中的作用
AFNetworking框架_上传文件或图像server
随着MapReduce job实现去加重,多种输出文件夹
C#/VB.NET 给PDF文档添加文本/图像水印
287. Find duplicates
Unity资源顺序加载的一个方法
爬虫玩得好,牢饭吃到饱?这3条底线千万不能碰!