apskaičiuojam is kokio ip eina DDoS ataka
Posted: 2016 Apr 18 18:32
In linux there is a wonderful thing called the tcpdump, but not many people are well familiar with it. Here is an example of how to calculate the IP addresses from which there is a large number. packages, ie, flood, etc.
To calculate the bad IP, here are the steps in a few steps. Let's start.
Viskas paprasta
-v - easiest logging level (greater than v, the higher the level of logging, such -vvv, but in this example, we do not.)
-n - convert the host name to an IP
-w - dump file write
c - number. captured packets
If you are on a server, the IP number, add another key -i with the interface name to which you want the IP, ie -i eth0; -i eth1: 2
pavyzdis
Now, we have to somehow calculate the dumping of the IP bad, for this, use a combination of sleluyuschuyu:
Here I think no need to explain too much, that's what.
-r - read files.
awk - terminal 3 values in the row.
grep - output only IP
sort - sort
uniq - more here, just do, command displays only the unique values from the list, with a key C - output to count. references values.
As a result, we get a list of the columns then 2, in the first - number. packages, in the second - IP
pavyzdis
Next is looking at, is there bad the IP, and we will ban them.
The rate below 100 bags. By the way, count. packages is significantly different, if a player with or without incentive.
pamoka esu rades senai labai kazkokiam forume laikiau text dokumente todel negalesiu nurodyti saltinio is kur copi paste
sen prireike man sito dalykelio todel pagalvojas nusprendziau pasidalinti su visais naudinga pamoka
To calculate the bad IP, here are the steps in a few steps. Let's start.
Code: Select all
tcpdump -v -n -w badips.log dst port 27015 -c 300-v - easiest logging level (greater than v, the higher the level of logging, such -vvv, but in this example, we do not.)
-n - convert the host name to an IP
-w - dump file write
c - number. captured packets
If you are on a server, the IP number, add another key -i with the interface name to which you want the IP, ie -i eth0; -i eth1: 2
pavyzdis
Code: Select all
tcpdump -v -n -i eth0 -w badips.log dst port 27015 -c 300Code: Select all
tcpdump -nr badips.log |awk '{print $3}' |grep -oE '[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}' |sort |uniq -c |sort -rn-r - read files.
awk - terminal 3 values in the row.
grep - output only IP
sort - sort
uniq - more here, just do, command displays only the unique values from the list, with a key C - output to count. references values.
As a result, we get a list of the columns then 2, in the first - number. packages, in the second - IP
pavyzdis
Code: Select all
29 95.83.141.243 28 176.14.130.210 27 95.71.31.91 20 188.94.158.100 18 5.35.52.46 17 91.202.199.129 17 194.12.74.241 16 31.148.45.19 13 213.88.6.85 10 188.134.33.150The rate below 100 bags. By the way, count. packages is significantly different, if a player with or without incentive.
pamoka esu rades senai labai kazkokiam forume laikiau text dokumente todel negalesiu nurodyti saltinio is kur copi paste
sen prireike man sito dalykelio todel pagalvojas nusprendziau pasidalinti su visais naudinga pamoka
