- 论坛徽章:
- 0
|
几天以来的防御syn flood攻击心得
原帖由 "wddllyy" 发表:
呵呵 程序太小还不够友好和完善
我打算完善后再发布
如果你急需,给我个邮箱 我发给你可执行程序
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (..........
//////////////////////////////////////////////////////////////////////////////
// Limit_con.cpp
// Copyright 2004 liu yang (x-yao@zju.edu.cn)
// Distributed under the GPL
//
// 2004.9.17
// Limit the connection number of each IP in linux system
// If the number larger than MaxConnect ,the ip will be block by iptables
// Can use it to defend simple DoS attack(eg: syn flood),
//
// install:
// gcc Limit_con.cpp -o Limit_con ; cp Limit_con /bin/Limit_con
//
// usage: (exec Limit_con every 3 minutes)
// crontab -e
// */3 * * * * /bin/Limit_con
//
////////////////////////////////////////////////////////////////////////////
#include <stdio.h>;
#include <vector>;
#include <string>;
#include <iostream>;
#include <fstream>;
#include <algorithm>;
using namespace std;
const string BanListFile = "/tmp/ban_list"; // the file record the block ip
const string DataCacheFile = "/tmp/data.cache";//the file use for cache
const int MaxConnect = 31 ;//the max connection number that you allow for each ip
int main(int argc, char *argv[ ])
{
string a="/bin/netstat | grep -e \"ESTABLISHED\\|FIN_WAIT1\\|SYN_RECV\" | awk '{print $5}' >; "+DataCacheFile;
vector < string >; IpList;
vector < int >; IpConNum;
string Ipatables_rule="/sbin/iptables -I INPUT -s ";
string BanIp;
string Ipatables_rule2=" -j REJECT";
vector < string >; BlackList;
string BlackIpString;
vector < string >;::iterator pos;
BlackList.resize(0);
//read the file to get which ip has been blocked
fstream BlackIp(BanListFile.c_str() , ios::in);
if(BlackIp.is_open())
{
while(1)
{
BlackIp >;>; BlackIpString ;
if(!BlackIp.eof())
{
BlackList.push_back(BlackIpString) ;
// cout<< BlackIpString<<" "<<BlackList.size()<<" "<<endl;
}
else break;
}
}
//exec the shell command to get current connection status,
//and send the infomation to a cache file
system(a.c_str());
//read the file to get current connection status
fstream CurrentCon(DataCacheFile.c_str(),ios::in);
if(!CurrentCon.eof())
do
{
string SingleIp;
CurrentCon >;>; SingleIp;
int i=SingleIp.find(":" ;
if(i==-1)break;
SingleIp.resize(i);
pos=find(IpList.begin() , IpList.end() , SingleIp);
if(pos != IpList.end())//if the ip in the Iplist
{
IpConNum[pos-IpList.begin()]++;//just add the ip's connection number
}
else{//else the ip is first time list in the cache file
pos=find(BlackList.begin() , BlackList.end() , SingleIp);
//if the ip was not blocked,
//sometimes you blocked the ip
//but it's connection will remain a little time
//So we check this .
if(pos == BlackList.end())
{
IpList.push_back(SingleIp);//add the ip to Iplist
IpConNum.push_back(1);
}
}
}
while(!CurrentCon.eof());
// cout<<"--------------"<<endl;
// for(int i=0; i<IpList.size() ; i++)
// {
// cout << IpList <<":"<<IpConNum<<endl;
//
// }
for(int i=0; i<IpList.size() ; i++)
{
//if the ip's connection number is larger than MaxConnect
if( IpConNum >; MaxConnect )
{
BanIp=IpList;
if(BanIp!=""
{
Ipatables_rule=Ipatables_rule+BanIp+Ipatables_rule2;
cout << "banip "<< Ipatables_rule <<endl;
system(Ipatables_rule.c_str());//use iptables to block the ip
string baninfo = "echo ";
baninfo = baninfo+BanIp.c_str()+" >;>;"+BanListFile;
system(baninfo.c_str());//add the ip to the BanListFile
Ipatables_rule = "/sbin/iptables -I INPUT -s ";
}
}
}
} |
|
免费注册
楼主: wddllyy
发表于 2004-09-17 23:27
发表于 2004-09-18 21:15
发表于 2007-04-24 14:07
