Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- iptables -n -L |grep DROP | awk '{ print $4 }'|sort|uniq| grep -v \/>bips
- netstat -apn | grep :80| grep SYN_RECV | awk '{ print $5 }'| cut -d : -f1| sort| uniq>dosips
- tail -3000 /usr/local/apache/logs/access_log| grep -w 408 | awk '{ print $1 }'>>dosips
- cat dosips|sort|uniq>dosip
- for i in `cat dosip`
- do
- if ( ! grep -q $i bips )
- then
- echo " The new SYN attack ip that is being blocked is $i"
- iptables -A INPUT -s $i -p tcp --dport 80 -j DROP
- fi
- done
- service iptables save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement