API tools faq
paste
Advertisement
Guest User

DDOS email alert

a guest
May 16th, 2013
329
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.82 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # v1.0 2013-05-16 dle
  3. #set -x
  4.  
  5. test -d $HOME/report/ || mkdir $HOME/report/
  6. test -d $HOME/report/.gamas || mkdir $HOME/report/.gamas
  7. test -d $HOME/report/.out || mkdir $HOME/report/.out
  8. cd $HOME/report/
  9. find $HOME/report/.out $HOME/report/.gamas -type f -delete
  10.  
  11. ##############
  12. #if false; then
  13.  
  14. find $HOME/reports/ -type -f -delete
  15.  
  16. # top 8000
  17. head -n 8000 /srv/ddos-udp-sorted.txt | awk '{print $2}' > $HOME/top-8000.txt
  18.  
  19. cat /srv/reject-udp.txt | awk '
  20. /SRC=.*SRC=/ || ! /SRC=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ / { next }
  21. $12 ~ /SRC/ { a=$12 ; sub(/SRC=/,"",a) ; split(a,b,".") ;
  22. print $0 >> "/srv/www/logs/"b[1]"/"b[2]"/"a ; close("/srv/www/logs/"b[1]"/"b[2]"/"a) ; next}
  23. $11 ~ /SRC/ { a=$11 ; sub(/SRC=/,"",a) ; split(a,b,".") ;
  24. print $0 >> "/srv/www/logs/"b[1]"/"b[2]"/"a ; close("/srv/www/logs/"b[1]"/"b[2]"/"a) }'
  25.  
  26. # whois
  27. for i in `cat ../top-8000.txt `; do
  28. whois $i > /tmp/whois.txt
  29. done
  30. sleep 60
  31.  
  32. # retry timout no whois
  33. while find . -size 0 ; do
  34. find . -size 0 | sed 's,\./,,g' > /tmp/9
  35. for i in `cat /tmp/9`; do
  36. echo $i
  37. test -s $i || whois $i> $i
  38. done
  39. sleep 60
  40. done
  41.  
  42. echo "tudo ok? ctrl+z para corrigir"
  43. read
  44.  
  45. # apagar whois com erros
  46. find . -size 35c -delete
  47.  
  48. #fi
  49. ###########
  50.  
  51.  
  52. for i in *; do
  53.  
  54. # gama de ip
  55. nome=`cat $i | grep "inetnum\|CIDR\|NetRange\|Netblock\|Network Number\|IPv4 Address"| head -n1 | sed 's/.*[ ]\([0-9.]*\)[ ]-[ ]*\([0-9.]*\)[ ]\?.*$/\1-\2/g; s/.*[ ]\([0-9.]*\/[0-9.]*\)/\1/g; s/.*Number\][ ]*//g' | head -n 1 `
  56. echo $nome | grep -q "/" && \
  57. nome=`ipcalc $nome| awk '
  58. /Address:/ { address=$2}
  59. /HostMax:/ { print address"-"$2}
  60. /Hostroute/ { host=$2 }
  61. /Hosts\/Net: 1/ { print host"-"host}' | head -n 1 `
  62.  
  63. # contacto da gama
  64. cat $i | fgrep @ > /tmp/email.tmp
  65. abuse=`cat $i | grep "[a-zA-Z0-9]@[a-zA-Z0-9]" | grep -v "@example.com" > /tmp/email.tmp || ( echo null ; continue)
  66. cat /tmp/email.tmp | fgrep -i abuse | head -n 1 | sed 's/.*[^a-zA-Z0-9+._-]\([a-zA-Z0-9+_.-]*@[a-zA-Z0-9_.-]*\)[^a-zA-Z0-9]\?.*/\1/g' | tr [A-Z] [a-z]
  67. cat /tmp/email.tmp | fgrep -iq abuse || fgrep -v "changed:" /tmp/email.tmp | head -n 1 | sed 's/.*[^a-zA-Z0-9+._-]\([a-zA-Z0-9+_.-]*@[a-zA-Z0-9_.-]*\)[^a-zA-Z0-9]\?.*/\1/g' | tr [A-Z] [a-z]`
  68. echo $nome >> .out/$abuse
  69.  
  70. test -f .gamas/$nome || echo "Count IP" > .gamas/$nome
  71. fgrep "$i" /srv/ddos-udp-sorted.txt >>.gamas/$nome || echo "++fgrep "$i" /srv/ddos-udp-sorted.txt .games/$nome"
  72. done
  73.  
  74. cd .out
  75. n=0
  76. max=`ls -1 | wc -l`
  77.  
  78. for i in *; do
  79. n=$((n+1))
  80. echo $n/$max
  81. if [ $i == null ]; then continue ; fi
  82. files=""
  83. TEXTO="
  84. INSERT YOUR EMAIL BODY HERE!
  85. "
  86.  
  87. for a in `cat $i | sort | uniq `; do
  88. files="$files -a $HOME/report/.gamas/$a "
  89. done
  90. echo "$TEXTO" | mutt -s "DoS attack from your network (#`date +%Y%m%d-$n`)" $files -- $i
  91. sleep 0.6
  92. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!