Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. ######################################################################
  2. # floodmon.conf
  3. #
  4. # Floodmon configuration file
  5. # This file must be copied to your '/etc/' directory
  6. #
  7. # If you make changes to this file while floodmon is running,
  8. # run `floodmon --reload` so that the daemon will reload it.
  9. ######################################################################
  10.  
  11. ######################################################################
  12. # Network interface. It is only used to capture SYN packets
  13. # and setting up rp_filter (reverse-path filtering).
  14. # Example :  'eth0', 'venet0'...
  15. INTERFACE = 'eth0'
  16.  
  17. ######################################################################
  18. # Connection tracking table : if you are not using it, set
  19. # this value to '1' (see documentation for more info).
  20. # Default value : 0
  21. NO_CONNTRACK = '0'
  22.  
  23. ######################################################################
  24. # Send alert by email to the admin
  25. # Accepted values : 0, 2, 3 and 4
  26. # 0 == no alert
  27. # 2 == send an email when alert level 2 is reached
  28. # 3 == send an email when alert level 3 is reached
  29. # 4 == send an email when alert level 4 is reached
  30. # Default value : '2'
  31. EMAIL_ALERT = '2'
  32.  
  33. # Email alert frequency (in minutes).
  34. # During an attack, you will not receive more than one email
  35. # every [EMAIL_ALERT_FREQ] minutes.
  36. # Default value : '30'
  37. EMAIL_ALERT_FREQ = '30'
  38.  
  39. # Admin address email where alerts and reports should be sent to :
  40. ADMIN_EMAIL = 'thiago.laurito@gmail.com'
  41.  
  42. # Floodmon can attach to its email alert a capture of the last
  43. # SYN packets received. The file uses 'pcap' format and can
  44. # be open/read with a network analyzer like Wireshark
  45. # (http://www.wireshark.org).
  46. # Valuess : 0      == don't send anything (deactivated)
  47. #           1 à 99 == number of packets to capture
  48. # Default value : '25'
  49. DUMP_SYNPACKETS = '25'
  50.  
  51. ######################################################################
  52. # Send a SMS alert to the admin.
  53. # You must be using a service (VOIP etc) that allows you to send
  54. # SMS from a simple URL (HTTP or HTTPS).
  55. # The whole URL + its parameters should be included.
  56. # Don't use any reserved/accentued chars and replace all spaces
  57. # between words with the '+' sign.
  58. # Example with voipbuster.com service :
  59. # SMS_ALERT = 'https://myaccount.voipbuster.com/clx/sendsms.php?username=USERNAME&password=PASSWD&from=SENDER&to=PHONENUMBER&text=SYN+flood+alert+on+mydomain.com'
  60. #
  61. # You can test if everything is working well with the command :
  62. # `floodmon --sms-test`
  63. #
  64. SMS_ALERT = ''
  65.  
  66. # SMS alert frequency (in hours).
  67. # During an attack, you will not receive more than one SMS
  68. # every [SMS_ALERT_FREQ] hours.
  69. # Default value : '24'
  70. SMS_ALERT_FREQ = '24'
  71.  
  72.  
  73. ######################################################################
  74. # Null-routed IPs flush frequency (minutes).
  75. # By default, IPs are unblocked after 10 minutes.
  76. FLUSH_FREQ = '10'
  77.  
  78. # Network mask used to nullroute IPs :
  79. # Accepted values : 8, 16 or 24
  80. #  8 == 0.xxx.xxx.xxx
  81. # 16 == 0.0.xxx.xxx
  82. # 24 == 0.0.0.xxx
  83. # Default value : '16'
  84. NETMASK = '16'
  85.  
  86.  
  87. ######################################################################
  88. # Log file verboseness (/var/log/floodmon.log).
  89. # Values :  1 == log daemon start/stop and errors only.
  90. #           2 == same as above + alert levels, number of SYN received
  91. #                and nullrouted IPs etc.
  92. # Default value : '2'
  93. # Warning : during a large scale attack, you are advised to set
  94. # this variable to '1' to avoid flooding the logfile.
  95. LOG_LEVEL = '2'
  96.  
  97. ######################################################################
  98. #
  99. #                        /!\ IMPORTANT /!\
  100. #
  101. # DO NOT ACTIVATE/MODIFY ANY OF THE FOLLOWING VALUES WITHOUT HAVING
  102. # READ THE FULL DOCUMENTATION :
  103. #        => http://floodmon.sourceforge.net/   <=
  104. #
  105. ######################################################################
  106. # To activate a variable, uncomment the corresponding line by
  107. # removing the '#' sign.
  108. # All value should be integers only, except 'LOOP_DELAY' which can
  109. # accept '.' for milliseconds.
  110. # The 4 values represent all 4 alert levels and should always be
  111. # space-separated.
  112. # eg. : VARIABLE = 'level_1 level_2 level_3 level_4'
  113. ######################################################################
  114. MAX_SYN            = '350 500 1000 2000'
  115. SYN_COOKIES        = '0 1 1 1'
  116. MAX_SYN_QUEUE      = '10000 20000 100000 200000'
  117. SOMAXCONN          = '10000 20000 40000 65000'
  118. MAX_SYNACK_RETRY   = '3 2 1 0'
  119. LOOP_DELAY         = '15 1.5 1 0.5'
  120. NULLROUTE_SUBNET   = '0 100 200 300'
  121. CONNTRACK_TIMEOUT  = '60 21 9 3'
  122. CONNTRACK_MAX      = '65536 65536 131072 131072'
  123. CONNTRACK_HASHSIZE = '16384 65536 65536 131072'
  124. BEST_EFFORT        = '0 1 1 1'
  125. ######################################################################