Anti-Syn Ddos firewall

1. #!/bin/sh
2. # R00TW0RMs (https://www.r00tw0rm.com/)
3. #-------------------------------------|------------------------------------------#
4. #        _______  _______   __          _______                
5. #_______ \   _  \ \   _  \_/  |___  _  _\   _  \_______  _____  
6. #\_  __ \/  /_\  \/  /_\  \   __\ \/ \/ /  /_\  \_  __ \/     \
7. # |  | \/\  \_/   \  \_/   \  |  \     /\  \_/   \  | \/  Y Y  \
8. # |__|    \_____  /\_____  /__|   \/\_/  \_____  /__|  |__|_|  /
9. #               \/       \/                    \/            \/
10. #
11. #
12. # This was written for educational purpose and pentest only.
13. # Use it at your own risk. Author will be not responsible for any damage!
14. # Coder      : th3breacher <th3breacher@r00tw0rm.com> |th3breacher.wordpress.com|
15. # Version    : 0.1
16. # Description: That's SYN flood firewall script , it uses tcp_syncookies ,backlog protection and also
17. #              iptables rules , the script runs in background...
18. # Usage      : Simple , when a SYN attack comes out , run the script as "./antiSyn watchtime & " , watch time
19. #              deals with the severity of the attack , 10 seconds as default.
20. # Tested on  : linux(all)
21. # Special thanks to :  r0073r, r4dc0re, Sid3^effects, L0rd CrusAd3r, KedAns-Dz, Angel Injection, gunslinger, JF,Seishin, CrosS (1337day.com)
22. #                      CrosS, Xenu, Versus71, alsa7r, mich4th3c0wb0y, FInnH@X, s3rver.exe (r00tw0rm.com)
23. #-------------------------------------|------------------------------------------#
24. level=""
25. logfile="/tmp/synlogs"
26. RED="\\033[1;31m"
27. NORMAL="\\033[0;39m"
28. showbanner() {
29. echo -ne "$RED"  "
30.  
31.     .d88b. .d88b.  w              .d88b.                
32. 8d8b 8P  Y8 8P  Y8 w8ww Yb  db  dP 8P  Y8 8d8b 8d8b.d8b.
33. 8P   8b  d8 8b  d8  8    YbdPYbdP  8b  d8 8P   8P Y8P Y8
34. 8     Y88P   Y88P   Y8P   YP  YP    Y88P  8    8   8   8
35.                                                        
36.    
37.                                #SYN flood firewall
38.                                th3breacher <th3breacher@r00tw0rm.com>
39.                                
40. Usage : $0 watchtime (watchtime (seconds))
41. Example : $0 10   means the firewall will watch for Syn Ddos every 10 seconds
42. KILL    : ps aux | grep antiSyn take the PID and kill PID
43. ""$NORMAL"    
44. }
45.  
46.  
47. preparation () {
48.  
49. echo "[+] SYN Flood protection started..." > $logfile
50.    
51. }
52. configuration() {
53.    
54.     echo "1" > /proc/sys/net/ipv4/tcp_syncookies
55.    
56.     echo "1024" > /proc/sys/net/ipv4/tcp_max_syn_backlog
57.    
58.     echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
59.    
60.     echo "[+] Preparation completed..." >> $logfile
61.  
62.    
63. }
64. iptables_watch () {
65.     echo "[+] SYN Firewall Started..." >> $logfile
66.     while true; do
67.         for i in ` netstat -tanpu | grep "SYN_RECV" | awk {'print $5'} | cut -f 1 -d ":" | sort | uniq -c | sort -n | awk {'if ($1 > 3) print $2'}` ; do echo $i; iptables -A INPUT -s $i/24 -j DROP; done
68.         sleep $level
69.        
70.     done
71. }
72. mynohup(){
73. # Close stdin, and make any read attempt an error
74.     if [ -t 0 ]
75.     then
76.         exec 0>/dev/null
77.     fi
78.  
79. # Redirect stdout to a file if it's a TTY
80.     if [ -t 1 ]
81.     then
82.         exec 1>nohup.out
83.         if [ $? -ne 0 ]
84.         then
85.             exec 1>$HOME/nohup.out
86.         fi
87.     fi
88.  
89. # Redirect stderr to stdout if it's a TTY
90.     if [ -t 2 ]
91.     then
92.         exec 2>&1
93.     fi
94.  
95. # Trap
96.     trap : HUP
97. }
98. showbanner
99. if [ -z "$1" ]; then
100.     echo "[+] Using default level set to 10 seconds"
101.     level=10
102. else
103.     echo "[+] Setting up level to $1 "
104.     level=$1
105. fi
106.  
107. mynohup
108. preparation
109. configuration
110. iptables_watch