Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # _____ _____ _ _____ _____ _____ _____ _____ _____
- # ___| | __ |_| _ |_ _|___ ___|_ _| __| _ | |
- # |_ -| --| -| | __| | | |- _|___| | | | __| | | | |
- # |___|_____|__|__|_|__| |_| |___| |_| |_____|__|__|_|_|_|
- # |s C R i P T z - T E A M . i N F O|----------------------------
- # USAGE:
- # sh /script.sh
- #
- # iNFO:
- # This simple bash/shell script can check if your web server is under DDoS
- # It checks for
- # -> TCP/IP Denial of Service Attack
- # -> ESTABLISHED Connections Attack
- # -> SYN Flood Attack
- check1=`netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n|wc -l`
- check2=`lsof -i TCP:80 |wc -l`
- check3=`netstat -nap | grep SYN | wc -l`
- if [ $check1 -gt 2000 ]
- then
- echo "[#WARN] Detected TCP/IP Denial of Service Attack"
- else
- echo "[#INFO] NO TCP/IP Denial of Service Attack Detected"
- fi
- if [ $check2 -gt 1000 ]
- then
- echo "[#WARN] Detected ESTABLISHED Connections Attack"
- else
- echo "[#INFO] NO ESTABLISHED Connections Attack Detected"
- fi
- if [ $check3 -gt 1000 ]
- then
- echo "[#WARN] Detected SYN Flood"
- else
- echo "[#INFO] NO SYN Flood Attack Detected"
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
