为CentOS安装防DDOS攻击软件DDoS-Deflate
DDoS-Deflate是一款非常小巧的防御和減輕DDoS攻擊的工具,它可以通過監(jiān)測netstat來跟蹤來創(chuàng)建大量互聯(lián)網(wǎng)連接的IP地址信息,通過APF或IPTABLES禁止或阻檔這些非常IP地址。
我們可以使用netstat命令查看當前系統(tǒng)連接的狀態(tài),是否有受到DDOS攻擊
[root@localhost ~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
????? 1 101.226.66.172
????? 1 103.29.134.193
????? 1 110.85.249.85
????? 1 115.150.118.203
????? 1 116.22.233.25
????? 1 119.254.227.106
????? 1 122.224.152.139
????? 1 123.126.68.35
????? 1 123.151.136.225
????? 1 124.202.164.10
????? 1 124.202.164.16
????? 1 14.29.112.87
????? 1 14.29.127.218
????? 1 157.55.33.124
????? 1 170.130.24.152
????? 1 180.149.143.11
????? 1 182.118.19.201
????? 1 182.118.20.40
????? 1 183.39.201.142
????? 1 199.30.24.33
????? 1 210.242.215.195
????? 1 210.242.215.211
????? 1 210.242.215.212
????? 1 210.242.215.213
????? 1 210.242.215.215
????? 1 210.242.215.216
????? 1 210.242.215.218
????? 1 210.6.198.12
????? 1 219.239.26.13
????? 1 220.181.51.62
????? 1 23.94.20.3
????? 1 27.28.7.0
????? 1 42.120.160.95
????? 1 42.156.137.95
????? 1 58.51.180.34
????? 1 60.220.197.225
????? 1 61.135.189.43
????? 1 61.135.249.202
????? 1 61.164.170.222
????? 1 66.249.67.163
????? 1 Address
????? 1 servers)
????? 2 124.202.164.11
????? 2 218.109.165.44
????? 2 220.181.125.20
????? 2 223.104.20.49
????? 2 42.156.136.95
????? 2 61.51.249.58
????? 2 72.52.94.226
????? 3 210.242.215.210
????? 3 222.76.109.133
????? 4 120.39.165.97
????? 4 123.113.42.119
????? 5 110.244.82.238
????? 5 118.72.107.112
????? 5 222.141.238.211
????? 6 110.153.48.75
????? 6 111.206.125.33
????? 6 124.117.235.163
????? 6 60.215.180.43
????? 7 101.226.89.117
????? 9 111.20.119.234
????? 9 119.126.238.114
????? 9 183.32.67.179
???? 10 121.35.228.194
???? 10 122.141.235.146
???? 11 183.63.97.42
???? 12 106.125.11.78
???? 13 114.228.158.82
???? 13 118.228.151.171
???? 14 222.129.186.143
???? 15 113.231.87.141
???? 17 113.137.204.201
???? 20 119.251.38.134
???? 20 61.164.36.34
???? 30 58.215.136.89
???? 44 58.215.136.105
??? 101 127.0.0.1
查看iptables的狀態(tài)
[root@localhost ~]# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
num? target???? prot opt source?????????????? destination????????
1??? ACCEPT???? all? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state RELATED,ESTABLISHED
2??? ACCEPT???? icmp --? 0.0.0.0/0??????????? 0.0.0.0/0??????????
3??? ACCEPT???? all? --? 0.0.0.0/0??????????? 0.0.0.0/0??????????
4??? ACCEPT???? tcp? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:21
5??? ACCEPT???? tcp? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:80
6??? ACCEPT???? tcp? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:3306
7??? ACCEPT???? tcp? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:58416
8??? REJECT???? all? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num? target???? prot opt source?????????????? destination????????
1??? REJECT???? all? --? 0.0.0.0/0??????????? 0.0.0.0/0?????????? reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num? target???? prot opt source?????????????? destination???????
安裝DDoS-Deflate
[root@localhost ~]# wget http://www.inetbase.com/scripts/ddos/install.sh
[root@localhost ~]# chmod +x install.sh
[root@localhost ~]# ./install.sh
Installing DOS-Deflate 0.6
Downloading source files....
.....done
Creating cron to run script every minute.....(Default setting).....done
Installation has completed.
Config file is at /usr/local/ddos/ddos.conf
Please send in your comments and/or suggestions to zaf@vsnl.com
DOS-Deflate已經(jīng)安裝好了。
DOS-Deflate卸載
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
DOS-Deflate文件的說明:
[root@localhost ~]# cd /usr/local/ddos/
[root@localhost ddos]# ll
總用量 4
-rw-r--r-- 1 root root?? 971 1月? 10 2006 ddos.conf
-rwxr-xr-x 1 root root? 3945 1月? 10 2006 ddos.sh
-rw-r--r-- 1 root root??? 10 1月? 10 2006 ignore.ip.list
-rw-r--r-- 1 root root 10113 1月? 10 2006 LICENSE
DOS-Deflate安裝好之后,全部的文件是放在/usr/local/ddos文件夾中。
文件說明:
ddos.conf -- DDoS-Deflate 的配置文件,其中配置防止ddos時的各種行為
ddos.sh?? -- DDoS-Deflate 的主程序,使用shell編寫的,整個程序的功能模塊
ignore.ip.list -- 白名單,該文件中的ip超過設定的連接數(shù)時,也不被 DDoS-Deflate 阻止
LICENSE?? -- DDoS-Deflate 程序的發(fā)布協(xié)議
配置ddos.conf
[root@localhost ddos]# cat ddos.conf
##### Paths of the script and other files #配置文件也是個shell腳本
PROGDIR="/usr/local/ddos"
PROG="/usr/local/ddos/ddos.sh"
IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list" #存放白名單的文件
CRON="/etc/cron.d/ddos.cron" #計劃任務,默認是每分鐘執(zhí)行一次ddos.sh
APF="/etc/apf/apf"
IPT="/sbin/iptables"
##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
#####????????? option so that the new frequency takes effect
FREQ=1? #DDoS-Deflate通過linux的計劃任務執(zhí)行,默認為每分鐘一次
##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150 #定義單個IP達到多少連接時規(guī)定為這是一次ddos攻擊
##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=0? #這里為 “0”,表示使用iptables,而不是APF
##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1? #是否阻止被定義為ddos攻擊的ip,“1”為阻止
##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO="xxxxx@ithov.com"? #事件通知人的郵件地址
##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600 #阻止被定義為ddos攻擊者ip與本機通信時間,默認為600秒
用戶可根據(jù)給默認配置文件加上的注釋提示內容,修改配置文件。
查看/usr/local/ddos/ddos.sh文件的第117行
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST
修改為以下代碼即可!
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sed -n ‘/[0-9]/p’ | sort | uniq -c | sort -nr > $BAD_IP_LIST
喜歡折騰的可以用Web壓力測試軟件測試一下效果,相信DDoS deflate還是能給你的VPS或服務器抵御一部分DDOS攻擊,給你的網(wǎng)站更多的保護。
ddos.sh文件內容:
[root@localhost ddos]# ./ddos.sh -h
DDoS-Deflate version 0.6
Copyright (C) 2005, Zaf <zaf@vsnl.com>
Usage: ddos.sh [OPTIONS] [N]
N : number of tcp/udp?? connections (default 150)
OPTIONS:
-h | --help: Show?????? this help screen
-c | --cron: Create cron job to run this script regularly (default 1 mins)
-k | --kill: Block the offending ip making more than N connections
測試防ddos攻擊效果
NO_OF_CONNECTIONS=3????????
#這里為了方便測試,設置為3。生產(chǎn)環(huán)境下,幾十到幾百都可以理解為正常,上千肯定就是不正常了,除非是應用內部各個服務器之間的通信
通過一臺固定ip的機器ssh連接該服務器,當連接到超過3甚至更多時,不會立刻顯示連不上,因為ddos.sh默認一分鐘運行一次,當過不到一分鐘時,會發(fā)現(xiàn)連接掉了,查看部署了防ddos軟件的服務器上可以看到iptables的策略中多了:
DROP all -- 31.210.16.29.broad.cs.gd.dynamic.163data.com.cn anywhere
說明確實生效了,當10分鐘后,iptables上這條策略會被取消的
關于如何查看單個IP的連接數(shù)目可以通過如下命令查看,依次排列:
netstat -na|grep ESTABLISHED|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -r -n
..............
???? 40 127.0.0.1
????? 1 121.9.252.28
????? 1 173.117.140.69
ddos攻擊很常見,攻擊效果也很好,比如像前段時間由于維基創(chuàng)始人引發(fā)的那次大范圍的攻擊。
如果有專門防止ddos的硬件設備的話最好,沒有的話就利用DDoS-Deflate結合iptables在一定程度上防范ddos攻擊也是一種很好的策略。
該文章轉載自http://www.ithov.com/linux/134939.shtml
總結
以上是生活随笔為你收集整理的为CentOS安装防DDOS攻击软件DDoS-Deflate的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Qt 杂记 —— Qt安装并配置调试文件
- 下一篇: 使用生辰八字取名的方法