apskaičiuojam is kokio ip eina DDoS ataka

Forumas specialiai skirtas pamokoms kuriant CS 1.6 serverį
Post Reply
User avatar
laimiukas3
Moderatorius
Posts: 4569
Joined: 2012 Aug 03 01:12
Skype: laimiukas3
Location: Vilnius
Contact:

apskaičiuojam is kokio ip eina DDoS ataka

Post by laimiukas3 »

In linux there is a wonderful thing called the tcpdump, but not many people are well familiar with it. Here is an example of how to calculate the IP addresses from which there is a large number. packages, ie, flood, etc.
To calculate the bad IP, here are the steps in a few steps. Let's start.

Code: Select all

tcpdump -v -n -w badips.log dst port 27015 -c 300
Viskas paprasta
-v - easiest logging level (greater than v, the higher the level of logging, such -vvv, but in this example, we do not.)
-n - convert the host name to an IP
-w - dump file write
c - number. captured packets
If you are on a server, the IP number, add another key -i with the interface name to which you want the IP, ie -i eth0; -i eth1: 2
pavyzdis

Code: Select all

tcpdump -v -n -i eth0 -w badips.log dst port 27015 -c 300
Now, we have to somehow calculate the dumping of the IP bad, for this, use a combination of sleluyuschuyu:

Code: Select all

tcpdump -nr badips.log |awk '{print $3}' |grep -oE '[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}\.[0-9]{1,}' |sort |uniq -c |sort -rn
Here I think no need to explain too much, that's what.
-r - read files.
awk - terminal 3 values in the row.
grep - output only IP
sort - sort
uniq - more here, just do, command displays only the unique values from the list, with a key C - output to count. references values.

As a result, we get a list of the columns then 2, in the first - number. packages, in the second - IP
pavyzdis

Code: Select all

29 95.83.141.243     28 176.14.130.210     27 95.71.31.91     20 188.94.158.100     18 5.35.52.46     17 91.202.199.129     17 194.12.74.241     16 31.148.45.19     13 213.88.6.85     10 188.134.33.150
Next is looking at, is there bad the IP, and we will ban them.
The rate below 100 bags. By the way, count. packages is significantly different, if a player with or without incentive.

pamoka esu rades senai labai kazkokiam forume laikiau text dokumente todel negalesiu nurodyti saltinio is kur copi paste
sen prireike man sito dalykelio todel pagalvojas nusprendziau pasidalinti su visais naudinga pamoka
Image
Image
Image

User avatar
Minde
Jau po truputį tampa savu
Posts: 175
Joined: 2013 Aug 31 15:01
Skype: cs.fenix.lt
Location: Palanga
Contact:

Re: apskaičiuojam is kokio ip eina DDoS ataka

Post by Minde »

Ar padėjo apsisaugoti ? ar kas dar bandėt ? Galėjai į LT kalba išversti :)
Image

User avatar
laimiukas3
Moderatorius
Posts: 4569
Joined: 2012 Aug 03 01:12
Skype: laimiukas3
Location: Vilnius
Contact:

Re: apskaičiuojam is kokio ip eina DDoS ataka

Post by laimiukas3 »

Minde wrote:Ar padėjo apsisaugoti ? ar kas dar bandėt ? Galėjai į LT kalba išversti :)
tai nepadeda apsaugoti tai padeda aptikti kenkejus ir tada jau iptables blokuoti ju ip :)
Image
Image
Image

Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests