The bad guys can make your life really difficult.
Botnets are... well... inevitable, brutish, and hard to respond to without accidentally rejecting valid users.
That said, you may find something like the following useful during an attack.
netstat -ntu | sed s/::ffff://g | sed 's/:/ /g' | awk '{print $6}' | sort -n | uniq -c |egrep '[0-9]{3} '|awk '{print "iptables -I INPUT -s " $2 " -j DROP"}'|sh
It blocks all IP addresses that have over 100 connections to the server right now.
No comments:
Post a Comment