Urgent: Under attack - need tcpdrop help
Greg Larkin
glarkin at FreeBSD.org
Tue May 24 20:42:29 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5/24/11 4:29 PM, Andy Wodfer wrote:
> Hi,
> One of my FreeBSD servers is currently being attacked (DDOS) and I'm
> blocking IP addresses in my firewall. However, there are a large number of
> hung tcp connections and I want them gone.
>
> Can anyone help me with a script (command line) that can read a netstat -n
> and tcpdrop all IP addresses that has more than 10 connections or a more
> manual command where I can input an IP and it will drop all connections from
> that IP regardless of port?
>
> Thanks in advance!
>
> Shell scripting isn't what I'm best at unfortunatly ...
>
> Andy
Hi Andy,
This will drop all connections to/from IP address 192.168.22.22:
tcpdrop -l -a | grep 192.168.22.22 | sh
Just substitute your desired IP address, and that will do the trick.
Good luck,
Greg
- --
Greg Larkin
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
http://twitter.com/cpucycle/ - Follow you, follow me
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3cGC8ACgkQ0sRouByUApBlvACfaOneJdIQGiNNo2FYbKJx3EI8
w58AniK6ZolieHscRFWleR1CoofAtGe8
=03TM
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list