Date: Tue, 24 May 2011 16:42:23 -0400 From: Greg Larkin <glarkin@FreeBSD.org> To: Andy Wodfer <wodfer@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Urgent: Under attack - need tcpdrop help Message-ID: <4DDC182F.1090404@FreeBSD.org> In-Reply-To: <BANLkTikGjnh-cfO_dtk=jf6ZVNiY=x8nqw@mail.gmail.com> References: <BANLkTikGjnh-cfO_dtk=jf6ZVNiY=x8nqw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/24/11 4:29 PM, Andy Wodfer wrote: > Hi, > One of my FreeBSD servers is currently being attacked (DDOS) and I'm > blocking IP addresses in my firewall. However, there are a large number of > hung tcp connections and I want them gone. > > Can anyone help me with a script (command line) that can read a netstat -n > and tcpdrop all IP addresses that has more than 10 connections or a more > manual command where I can input an IP and it will drop all connections from > that IP regardless of port? > > Thanks in advance! > > Shell scripting isn't what I'm best at unfortunatly ... > > Andy Hi Andy, This will drop all connections to/from IP address 192.168.22.22: tcpdrop -l -a | grep 192.168.22.22 | sh Just substitute your desired IP address, and that will do the trick. Good luck, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/cpucycle/ - Follow you, follow me -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3cGC8ACgkQ0sRouByUApBlvACfaOneJdIQGiNNo2FYbKJx3EI8 w58AniK6ZolieHscRFWleR1CoofAtGe8 =03TM -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DDC182F.1090404>