Date: Tue, 24 May 2011 22:48:57 +0200 From: Andy Wodfer <wodfer@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Urgent: Under attack - need tcpdrop help Message-ID: <BANLkTikmqZ2qPoQLeAYtF0rjd=J4kwUn-A@mail.gmail.com> In-Reply-To: <4DDC182F.1090404@FreeBSD.org> References: <BANLkTikGjnh-cfO_dtk=jf6ZVNiY=x8nqw@mail.gmail.com> <4DDC182F.1090404@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks! That would work on all my servers except this one .. which runs 6.3 STABLE (due to some old services requiring old software). Any other suggestions? Thanks! Andy On Tue, May 24, 2011 at 10:42 PM, Greg Larkin <glarkin@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 5/24/11 4:29 PM, Andy Wodfer wrote: > > Hi, > > One of my FreeBSD servers is currently being attacked (DDOS) and I'm > > blocking IP addresses in my firewall. However, there are a large number > of > > hung tcp connections and I want them gone. > > > > Can anyone help me with a script (command line) that can read a netstat > -n > > and tcpdrop all IP addresses that has more than 10 connections or a more > > manual command where I can input an IP and it will drop all connections > from > > that IP regardless of port? > > > > Thanks in advance! > > > > Shell scripting isn't what I'm best at unfortunatly ... > > > > Andy > > Hi Andy, > > This will drop all connections to/from IP address 192.168.22.22: > > tcpdrop -l -a | grep 192.168.22.22 | sh > > Just substitute your desired IP address, and that will do the trick. > > Good luck, > Greg > - -- > Greg Larkin > > http://www.FreeBSD.org/ - The Power To Serve > http://www.sourcehosting.net/ - Ready. Set. Code. > http://twitter.com/cpucycle/ - Follow you, follow me > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk3cGC8ACgkQ0sRouByUApBlvACfaOneJdIQGiNNo2FYbKJx3EI8 > w58AniK6ZolieHscRFWleR1CoofAtGe8 > =03TM > -----END PGP SIGNATURE----- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTikmqZ2qPoQLeAYtF0rjd=J4kwUn-A>