From owner-freebsd-questions@FreeBSD.ORG Tue May 24 20:48:58 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8CAF1065673 for ; Tue, 24 May 2011 20:48:58 +0000 (UTC) (envelope-from wodfer@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9260A8FC16 for ; Tue, 24 May 2011 20:48:58 +0000 (UTC) Received: by yxl31 with SMTP id 31so3570972yxl.13 for ; Tue, 24 May 2011 13:48:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=bN4GkQq1hMjL8NVkH4bpHOOBVRkElAV3Ee3tEXGcC9I=; b=wCblci/hy38iY6VkPIBhglgWw4tupHUqYMzh0VpsSYFSygUMcBwCOUH8NGlxZoW08y F3gWaIgziQgT/DRTK4WLGGJRRgWcT/++a0JbDZiuOfG1smFpGItNl/lYoajdGXIv7DuS wovJaSCYIoDR3Qz52INEPhUFvmeBL2AEfyUf0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=nnt6hAcfkM3Q8vAXmEPBgRIIGxcgSZmhJ3Tx3ugxROwKlGDavpcEdUsPNdAtkIK53A xBEx/YfOG45pxjP+wR+e/H7xlptkmGPU33eax0k2j3q0GnXVSGjeG/CinBEV9wcSjzoS Q3Vs3PrCu/MLisHK9XknRit7raUvsqrnLae1c= MIME-Version: 1.0 Received: by 10.90.66.12 with SMTP id o12mr4700645aga.116.1306270137601; Tue, 24 May 2011 13:48:57 -0700 (PDT) Received: by 10.90.50.12 with HTTP; Tue, 24 May 2011 13:48:57 -0700 (PDT) In-Reply-To: <4DDC182F.1090404@FreeBSD.org> References: <4DDC182F.1090404@FreeBSD.org> Date: Tue, 24 May 2011 22:48:57 +0200 Message-ID: From: Andy Wodfer To: freebsd-questions Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Urgent: Under attack - need tcpdrop help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2011 20:48:58 -0000 Thanks! That would work on all my servers except this one .. which runs 6.3 STABLE (due to some old services requiring old software). Any other suggestions? Thanks! Andy On Tue, May 24, 2011 at 10:42 PM, Greg Larkin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 5/24/11 4:29 PM, Andy Wodfer wrote: > > Hi, > > One of my FreeBSD servers is currently being attacked (DDOS) and I'm > > blocking IP addresses in my firewall. However, there are a large number > of > > hung tcp connections and I want them gone. > > > > Can anyone help me with a script (command line) that can read a netstat > -n > > and tcpdrop all IP addresses that has more than 10 connections or a more > > manual command where I can input an IP and it will drop all connections > from > > that IP regardless of port? > > > > Thanks in advance! > > > > Shell scripting isn't what I'm best at unfortunatly ... > > > > Andy > > Hi Andy, > > This will drop all connections to/from IP address 192.168.22.22: > > tcpdrop -l -a | grep 192.168.22.22 | sh > > Just substitute your desired IP address, and that will do the trick. > > Good luck, > Greg > - -- > Greg Larkin > > http://www.FreeBSD.org/ - The Power To Serve > http://www.sourcehosting.net/ - Ready. Set. Code. > http://twitter.com/cpucycle/ - Follow you, follow me > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk3cGC8ACgkQ0sRouByUApBlvACfaOneJdIQGiNNo2FYbKJx3EI8 > w58AniK6ZolieHscRFWleR1CoofAtGe8 > =03TM > -----END PGP SIGNATURE----- >