diff --git a/ddos-mitigator.sh b/ddos-mitigator.sh index 327c776..04fc044 100755 --- a/ddos-mitigator.sh +++ b/ddos-mitigator.sh @@ -183,26 +183,29 @@ netstat -nt | grep "${MY_IP}:${MY_PORT}" | tr -s '[:blank:]' | cut -d' ' -f5 \ | cut -d: -f1 | sort > "${fileraw}" # Group and sort the data into the subnet-specific files. -uniq -c "${fileraw}" | sort -rn > "${file32}" -cut -d. -f1-3 "${fileraw}" | sort | uniq -c | sort -rn > "${file24}" -cut -d. -f1-2 "${fileraw}" | sort | uniq -c | sort -rn > "${file16}" -cut -d. -f1 "${fileraw}" | sort | uniq -c | sort -rn > "${file8}" +cp "${fileraw}" "${file32}" +cut -d. -f1-3 "${fileraw}" | sort > "${file24}" +cut -d. -f1-2 "${fileraw}" | sort > "${file16}" +cut -d. -f1 "${fileraw}" | sort > "${file8}" function filter() { - # list of current connections - file="$1" - # subnet extension, e.g. ".0.0/16" - ext="$2" - rm -f "${filtered}" - - # Reject already banned addresses - while read -r -u3 address ; do - if [[ "${banned}" != *"${address}${ext}"* ]] ; then - echo "${address}" >> "${filtered}" - fi - done 3< "${file}" + # list of current connections + file="$1" + # subnet extension, e.g. ".0.0/16" + ext="$2" + rm -f "${filtered}" - mv "${filtered}" "${file}" + # Reject already banned addresses + while read -r -u3 address ; do + if [[ "${banned}" != *"${address}${ext}"* ]] ; then + echo "Considering ${address}." + echo "${address}" >> "${filtered}" + else + echo "IGNORING ${address}, already banned." + fi + done 3< "${file}" + + mv "${filtered}" "${file}" } # Filter already banned addresses @@ -211,6 +214,12 @@ filter "${file24}" "${ext24}" filter "${file16}" "${ext16}" filter "${file8}" "${ext8}" +# Determine the number of connections per address +uniq -c "${file32}" | sort -rn | sponge "${file32}" +uniq -c "${file24}" | sort -rn | sponge "${file24}" +uniq -c "${file16}" | sort -rn | sponge "${file16}" +uniq -c "${file8}" | sort -rn | sponge "${file8}" + # Determine the number of entries per file. nlines32=$(cat "${file32}" | wc -l) nlines24=$(cat "${file24}" | wc -l)