显示在Linux中攻击我的服务器的IP列表(CentOS6)
[英]Display IP list attacking my server in Linux (CentOS6)
问题描述
My goal is to get an accurate list of IPs which are attacking the server, not innocent IPs. 
我的目标是获得攻击服务器的IP的准确列表,而不是无辜的IP。 I tried to use 我试着用
netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'
but I'm far from being sure that it displays the list of attackers, and not innocent ips in the same list. 但我还远远不能确定它会在同一个列表中显示攻击者列表,而不是无辜的ips。 Most of the attack are in layer 7, so http on port 80. The purpose is to grab the list, copy and paste in a text file, run a batch script and adding ipset add blacklist at every lines. 大多数攻击都在第7层,所以http在端口80上。目的是获取列表,复制并粘贴到文本文件中,运行批处理脚本并在每行添加ipset add blacklist 。 Then I can block every attacking IPs in a very short time, using ipset and iptables. 然后我可以使用ipset和iptables在很短的时间内阻止每个攻击的IP。
1 个解决方案
解决方案1
1 2015-09-11 18:44:27
What you are essentially describing is making your own Intrusion Detection System, a program that will detect attacks (in this case, a DDOS) and respond appropriately. 您实际描述的是制作自己的入侵检测系统,这是一个可以检测攻击(在这种情况下是DDOS)并做出适当响应的程序。 Generally, you'd want to use a pre-existing tool (if there is one), especially if you are inexperienced with Linux networking/systems administration. 通常,您希望使用预先存在的工具(如果有的话),特别是如果您对Linux网络/系统管理缺乏经验。
I would recommend that you try using Snort , a free, open source, highly customizable, lightweight intrusion detection system. 我建议你尝试使用Snort ,一个免费的,开源的,高度可定制的轻量级入侵检测系统。 I'd also recommend looking into the SnortSam plugin , which adds a few friendlier ways of doing what you desire. 我还建议您查看SnortSam插件 ,它可以添加一些更友好的方式来实现您的需求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.