• Blog home
• UK Web Hosting
• Unlimited Domain Hosting
• About

DoS-Deflate blocks numbers not IP addresses

Posted on August 5, 2008
Filed Under Denial of Service Attacks, Server Security, Web Hosting | Leave a Comment

We’ve seen a large number of problems with the impementation of the highly acclaimed (D)DoS-Deflate script which on occasions reads the netstat command incorrectly and subsequently blocks a single number instead of the IP address which exceeds the number of connections into the server on which it is installed. Please see http://deflate.medialayer.com/ to obtain the script and installation instructions.

This is purely down to the netstat command that DOS-Deflate uses, it does not account for some elements of the strings returned, particularly when the string ‘::ffff:’ that is added to http (port 80) connections.

To overcome this error a rewrite of the netstat command in the ddos.sh file (located in /usr/local/ddos directory if you installed in the default fashion). Line 117 reads…

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST

this should be rewritten to read as follows…

netstat -ntu | grep ':' | awk '{print $5}' | sed 's/::ffff://' | cut -f1 -d ':' | sort | uniq -c | sort -nr > $BAD_IP_LIST

NOTE: this command should be written on a single line, you should also check each character as selecting and copying can sometimes lead to different characters being pasted!

We use the sed command to replace the ‘::ffff:’ with nothing (an empty string), thus removing it.

A slight improvement to a widely used and highly acclaimed script 🙂

Recently

• Buy Remembrance Poppies Online
• New York Stock Exchange trading floor flooded with 3 feet of water
• Hurricane Sandy Live Web Cams and Video Stream Coverage
• Russia News Agency Interfax Launches New Website
• Asda Smart Price and Tesco Value Bottled Water is Tap Water
• Google Search Algorithm Update to Target Piracy Sites
• Nationwide Bank Website Down
• Distributed Brute Force Attack on FTP
• Worlds Best Girlfriend
• Natural Gas News

Categories

• Announcements
• Billing and Payment Services
• Charity
• Configuring Email in cPanel
• cPanel Web Hosting
• cPanel Webdisk
• Denial of Service Attacks
• Domain Hosting
• Domain Names
• Exim mail server
• Fantastico
• Frontpage
• Hurricane Sandy
• Kernel
• Mail Server administration
• Multiple Domain Web Hosting
• News
• Operating Systems
• PHP Hosting
• PHP Nuke Web Hosting
• Recommended Websites
• Reseller Web Hosting
• Search Engine Optimisation
• Server Security
• UK Web Hosting Vouchers, Coupons, Codes and Offers
• Unbranded Web Hosting
• Updating software
• Web Hosting
• Web Hosting Coupon Code
• WHM Hosting
• worlds-best-girlfriend

Archives

• November 2012
• October 2012
• August 2012
• March 2012
• February 2012
• September 2011
• June 2011
• May 2011
• March 2011
• October 2010
• September 2010
• May 2010
• August 2008
• May 2008
• April 2008
• March 2008
• February 2008
• December 2007
• November 2007
• October 2007