{"id":287,"date":"2017-07-03T10:24:57","date_gmt":"2017-07-03T02:24:57","guid":{"rendered":"http:\/\/www.cxybj.com\/?p=287"},"modified":"2020-10-24T21:12:54","modified_gmt":"2020-10-24T13:12:54","slug":"centos%e4%b8%8b%e9%98%b2%e6%ad%a2syn%e6%94%bb%e5%87%bb%ef%bc%8c%e7%ab%af%e5%8f%a3%e6%89%ab%e6%8f%8f%e5%92%8c%e6%ad%bb%e4%ba%a1%e4%b9%8bping","status":"publish","type":"post","link":"https:\/\/www.cxybj.com\/?p=287","title":{"rendered":"CentOS\u4e0b\u9632\u6b62syn\u653b\u51fb\uff0c\u7aef\u53e3\u626b\u63cf\u548c\u6b7b\u4ea1\u4e4bping shell\u811a\u672c"},"content":{"rendered":"<div>\u9632\u6b62syn\u653b\u51fb\uff08DDOOS\u653b\u51fb\u7684\u4e00\u79cd\uff09<\/div>\n<div>iptables -I INPUT -p tcp &#8211;syn -m limit &#8211;limit 1\/s -j ACCEPT<\/div>\n<div>iptables -I FORWARD -p tcp &#8211;syn -m limit &#8211;limit 1\/s -j ACCEPT<\/div>\n<div>\u9632\u6b62\u5404\u79cd\u7aef\u53e3\u626b\u63cf<br \/>iptables -A FORWARD -p tcp &#8211;tcp-flags SYN,ACK,FIN,RST RST -m limit &#8211;limit 1\/s -j ACCEPT<br \/>Ping\u6d2a\u6c34\u653b\u51fb\uff08Ping of Death\uff09<br \/>iptables -A FORWARD -p icmp &#8211;icmp-type echo-request -m limit &#8211;limit 1\/s -j ACCEPT<\/div>\n<div>\u00a0<\/div>\n<div><strong>\u590d\u5236\u4ee3\u7801\u4e00\u6b21\u6027\u6267\u884ciptables\u8bbe\u7f6e\u811a\u672ciptables.sh\uff0c\u6267\u884c\u6b64\u811a\u672c:<\/strong><\/div>\n<div>CXYBJ=&#8221;\/sbin\/iptables&#8221;<br \/>$CXYBJ &#8211;delete-chain<br \/>$CXYBJ &#8211;flush<br \/>#Default Policy<br \/>$CXYBJ -P INPUT DROP<br \/>$CXYBJ -P FORWARD DROP <br \/>$CXYBJ -P OUTPUT DROP<br \/>#INPUT Chain<br \/>$CXYBJ -A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT<br \/>$CXYBJ -A INPUT -p tcp -m tcp &#8211;dport 80 -j ACCEPT<br \/>$CXYBJ -A INPUT -p tcp -m tcp &#8211;dport 22 -j ACCEPT<br \/>$CXYBJ -A INPUT -i lo -j ACCEPT<br \/>$CXYBJ -A INPUT -p icmp -m icmp &#8211;icmp-type 8 -j ACCEPT<br \/>$CXYBJ -A INPUT -p icmp -m icmp &#8211;icmp-type 11 -j ACCEPT<br \/>$CXYBJ -A INPUT -p tcp &#8211;syn -m recent &#8211;name portscan &#8211;rcheck &#8211;seconds 60 &#8211;hitcount 10 -j LOG<br \/>$CXYBJ -A INPUT -p tcp &#8211;syn -m recent &#8211;name portscan &#8211;set -j DROP<br \/>#OUTPUT Chain<br \/>$CXYBJ -A OUTPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT<br \/>$CXYBJ -A OUTPUT -p udp -m udp &#8211;dport 53 -j ACCEPT<br \/>$CXYBJ -A OUTPUT -o lo -j ACCEPT<br \/>$CXYBJ -A OUTPUT -p icmp -m icmp &#8211;icmp-type 8 -j ACCEPT<br \/>$CXYBJ -A OUTPUT -p icmp -m icmp &#8211;icmp-type 11 -j ACCEPT<br \/>#iptables save<br \/>service iptables save<br \/>service iptables restart<\/div>\n\n\n<p>\u4e0b\u8f7d\u6b64\u811a\u672c\uff1a<a href=\"https:\/\/www.cxybj.com\/wp-content\/uploads\/soft\/iptables.tar.gz\">iptables.tar.gz<\/a>  <\/p>\n\n\n\n<p>centos \u89e3\u538b\u547d\u4ee4<\/p>\n\n\n\n<p>tar -zxvf  iptables.tar.gz<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>2\u3001iptables\u65e5\u5fd7\u4f4d\u7f6e\u66f4\u6539\u7f16\u8f91\/etc\/syslog.conf\uff0c\u6dfb\u52a0\uff1a<br>kern.warning \/var\/log\/iptables.log<\/p>\n\n\n\n<p>\u91cd\u542fsyslog<br>\/etc\/init.d\/syslog restart<\/p>\n\n\n\n<p>3\u3001\u9632\u7aef\u53e3\u626b\u63cfshell\u811a\u672c\u9996\u5148\u5b89\u88c5inotify:<br>yum install inotify-tools<\/p>\n\n\n\n<p>\u4fdd\u5b58\u4ee5\u4e0b\u4ee3\u7801\u4e3aban-portscan.sh<br>btime=600 #\u5c01ip\u7684\u65f6\u95f4<br>while true;do<br>while inotifywait -q -q -e modify \/var\/log\/iptables.log;do<br>ip=<code>tail -1 \/var\/log\/iptables.log | awk -F\"[ =]\" '{print $13}' | grep '\\([0-9]\\{1,3\\}\\.\\)\\{3\\}[0-9]\\{1,3\\}'<\/code><br>if test -z &#8220;<code>\/sbin\/iptables -nL | grep $ip<\/code>&#8220;;then<br>\/sbin\/iptables -I INPUT -s $ip -j DROP<br>{<br>sleep $btime &amp;&amp; \/sbin\/iptables -D INPUT -s $ip -j DROP<br>} &amp;<br>fi<br>done<br>done<\/p>\n\n\n\n<p>\u6267\u884c\u547d\u4ee4\u5f00\u59cb\u542f\u7528\u7aef\u53e3\u9632\u626b\u63cf<br>nohup .\/ban-portscan.sh &amp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9632\u6b62syn\u653b\u51fb\uff08DDOOS\u653b\u51fb\u7684\u4e00\u79cd\uff09 iptables &#8211; &hellip; <a href=\"https:\/\/www.cxybj.com\/?p=287\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,5],"tags":[],"_links":{"self":[{"href":"https:\/\/www.cxybj.com\/index.php?rest_route=\/wp\/v2\/posts\/287"}],"collection":[{"href":"https:\/\/www.cxybj.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cxybj.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cxybj.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cxybj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=287"}],"version-history":[{"count":7,"href":"https:\/\/www.cxybj.com\/index.php?rest_route=\/wp\/v2\/posts\/287\/revisions"}],"predecessor-version":[{"id":706,"href":"https:\/\/www.cxybj.com\/index.php?rest_route=\/wp\/v2\/posts\/287\/revisions\/706"}],"wp:attachment":[{"href":"https:\/\/www.cxybj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cxybj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cxybj.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}