QUOTE The reason for so much bad science is not that talent is rare, not at all; what is rare is character.

- Sigmund Freud

Project Codename: ddos_deflate, el Guapo Edition (ege)



DOWNLOADDOWNLOAD[ ddos_deflate_ege_-_v.0.6.ege.4e2.tar ]
HTTP -- Download.SpinelliCreations.com/ddos_deflate, el Guapo Edition (ege)

FTP -- SpinelliCreations.com/ddos_deflate_ege

Project Description


ddos_deflate, el Guapo Edition is a simple but effective means of trench defense. (Trench defense = a layered network security scheme involving multiple discrete utilities or devices.)

Assuming a firewall (whether in hardware or in software via IPTables / IPChains / or another software firewall), then the bulk of your nefarious traffic is (hopefully) already being taken care of. However, what slips through, on legitimate ports, can sometimes be denial of service attacks. A truly distrubuted denial of service attack is something for where there exists no known solution (at least at this time). However, a single user dos (or a small number of users working together) can effectively be thwarted if your pipe (internet connection) is large. Running on a short cycle (such as 1 minute), ddos_delfate ege can detect nefarious IP's that have bombarded a port with a tremendous number of connections (in a soho environment, 100 connections from a single IP that is not in your LAN constitutes a 'big red warning flag', but you can set this connection limit to your liking in the config file). The script with then use IPTables to drop all incoming packets from the address for a given amount of time (default = 10 minutes), before reallowing connections from that IP. You are free to allow (tell the script to ignore) individual IP's, subnets, or even entire networks by using the 'ip.ignore.list' file. You should add all of your LAN subnets to this file.


BASH Shell


CHECK ONLY - [you@host]# ddos
CHECK AND KILL - [you@host]# ddos -k
VIA CRON - */1 * * * * root ddos -k >/dev/null 2>&1
AT BOOT (in rc.local) - ddos -b


./install.sh, ./uninstall.sh, and cyclical run as a cron job.

-- Version v.0.6.ege.4e2_2018 takes key positive features of the previously two abandoned (no longer published) versions, while eliminating the detracting behavior. Further resolves an issue with the UNBAN function, whereby banned IP's would be automatically un-banned after a certain amount of time (as declared in the configuration file). Production ready release.
-- **** ABANDONED VERSION - DELETED FROM REPOSITORY *** Version v.0.6.ege.4e3_shalla successfully implements use of Shalla List (as noted in 4e2, below). Host name resolution (to IP) is slow sometimes using cmd 'gethostip'.
-- **** ABANDONED VERSION - DELETED FROM REPOSITORY *** Version v.0.6.ege.4e2_shalla resolves an issue w/ improper handling of 'ignored' (always allowed / whitelisted) IP addresses / ranges of addresses. It also adds experimental support for the Shalla List (originally intended for Squid Proxy) redirect domain text file.
-- Version 0.6.ege.4.e2 is a bugfix for 4d/4e where new blocked addresses would populate multiple times.
-- Version 0.6.ege.4.d is a bugfix for 4c.
-- Version 0.6.ege.4c is an efficiency fix - items already banned but taking a long time to fall off the connection list will no longer result in multiple firewall entries.
-- Version 0.6.ege.4b is a bugfix.
**** all verions prior to 0.6.4b should be considered alpha / test only and never used!
-- Version 0.6.ege.4a is a bugfix.
-- Version 0.6.ege.4 adds the '-b' switch, which should be run at bootup to maintain persistance of previously blocked addresses in 'banned.ip.list' file.
-- Version 0.6.ege.3 applies bugfixes to the previous, and should be considered the first beta-level release.
-- Version 0.6.ege.2 adds refinements, a persistence ability (until reboot), and the ability to view a list of current ly banned IP's by opening the file 'banned.ip.list' in a text editor or from the command line. Enjoy.
-- Version 0.6.ege.1 builds upon the original work by Zaf in 2005; making it a bit more useful.

Screen Captures and Related Images


terminal: 'install'

terminal: 'manually running'

email receipt of a banned host

Built: March 7, 2014
Updated: January 11, 2018