Sign in to follow this  
Followers 0
unixu

syn-rec flood detecten

7 posts in this topic

ich möchte gerne auf meine server via autoit sogenannte syn-rec floods detecten lassen und diese via ipsec bannen.

ich habe nun schon mit vielen befehlen herrumgespielt allerdings weiß ich nicht wie genau ich dass ganze umsetzen muss.

der befehlden ich nutze ist netsta -n -p TCP aber ich hab mit der filterung einige probleme weiss jemand ne bessere lösung und nen kleines bespiel.

Share this post


Link to post
Share on other sites



ich möchte gerne auf meine server via autoit sogenannte syn-rec floods detecten lassen und diese via ipsec bannen.

ich habe nun schon mit vielen befehlen herrumgespielt allerdings weiß ich nicht wie genau ich dass ganze umsetzen muss.

der befehlden ich nutze ist netsta -n -p TCP aber ich hab mit der filterung einige probleme weiss jemand ne bessere lösung und nen kleines bespiel.

You could could catch the output from "netstat -n -p TCP" by redirecting it to a file or with StdOutRead(). Check the text with StringInStr() or StringRegExp() to look for multiple connections in the SYN-RECEIVED state that never get to ESTABLISHED.

Sie können fangen könnte die Ausgabe von "netstat -n -p tcp" durch Umstellung auf eine Datei oder mit StdOutRead(). Überprüfen Sie den text mit StringInStr() oder StringRegExp(), um sich für mehrere Verbindungen in der SYN-RECEIVED, dass nie STÄNDIGER.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

You could could catch the output from "netstat -n -p TCP" by redirecting it to a file or with StdOutRead(). Check the text with StringInStr() or StringRegExp() to look for multiple connections in the SYN-RECEIVED state that never get to ESTABLISHED.

:)

thx for your answer could you do a small example because i never worked with StringInStr or stringregxp

Share this post


Link to post
Share on other sites

thx for your answer could you do a small example because i never worked with StringInStr or stringregxp

There are example scripts in the help file, and some basic tutorials. In addition there is an AutoIt Wiki page, with some more tutorials.

Download AutoIt and the full version of the SciTE editor (there is a limited version packed with AutoIt, but you want the full version). Run the examples and basic tutorials, then take a shot at your script. If you get stuck come back with a specific question.

Cheers!

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

i got this so far..

$ip = FileRead("ip.txt",0)
$nOffset = 1
While 1
$result = StringRegExp($ip,"(.*?)WARTEND",1)


    If @error = 0 Then
        $nOffset = @extended
    Else
        ExitLoop
    EndIf
    for $i = 0 to UBound($result) - 1
        msgbox(0, "RegExp Test with Option 1 - " & $i, $result[$i])
    Next
WEnd

my problem now it just exists without doing anything.

i think itz the regexp string i maybebe wrong with the "(.*?)WARTEND" can you correct me if i am wrong or tell me where the error is here this would be nice i think im done then

EDIT: I found my error $ip was empty it didnt read the ip file itz working now thx :)

Edited by unixu

Share this post


Link to post
Share on other sites

EDIT: I found my error $ip was empty it didnt read the ip file itz working now thx :)

Welcome to AutoIt!

:party:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

well there is problem now ^^

i am writing all ips to an file after that i read the file and get all ips which got more then 10 connections to port 80

my problem is the variable is not increased ill send you the modified version

$ip = FileRead("ip.txt")
$nOffset = 1
$i = 0
$result = StringRegExp($ip, '(?i)(.*?)WARTEND', 1, $nOffset)
    while $i <= UBound($result) -1
       IniWrite("ips.ini","flooders",StringTrimRight(StringTrimLeft($result[$i],30),14),$i)
       $i = $i + 1
    WEnd

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0