unixu Posted May 29, 2009 Share Posted May 29, 2009 ich möchte gerne auf meine server via autoit sogenannte syn-rec floods detecten lassen und diese via ipsec bannen. ich habe nun schon mit vielen befehlen herrumgespielt allerdings weiß ich nicht wie genau ich dass ganze umsetzen muss. der befehlden ich nutze ist netsta -n -p TCP aber ich hab mit der filterung einige probleme weiss jemand ne bessere lösung und nen kleines bespiel. Link to comment Share on other sites More sharing options...
PsaltyDS Posted May 29, 2009 Share Posted May 29, 2009 ich möchte gerne auf meine server via autoit sogenannte syn-rec floods detecten lassen und diese via ipsec bannen.ich habe nun schon mit vielen befehlen herrumgespielt allerdings weiß ich nicht wie genau ich dass ganze umsetzen muss.der befehlden ich nutze ist netsta -n -p TCP aber ich hab mit der filterung einige probleme weiss jemand ne bessere lösung und nen kleines bespiel.You could could catch the output from "netstat -n -p TCP" by redirecting it to a file or with StdOutRead(). Check the text with StringInStr() or StringRegExp() to look for multiple connections in the SYN-RECEIVED state that never get to ESTABLISHED.Sie können fangen könnte die Ausgabe von "netstat -n -p tcp" durch Umstellung auf eine Datei oder mit StdOutRead(). Überprüfen Sie den text mit StringInStr() oder StringRegExp(), um sich für mehrere Verbindungen in der SYN-RECEIVED, dass nie STÄNDIGER. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
unixu Posted May 29, 2009 Author Share Posted May 29, 2009 You could could catch the output from "netstat -n -p TCP" by redirecting it to a file or with StdOutRead(). Check the text with StringInStr() or StringRegExp() to look for multiple connections in the SYN-RECEIVED state that never get to ESTABLISHED. thx for your answer could you do a small example because i never worked with StringInStr or stringregxp Link to comment Share on other sites More sharing options...
PsaltyDS Posted May 29, 2009 Share Posted May 29, 2009 thx for your answer could you do a small example because i never worked with StringInStr or stringregxpThere are example scripts in the help file, and some basic tutorials. In addition there is an AutoIt Wiki page, with some more tutorials.Download AutoIt and the full version of the SciTE editor (there is a limited version packed with AutoIt, but you want the full version). Run the examples and basic tutorials, then take a shot at your script. If you get stuck come back with a specific question.Cheers! Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
unixu Posted May 29, 2009 Author Share Posted May 29, 2009 (edited) i got this so far.. $ip = FileRead("ip.txt",0) $nOffset = 1 While 1 $result = StringRegExp($ip,"(.*?)WARTEND",1) If @error = 0 Then $nOffset = @extended Else ExitLoop EndIf for $i = 0 to UBound($result) - 1 msgbox(0, "RegExp Test with Option 1 - " & $i, $result[$i]) Next WEnd my problem now it just exists without doing anything. i think itz the regexp string i maybebe wrong with the "(.*?)WARTEND" can you correct me if i am wrong or tell me where the error is here this would be nice i think im done then EDIT: I found my error $ip was empty it didnt read the ip file itz working now thx Edited May 29, 2009 by unixu Link to comment Share on other sites More sharing options...
PsaltyDS Posted May 29, 2009 Share Posted May 29, 2009 EDIT: I found my error $ip was empty it didnt read the ip file itz working now thx Welcome to AutoIt! Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
unixu Posted May 29, 2009 Author Share Posted May 29, 2009 well there is problem now ^^ i am writing all ips to an file after that i read the file and get all ips which got more then 10 connections to port 80 my problem is the variable is not increased ill send you the modified version $ip = FileRead("ip.txt") $nOffset = 1 $i = 0 $result = StringRegExp($ip, '(?i)(.*?)WARTEND', 1, $nOffset) while $i <= UBound($result) -1 IniWrite("ips.ini","flooders",StringTrimRight(StringTrimLeft($result[$i],30),14),$i) $i = $i + 1 WEnd Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now