21

Oct

Synd Update

Posted by admin  Published in Anti-Ddos

I have finally released an update for synd - csf.

I know before there was a problem with the unban command and it would just spit the csf already banned errors back at you for every ip you banned. This has been fixed.

Added a configuration command so the config can be edited on the fly without having to type the full path each time.

Cleaned up some things and called this one 0.2 beta :)

Using this script in conjunction with csf can really help with ddos attacks. You can do the same thing with csf but you cannot enter command manually and you would have to change ct_state to syn_recv only which leaves you open to everything else.

The best way to use this script with csf is in csf.conf for ct_states put SYN_RECV,ESTABLISHED,NEW

It is not ideal to run this script on cron as it can lag things during a big attack trying to run netstat and all. This is best used if you have a large attack and want to ban all ips with so many syn connections. For example you see all attacking ips with 4 syn connections each. Normally you would not want to ban ips with only 4 syns but during an attack it can make a big difference. You just do synd 4 or any amount you want. Sometimes I will use as low as 2.

But nevertheless, despite the new features of csf which is an awesome firewall btw, synd is still a very useful script. It is one of the first things I install on a server, if I forget I surely remember when an attack comes.

To upgrade to the new csf

rm -rf /usr/local/synd ; wget nix101.com/synd/install.sh ; sh install.sh

For first time install

wget nix101.com/synd/install.sh ; sh install.sh

Please let me know if anyone sees any problems or has any suggestions.. As Ive said before I am not a coder, i dont pretend to be, this is just a simple modified bash script that was written by someone else.I have just changed some things and added some things to do syn only. So if anyone knows anyway we can improve this Im all ears.

Some things I would liek to add in the future, if anyone knows how we can implement these please let me know

Use conntrack instead of netstat

The ability to add relative packet filter rules instead of having to parse netstat each time. I am working on a way to do this with limit match.

Anything else that can make it better and give admins the ability to fight off ddos attacks.

Related Articles

No user responded in this post

Subscribe to this post comment rss or trackback url

nix101.com is Digg proof thanks to caching by WP Super Cache!