

DDoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It is one of the simplest and easiest solutions at the software level.



If you don't know anything about Denial of Service Attacks, read the following Wikipedia article:

How it works: It tracks and monitors all the IP addresses making connections to the server by using the netstat command. Whenever it detects the number of connections from a single node exceeding certain pretest limits which are defined in the configuration file, the script will automatically block that IP address through the IP tables or APF according to the configuration.



It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections.

netstat -an | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Features:

It is possible to whitelist IP addresses, via /etc/ddos/ignore.ip.list.

It is possible to whitelist hostnames, via /etc/ddos/ignore.host.list.

Simple configuration file: /etc/ddos/ddos.conf

IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)

The script can run as a cron job at chosen frequency via the configuration file (default: 1 minute)

The script can run as a daemon at chosen frequency via the configuration file (default: 5 seconds)

You can receive email alerts when IP addresses are blocked.

Control blocking by connection state (see man netstat).

Auto-detection of firewall.

Support for APF, CSF, ipfw, and iptables.

Logs events to /var/log/ddos.log

Uses tcpkill to reduce the number of processes opened by attackers.





How To Install DDoS Deflate

As root user execute the following commands:

wget https://github.com/jgmdev/ddos-deflate/archive/master.zip unzip master.zip cd ddos-deflate-master ./install.sh



