[lug] Help with bash script to slow down DOS attack

[Paul Nowosielski]

Hello again,

I could really use your help.
I'm experiencing a DOS attack a web server.

I've been able to isolate the heavy hitting ip's with this expression:

netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

which produces

{number of connections} {ip}

What I would like to do is drop the ip if they have over 50 connections and its not the servers ip or local host with iptables. Since its a VPS 
I do not have the full iptables command set. But I can do a


iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP

Unfortunately I've been up all night and and not extremely sharp at this point in time.

Could anyone lend a hand please? I would really appreciate it!

Best,

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20120214/05b3bd55/attachment.html>