Registered users
Linkedin Twitter Facebook Google+
Close

In order to improve user's experience and to enable some functionalities by tracking the user accross the website, this website uses its own cookies and from third parties, like Google Analytics and other similar activity tracking software. Read the Privacy Policy
33HOPS, IT Consultants
33HOPS ::: Proveedores de Soluciones Informáticas :: Madrid :+34 91 663 6085Avda. Castilla la Mancha, 95 - local posterior - 28700 S.S. de los Reyes - MADRID33HOPS, Sistemas de Informacion y Redes, S.L.Info

DESCRIPTION:

Many Linux kernels come nowadays with a module that allows to set a packet rate from within IPTables, which is generally more convenient. In any case some people will still find this script/concept useful.

Spada works by collecting information on the number of connections made to a given port from connected IPs by using netstat, if this number of connections exceeds the configurable limit then the IP is banned by issuing a DROP command for the offending IP to iptables. You can pass spada a whitelist of IPs that should not be blocked at any time, your localhost IP (127.0.0.1) is added by default but you should add all your local IPs to avoid banning yourself. Spada consists of two different executable shell scripts: spada and spada-daemon. Both of them allow the very same arguments, the only difference is that when you call spada a single operation is made while when you call spada daemon you get one operation per second during 1 minute thus you can call spada-daemon from cron every minute and have a daemon alike behaviour with a very light impact on your system resources.

EXAMPLE:

./spada --ip-port=80 --max-conn=33 --whitelist="192.168.1.10, 192.168.1.11, 245.25.6.78, 78.54.121.202, 75.65.32.12"

MANUAL:

--ip-port
This argument is the TCP/IP port that you want to inspect

--max-conn
This is the configurable limit for allowed connections from a single IP

--whitelist
TThis argument is a comma delimited list of IPs allowed to exceed the --max-conn limit.

USAGE OF spada-daemon (for a continous protection)

The install of this script is very simple, all you have to do is:

a/ chown root:root /path/to/the/script/spada

b/ We asign the file execute permission (only for -root- user)

chmod 0700 /path/to/the/script/spada

c/ Include the script in a cron schedule to be run every minute by adding the following line to the crontab file

/etc/crontab or by invoking your distro cron edit utility. */1 * * * * root /path/to/the/script/spada --ip-port=80 --max-conn=33 --whitelist="192.168.1.10, 192.168.1.11, 245.25.6.78, 78.54.121.202, 75.65.32.12" > /dev/null 2>&1

You can add as many lines in your cron as you may need to protect per instance the HTTP port (80) and your mySQL server (3306)

Every second it will check for IPs with a number of connections higher than the configured limit adding them to the list of banned IPs in your -iptables- firewall. To clean the baned IPs list all we have to do is flush the -drop chain- in -iptables- or simply restart it.

This page was las modified on 2016-06-01



Website Map
Resources & help
Index of Docs
33HOPS Forum

Fill in to download
The download link will be sent to your e-mail.
Name
Lastname
E-mail


            Read our Privacy Policy