#!

/bin/sh
# R00TW0RMs (https://www.r00tw0rm.com/)
#-------------------------------------|-----------------------------------------#
#
_______ _______ __
_______
#_______ \ _ \ \ _ \_/ |___ _ _\ _ \_______ _____
#\_ __ \/ /_\ \/ /_\ \ __\ \/ \/ / /_\ \_ __ \/
\
# | | \/\ \_/ \ \_/ \ | \
/\ \_/ \ | \/ Y Y \
# |__|
\_____ /\_____ /__| \/\_/ \_____ /__| |__|_| /
#
\/
\/
\/
\/
#
#
# This was written for educational purpose and pentest only.
# Use it at your own risk. Author will be not responsible for any damage!
# Coder
: th3breacher <th3breacher@r00tw0rm.com> |th3breacher.wordpress.com
|
# Version
: 0.1
# Description: That's SYN flood firewall script , it uses tcp_syncookies ,backlo
g protection and also
#
iptables rules , the script runs in background...
# Usage
: Simple , when a SYN attack comes out , run the script as "./antiS
yn watchtime & " , watch time
#
deals with the severity of the attack , 10 seconds as default.
# Tested on : linux(all)
# Special thanks to : r0073r, r4dc0re, Sid3^effects, L0rd CrusAd3r, KedAns-Dz,
Angel Injection, gunslinger, JF,Seishin, CrosS (1337day.com)
#
CrosS, Xenu, Versus71,satsura, alsa7r, mich4th3c0wb0y, FI
nnH@X, s3rver.exe (r00tw0rm.com)
#-------------------------------------|-----------------------------------------#
level=""
logfile="/tmp/synlogs"
RED="\\033[1;31m"
NORMAL="\\033[0;39m"
showbanner() {
echo -ne "$RED" "
.d88b. .d88b.
8d8b 8P Y8 8P Y8
8P 8b d8 8b d8
8
Y88P Y88P

w
w8ww Yb db dP
8
YbdPYbdP
Y8P YP YP

.d88b.
8P Y8 8d8b 8d8b.d8b.
8b d8 8P 8P Y8P Y8
Y88P 8
8 8 8

#SYN flood firewall

th3breacher <th3breacher@r00tw0rm.com>
Usage : $0 watchtime (watchtime (seconds))
Example : $0 10 means the firewall will watch for Syn Ddos every 10 seconds
KILL
: ps aux | grep antiSyn take the PID and kill PID
""$NORMAL"
}
preparation () {
echo "[+] SYN Flood protection started..." > $logfile
}
configuration() {

echo "1" > /proc/sys/net/ipv4/tcp_syncookies

echo "1024" > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "[+] Preparation completed..." >> $logfile
}
iptables_watch () {
echo "[+] SYN Firewall Started..." >> $logfile
while true; do
for i in ` netstat -tanpu | grep "SYN_RECV" | awk {'print $5'} | cut -f
1 -d ":" | sort | uniq -c | sort -n | awk {'if ($1 > 3) print $2'}` ; do echo $i
; iptables -A INPUT -s $i/24 -j DROP; done
sleep $level
done
}
mynohup(){
# Close stdin, and make any read attempt an error
if [ -t 0 ]
then
exec 0>/dev/null
fi
# Redirect stdout to a file if it's a TTY
if [ -t 1 ]
then
exec 1>nohup.out
if [ $? -ne 0 ]
then
exec 1>$HOME/nohup.out
fi
fi
# Redirect stderr to stdout if it's a TTY
if [ -t 2 ]
then
exec 2>&1
fi
# Trap
trap : HUP
}
showbanner
if [ -z "$1" ]; then
echo "[+] Using default level set to 10 seconds"
level=10
else
echo "[+] Setting up level to $1 "
level=$1
fi
mynohup
preparation
configuration
iptables_watch