Last active
December 17, 2015 20:09
-
-
Save zQueal/5665326 to your computer and use it in GitHub Desktop.
DDoS Detection & Packet Capture Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
# DDoS Detection & Packet Capture Script | |
# Written by Robert 'xnite' Whitney | |
# Website: http://xnite.org | |
# Email: xnite@xnite.org | |
# Run script as root via crontab every 5 to 10 minutes | |
# Ensure all dependences are satisfied before running this script (ifstat, tcpdump, php) | |
# This script will only allow a single tcpdump process to run at once | |
# Configuration | |
$CONFIG = [ | |
'device' => 'eth0', //Usually eth0, if you are unsure, you can find the device name by running ifconfig. | |
'report_speed' => '15', //MBps that you want to start tracking at. | |
'packets2capture' => '1000', //Number of packets to capture in pcap dump. | |
'save_to' => '/var/log/ddos' //Path to save ddos pcap logs to without the trailing /. | |
]; | |
# Do not edit below this line! | |
exec("/usr/bin/ifstat .5 1 | /bin/grep -o '[0-9]\{1,9\}\.[0-9]\{1,9\}'", $iospeed); | |
$report_speed = $CONFIG['report_speed']*1024; | |
$ts = date('U'); | |
$folder = $CONFIG['save_to']; | |
$interface = $CONFIG['device']; | |
$packnum = $CONFIG['packets2capture']; | |
if($iospeed[0]+$iospeed[1] >= $CONFIG['report_speed']*1024) { | |
echo $iospeed[0]+$iospeed[1]." is equal to or greater than $report_speed.\n"; | |
echo "Capturing tcpdump.\nPackets: $packnum\nInterface: $interface\n Saving to: $folder/$ts.ddos.pcap\n"; | |
exec("/usr/bin/pkill -9 tcpdump"); | |
exec("/usr/sbin/tcpdump -nn -i $interface -s 0 -c $packnum -w $folder/$ts.ddos.pcap"); | |
} else { | |
echo $iospeed[0]+$iospeed[1]." is less than $report_speed.\n"; | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment