| 1 | #! /bin/bash |
| 2 | |
| 3 | set -e |
| 4 | |
| 5 | ## DNS DDOS victims. |
| 6 | dns_victims=$( |
| 7 | sed -n ' |
| 8 | /^.*named.*client \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)#.*:.*view inet.*NS\/IN.*denied.*$/ s//\1/p |
| 9 | ' /var/log/daemon.log | |
| 10 | sort -u | |
| 11 | while read addr; do |
| 12 | if ! ipset -qT ddos-evil-dns "$addr"; then |
| 13 | echo "$addr" |
| 14 | fi |
| 15 | done |
| 16 | ) |
| 17 | case "$dns_victims" in |
| 18 | "") ;; |
| 19 | *) |
| 20 | echo 'DNS DDOS victim addresses:' |
| 21 | ipset -N ddos-evil-dns iphash >/dev/null 2>&1 || : |
| 22 | for addr in $dns_victims; do |
| 23 | echo " $addr" |
| 24 | ipset -A ddos-evil-dns "$addr" || : |
| 25 | done |
| 26 | ;; |
| 27 | esac |