Skip to content
/ ddosmon Public
forked from gustavocp/ddosmon

Another old project that I've found lost in an old HD, DDOS Monitor

0 stars 31 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

faustoroger/ddosmon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

configs

configs

 
 

scripts

scripts

 
 

src

src

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

README.md

README.md

 
 

screenshot.png

screenshot.png

 
 

Repository files navigation

DDOS Monitor

ScreenShot

Program that uses low level linux packet sniffing in incoming network traffic for monitoring possible network attacks and reacting to them by alerting and triggering user defined self defence mechanisms.

With a ncurses interface you can monitor network traffic live and watch recent events. Logs are saved to log folder, any ddos attack detection send an email to the user.

It can classify following attacks:

  • SYN Flood
  • UDP Flood
  • ICMP Flood

Any other attack with massive amount of traffic or packet would still be detected.

Building

git clone git@github.com:edubart/ddosmon ddosmon
cd ddosmon
mkdir build && cd build
cmake ..
make

Running

# optional, I usually run this inside a screen session
screen 

sudo ./build/ddosmon configs/example.lua

NOTE: Root is needed for sniffing the network adapter packets.

Scripts

Script called when a known DDOS attack starts or stops: ./scripts/networkcompromise <compromised/uncomprimised>

Script called to notificate admins (usually via email): ./scripts/notificate <subject> <message>

Script called when one of your servers ip address might be unreachable and you may want to block/unblock it from your main server: ./scripts/ipblock <block/unblock> <ip>

Configurations

You can find and edit these configuration for you needs inside configs/home.lua

  • interface = "eth0"
  • global_traffic_threshold = 900000
  • global_packets_threshold = 225000
  • ip_traffic_threshold = 500000
  • ip_packets_threshold = 125000
  • notification_traffic_threshold = 20000
  • notification_packets_threshold = 20000
  • ipblock_retry_ticks = 536001000
  • notification_command = "./scripts/notificate "%1%" "%2%" &"
  • onblockip_command = "./scripts/ipblock block %1% &"
  • onunblockip_command = "./scripts/ipblock unblock %1% &"
  • network_uncompromise_ticks = 30
  • onnetwork_compromise_command = "./scripts/networkcompromise compromised &"
  • onnetwork_uncompromise_command = "./scripts/networkcompromise uncompromised &"
  • log="logs/home.log"
  • watchedips="configs/example_watchedips.xml"
  • notificationsubject="DDOS Monitor on server1 notification"

Watched IPs

NOTE: Don't foger to configure the ips you want to monitor in the example_watchedips.xml file.

This program was intended to monitor multiple ip addresses, so you can configure as many you like.

About

Another old project that I've found lost in an old HD, DDOS Monitor

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 92.4%
  • Shell 2.8%
  • CMake 1.9%
  • C 1.6%
  • Lua 1.3%