Firewal script that blocks and detects portscan and DoS by pinging (death ping).
- You will need
IPTables;
Net-tools.
-
1 - insert this line (without the quotes):
'*.=info -/var/log/iptables.log'in /etc/rsyslog.d/50-default.conf -
2 - restart rsyslog:
$sudo service rsyslog restart -
3 - run firewall:
$sudo ./Firewall -
4 - verify log:
$tail -f /var/log/iptables.log -
5 - log line example:
a) PortScan Detection:
Aug 13 16:49:13 diogenes-inspiron kernel:
[11549.184256] WARNING PORTSCAN ATTACK!!!:IN=wlan0
OUT= MAC=b0:10:41:fe:2d:2b:08:00:27:b5:8d:f4:08:00
SRC=104.105.212.60 DST=113.167.9.21 LEN=40 TOS=0x00
PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=443 DPT=59152
WINDOW=0 RES=0x00 RST URGP=0b)DEATH PING Detection:
Aug 13 16:48:41 diogenes-inspiron kernel:
[11517.279744] WARNING DEATH PING ATTACK!!!:IN=wlan0
OUT= MAC=b0:10:41:fe:2d:2b:64:1c:67:f8:be:58:08:00
SRC=113.167.9.40 DST=113.167.9.21 LEN=84 TOS=0x00
PREC=0x00 TTL=64 ID=12546 DF PROTO=ICMP TYPE=8
CODE=0 ID=7488 SEQ=7