¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 111°Ç
   
DDOS Monitor °üÁ¦
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2015-02-14 (Åä) 18:45 Á¶È¸ : 7706
±ÛÁÖ¼Ò :
                             





2³âÀü¿¡ °øÀ¯µÈ ÀÚ·áÀ̸硦 ¿Ã·Á³õÀ¸½ÅºÐ²²¼­´Â DDOS Monitor ¶ó°í ¼³¸íÀ» ´Þ¾ÆµÎ¾úÁö¸¸ ±×·¯±â¿¡´Â °Å½Ã±âÇÏ°í µ¿ÀÏÇÑ ¾ÆÀÌÇÇ¿¡¼­ Á¢¼ÓÀÚ ÃßÃâÇÏ´Â ¿ëµµ·Î »ç¿ëÇÏ¸é µüÀÏµí ½Í½À´Ï´Ù.
Ubuntu ȯ°æ¿¡¼­ Å×½ºÆ®µÇ¾úÀ¸¸ç CentOS/RHEL °è¿­¿¡¼­´Â Å×½ºÆ® ¾ÈµÇ¾ú½À´Ï´Ù.

Ãâó https://github.com/edubart/ddosmon


¾Æ·¡¿Í °°Àº °ø°ÝÀ» ºÐ·ùÇÒ¼ö ÀÖ´Ù°í ¸í½ÃµÇ¾îÀÖ½À´Ï´Ù.
- SYN Flood
- UDP Flood
- ICMP Flood

INSTALL
# wget https://github.com/edubart/ddosmon/archive/master.zip
# unzip master.zip
# cd ddosmon-master/
# mkdir build
# cd build
# yum install cmake
# cmake ..
# make 
Scanning dependencies of target ddosmon
[  7%] Building CXX object CMakeFiles/ddosmon.dir/src/configmanager.cpp.o
In file included from <command-line>:0:
/usr/local/src/ddosmon-master/src/headers.h:74:17: error: lua.h: ±×·± ÆÄÀÏÀ̳ª µð·ºÅ͸®°¡ ¾ø½À´Ï´Ù
/usr/local/src/ddosmon-master/src/headers.h:75:21: error: lauxlib.h: ±×·± ÆÄÀÏÀ̳ª µð·ºÅ͸®°¡ ¾ø½À´Ï?                 ?
/usr/local/src/ddosmon-master/src/headers.h:76:20: error: lualib.h: ±×·± ÆÄÀÏÀ̳ª µð·ºÅ͸®°¡ ¾ø½À´Ï´Ù
/usr/local/src/ddosmon-master/src/headers.h:85:21: error: ncurses.h: ±×·± ÆÄÀÏÀ̳ª µð·ºÅ͸®°¡ ¾ø½À´Ï?                 ?
In file included from /usr/local/src/ddosmon-master/src/configmanager.cpp:2:
/usr/local/src/ddosmon-master/src/configmanager.h:45: error: 'lua_State' has not been declared
/usr/local/src/ddosmon-master/src/configmanager.h:46: error: 'lua_State' has not been declared
/usr/local/src/ddosmon-master/src/configmanager.h:47: error: 'lua_State' has not been declared
/usr/local/src/ddosmon-master/src/configmanager.cpp: In member function 'void ConfigManager::loadFile                  ()':
/usr/local/src/ddosmon-master/src/configmanager.cpp:15: error: 'lua_State' was not declared in this s                  cope
/usr/local/src/ddosmon-master/src/configmanager.cpp:15: error: 'luaHandle' was not declared in this s                  cope
/usr/local/src/ddosmon-master/src/configmanager.cpp:15: error: 'lua_open' was not declared in this sc                  ope
/usr/local/src/ddosmon-master/src/configmanager.cpp:21: error: 'luaL_dofile' was not declared in this                   scope
/usr/local/src/ddosmon-master/src/configmanager.cpp:22: error: 'lua_close' was not declared in this s                  cope
/usr/local/src/ddosmon-master/src/configmanager.cpp:45: error: 'lua_close' was not declared in this s                  cope
/usr/local/src/ddosmon-master/src/configmanager.cpp: At global scope:
/usr/local/src/ddosmon-master/src/configmanager.cpp:91: error: 'std::string ConfigManager::getGlobalS                  tring' is not a static member of 'class ConfigManager'
/usr/local/src/ddosmon-master/src/configmanager.cpp:91: error: 'lua_State' was not declared in this s                  cope
/usr/local/src/ddosmon-master/src/configmanager.cpp:91: error: '_luaHandle' was not declared in this                   scope
/usr/local/src/ddosmon-master/src/configmanager.cpp:91: error: expected primary-expression before 'co                  nst'
/usr/local/src/ddosmon-master/src/configmanager.cpp:91: error: expected primary-expression before 'co                  nst'
/usr/local/src/ddosmon-master/src/configmanager.cpp:92: error: expected ',' or ';' before '{' token
make[2]: *** [CMakeFiles/ddosmon.dir/src/configmanager.cpp.o] ¿À·ù 1
make[1]: *** [CMakeFiles/ddosmon.dir/all] ¿À·ù 2
make: *** [all] ¿À·ù 2
==>>

Ubuntu 14.04 
# git clone https://github.com/edubart/ddosmon.git ddosmon
# cd ddosmon
# mkdir build
# apt-get install cmake libboost-all-dev
# apt-get install liblua5.2 libncurses5-dev
# apt-get install liblua5.1-0-dev libncurses5-dev
# cmake ..
# make  
# mkdir ../logs
# cd ..
# ./build/ddosmon configs/example.lua 

¼³Á¤ÆÄÀÏÀ» ½Ã½ºÅÛ¿¡ ¸Â°Ô...¼öÁ¤
# cat configs/example.lua
interface = "eth0"
global_traffic_threshold = 900000
global_packets_threshold = 30
ip_traffic_threshold = 500000
ip_packets_threshold = 125000
notification_traffic_threshold = 20000
notification_packets_threshold = 30
ipblock_retry_ticks = 5*3600*1000
notification_command = "./scripts/notificate \"%1%\" \"%2%\" &"
onblockip_command = "./scripts/ipblock block %1% &"
onunblockip_command = "./scripts/ipblock unblock %1% &"
network_uncompromise_ticks = 30
onnetwork_compromise_command = "./scripts/networkcompromise compromised &"
onnetwork_uncompromise_command = "./scripts/networkcompromise uncompromised &"
log="logs/example.log"
watchedips="configs/example_watchedips.xml"
notificationsubject="DDOS Monitor on server1 notification"



Building

git clone git@github.com:edubart/ddosmon ddosmon
cd ddosmon
mkdir build && cd build
cmake ..
make

Running

# optional, I usually run this inside a screen session
screen 

sudo ./build/ddosmon configs/example.lua

NOTE: Root is needed for sniffing the network adapter packets.

scripts

script called when a known DDOS attack starts or stops: ./scripts/networkcompromise <compromised/uncomprimised>

script called to notificate admins (usually via email): ./scripts/notificate <subject> <message>

script called when one of your servers ip address might be unreachable and you may want to block/unblock it from your main server: ./scripts/ipblock <block/unblock> <ip>

Configurations

You can find and edit these configuration for you needs inside configs/home.lua

  • interface = "eth0"
  • global_traffic_threshold = 900000
  • global_packets_threshold = 225000
  • ip_traffic_threshold = 500000
  • ip_packets_threshold = 125000
  • notification_traffic_threshold = 20000
  • notification_packets_threshold = 20000
  • ipblock_retry_ticks = 536001000
  • notification_command = "./scripts/notificate \"%1%\" \"%2%\" &"
  • onblockip_command = "./scripts/ipblock block %1% &"
  • onunblockip_command = "./scripts/ipblock unblock %1% &"
  • network_uncompromise_ticks = 30
  • onnetwork_compromise_command = "./scripts/networkcompromise compromised &"
  • onnetwork_uncompromise_command = "./scripts/networkcompromise uncompromised &"
  • log="logs/home.log"
  • watchedips="configs/example_watchedips.xml"
  • notificationsubject="DDOS Monitor on server1 notification"

Watched IPs

NOTE: Don't foger to configure the ips you want to monitor in the example_watchedips.xml file.

This program was intended to monitor multiple ip addresses, so you can configure as many you like.


À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.