hello - i realize this is not a forum for the ddos.sh but this forum is where the script was first suggested to me.
i keep getting emails like the following: Banned the following ip addresses on Tue Jan 20 06:01:01 EST 2015 56 with 56 connections
i recently mentioned an issue of the age of the script which is quite a few years old. upon investigating, i think what may be happening is the script was written long before IP6 was introduced. when i look at the script, i see this is the heart of it:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
and here is an example of what i see when i just run "netstat -ntu":
tcp 0 0 199.231.184.26:10000 66.201.41.4:55393 ESTABLISHED tcp 0 64 199.231.184.26:22 174.26.118.9:64138 ESTABLISHED tcp 0 0 ::ffff:199.231.187.6:80 ::ffff:68.180.229.41:58968 TIME_WAIT tcp 0 0 ::ffff:199.231.184.26:80 ::ffff:147.4.69.35:56756 FIN_WAIT2
notice the ::ffff: ? the first "cut -d:" step cant seem to handle the IP6 stuff, which is causing the blank lines being emailed to me.
i am thinking a simple workaround might be to have something like my ol' friend sed:
netstat -ntu | sed -e "s/::ffff://g;" | .....
i wrote to the original author but never head back.
any thoughts?