random/networking/ddosmonit.sh

#!/bin/sh
interface=eth0
dumpdir=/tmp/
email="admin@domain.tld"
subject="DDoS Notification: `hostname`"
sender="admin@domain.tld"
while /bin/true; do
	pkt_old=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
	sleep 1
	pkt_new=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
	pkt=$(( $pkt_new-$pkt_old ))
	echo -ne "\r$pkt packets/s\033[0K"
	if [ $pkt -gt 5000 ]; then
		filename=$dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap
		tcpdump -n -s0 -c 2000 > $filename
		echo "`date` Packets dumped, sleeping now."
		sleep 1
		data=`cat $filename`
		sendmail -F $sender -it <<END_MESSAGE
		To: $email
		Subject: $subject
		`cat $filename`
		END_MESSAGE
		echo "sendmail complete"
		sleep 300
	fi
done
Initial commit 2019-06-28 02:39:56 +00:00			`#!/bin/sh`
			`interface=eth0`
			`dumpdir=/tmp/`
			`email="admin@domain.tld"`
			subject="DDoS Notification: `hostname`"
			`sender="admin@domain.tld"`
			`while /bin/true; do`
			pkt_old=`grep $interface: /proc/net/dev \| cut -d : -f2 \| awk '{ print $2 }'`
			`sleep 1`
			pkt_new=`grep $interface: /proc/net/dev \| cut -d : -f2 \| awk '{ print $2 }'`
			`pkt=$(( $pkt_new-$pkt_old ))`
			`echo -ne "\r$pkt packets/s\033[0K"`
			`if [ $pkt -gt 5000 ]; then`
			filename=$dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap
			`tcpdump -n -s0 -c 2000 > $filename`
			echo "`date` Packets dumped, sleeping now."
			`sleep 1`
			data=`cat $filename`
			`sendmail -F $sender -it <<END_MESSAGE`
			`To: $email`
			`Subject: $subject`
			`cat $filename`
			`END_MESSAGE`
			`echo "sendmail complete"`
			`sleep 300`
			`fi`
			`done`