You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 4, 2021. It is now read-only.
Program that uses low level linux packet sniffing in incoming network traffic
for monitoring possible network attacks and reacting to them by alerting and
triggering user defined self defence mechanisms.
With a ncurses interface you can monitor network traffic live and watch
recent events. Logs are saved to log folder, any ddos attack detection send
an email to the user.
It can classify following attacks:
SYN Flood
UDP Flood
ICMP Flood
Any other attack with massive amount of traffic or packet would still be detected.
Building
git clone git@github.com:edubart/ddosmon ddosmon
cd ddosmon
mkdir build && cd build
cmake ..
make
Running
# optional, I usually run this inside a screen session
screen
sudo ./build/ddosmon configs/example.lua
NOTE: Root is needed for sniffing the network adapter packets.
Scripts
Script called when a known DDOS attack starts or stops:
./scripts/networkcompromise <compromised/uncomprimised>
Script called to notificate admins (usually via email):
./scripts/notificate <subject> <message>
Script called when one of your servers ip address might be unreachable and you may want to block/unblock it from your main server:
./scripts/ipblock <block/unblock> <ip>
Configurations
You can find and edit these configuration for you needs inside configs/home.lua
