diff options
-rw-r--r-- | network/dnsflood/README | 11 | ||||
-rw-r--r-- | network/dnsflood/dns_flood_detector.1 | 57 | ||||
-rw-r--r-- | network/dnsflood/dnsflood.SlackBuild | 95 | ||||
-rw-r--r-- | network/dnsflood/dnsflood.info | 8 | ||||
-rw-r--r-- | network/dnsflood/doinst.sh | 24 | ||||
-rw-r--r-- | network/dnsflood/rc.dnsflood | 37 | ||||
-rw-r--r-- | network/dnsflood/slack-desc | 19 |
7 files changed, 251 insertions, 0 deletions
diff --git a/network/dnsflood/README b/network/dnsflood/README new file mode 100644 index 0000000000000..be66b71d11c54 --- /dev/null +++ b/network/dnsflood/README @@ -0,0 +1,11 @@ +DNS Flood Detector was developed to detect abusive usage levels on high traffic +nameservers and to enable quick response in halting the use of one's nameserver +to facilitate spam. + +DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor incoming +dns queries to a nameserver. The tool may be run in one of two modes, either +daemon mode or "bindsnap" mode. In daemon mode, the tool will alarm via syslog. +In bindsnap mode, the user is able to get near-real-time stats on usage to aid +in more detailed troubleshooting. + +A /etc/rc.d/rc.dnsflood daemon control script is aditionally included. diff --git a/network/dnsflood/dns_flood_detector.1 b/network/dnsflood/dns_flood_detector.1 new file mode 100644 index 0000000000000..cb98d07af96ae --- /dev/null +++ b/network/dnsflood/dns_flood_detector.1 @@ -0,0 +1,57 @@ +.TH dns_flood_detector 1 "Tuesday, September 2, 2003" "GNU/Linux" "" +.SH NAME +dns_flood_detector \- a tool to detect abusive usage levels on high traffic nameservers. +.SH SYNOPSIS + +.B dns_flood_detector +[-i <IFNAME>] [-t N] [-a N] [-w N] [-x N] [-bdvh] + +.SH DESCRIPTION +.B dns_flood_detector +was developed to detect abusive usage levels on high traffic nameservers and to enable quick response in halting the use of ones nameserver to facilitate spam. DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor incoming dns queries to a nameserver. The tool may be run in one of two modes, either daemon mode or "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap mode, the user is able to get near-real-time stats on usage to aid in more detailed troubleshooting. + +.SH OPTIONS +.TP +.I -i <IFNAME> +specify ethernet device name to listen on +.TP +.I -t N +alarm at >N queries per second +.TP +.I -a N +reset alarm after N seconds +.TP +.I -w N +calculate stats every N seconds +.TP +.I -x N +create N buckets +.TP +.I -b +run in foreground in bindsnap mode +.TP +.I -d +run in background in daemon mode +.TP +.I -v +verbose output - use again for more verbosity +.TP +.I -h +display help information + +.SH EXAMPLE +.B /dns_flood_detector -v -v -b -t10 + +[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] + +[15:14:56] source [10.0.24.2] - 0 qps tcp : 15 qps udp [15 qps A] + +[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] + +[15:15:06] source [10.0.24.2] - 0 qps tcp : 15 qps udp [14 qps A] + +[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 qps PTR] +.SH AUTHOR +Dennis Opacki +.B <dopacki@adotout.com> http://www.adotout.com/dnsflood.html + diff --git a/network/dnsflood/dnsflood.SlackBuild b/network/dnsflood/dnsflood.SlackBuild new file mode 100644 index 0000000000000..b84655328b184 --- /dev/null +++ b/network/dnsflood/dnsflood.SlackBuild @@ -0,0 +1,95 @@ +#!/bin/sh + +# Slackware build script for DNS Flood Detector + +# Written by Menno E. Duursma <druiloor@zonnet.nl> + +# This program is free software. It comes without any warranty, to +# the extent permitted by applicable law. You can redistribute it +# and/or modify it under the terms of the Do What The Fuck You Want +# To Public License, Version 2, as published by Sam Hocevar. See +# http://sam.zoy.org/wtfpl/COPYING for more details. + +PRGNAM=dnsflood +VERSION=${VERSION:-1.12} +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +NAME=dns_flood_detector # program name + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi + +set -e # Exit on most errors + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION $NAME +tar xvf $CWD/$PRGNAM-$VERSION.tgz +cd $NAME +chown -R root:root . +find . -type d | xargs chmod 0755 +find . -type f | xargs chmod go-w,a-s + +# Create destdirs +mkdir -p $PKG/etc/rc.d +mkdir -p $PKG/usr/sbin +mkdir -p $PKG/usr/man/man1 + +# Use the Linux Makefile +./configure.pl Linux + +# Fix installation location, set CFLAGS +sed -i -e "s#/usr/local/sbin/#$PKG/usr/sbin#g" \ + -e "s/^\(CFLAGS=\).*/\1 -Wall $SLKCFLAGS -D_BSD_SOURCE/" \ + Makefile + +make +make install + +# Include the manpage +cat $CWD/dns_flood_detector.1 \ + | gzip -9c \ + > $PKG/usr/man/man1/dns_flood_detector.1.gz + +# Add some sysmlinks, probably expected to exist to some users +( cd $PKG/usr/sbin || exit 1 + ln -vsf $NAME $PRGNAM +) +( cd $PKG/usr/man/man1 || exit 1 + ln -vsf $NAME.1.gz $PRGNAM.1.gz +) + +# Add a daemon control script +cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a [A-Z][A-Z]* $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README$TAG + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz + +# Clean up the extra stuff: +if [ "$1" = "--cleanup" ]; then + rm -rf $TMP/$PRGNAM-$VERSION + rm -rf $PKG +fi + diff --git a/network/dnsflood/dnsflood.info b/network/dnsflood/dnsflood.info new file mode 100644 index 0000000000000..009ddb8be42c7 --- /dev/null +++ b/network/dnsflood/dnsflood.info @@ -0,0 +1,8 @@ +PRGNAM="dnsflood" +VERSION="1.12" +HOMEPAGE="http://www.adotout.com/dnsflood.html" +DOWNLOAD="http://www.adotout.com/dnsflood-1.12.tgz" +MD5SUM="ab893e3278e3569bc3d5beab7fb98d3f" +MAINTAINER="Menno E. Duursma" +EMAIL="druiloor@zonnet.nl" +APPROVED="rworkman" diff --git a/network/dnsflood/doinst.sh b/network/dnsflood/doinst.sh new file mode 100644 index 0000000000000..0f8729cca6708 --- /dev/null +++ b/network/dnsflood/doinst.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on rc.dnsflood: +if [ -e etc/rc.d/rc.dnsflood ]; then + cp -a etc/rc.d/rc.dnsflood etc/rc.d/rc.dnsflood.new.incoming + cat etc/rc.d/rc.dnsflood.new > etc/rc.d/rc.dnsflood.new.incoming + mv etc/rc.d/rc.dnsflood.new.incoming etc/rc.d/rc.dnsflood.new +fi + +config etc/rc.d/rc.dnsflood.new + diff --git a/network/dnsflood/rc.dnsflood b/network/dnsflood/rc.dnsflood new file mode 100644 index 0000000000000..011e5c88c9322 --- /dev/null +++ b/network/dnsflood/rc.dnsflood @@ -0,0 +1,37 @@ +#!/bin/sh + +dnsflood_start() { + if [ -x /usr/sbin/dns_flood_detector ]; then + echo "Starting DNS Flood Detector: /usr/sbin/dns_flood_detector -d" + /usr/sbin/dns_flood_detector -d + fi + +} + +dnsflood_stop() { + killall dns_flood_detector + +} + +dnsflood_restart() { + dnsflood_stop + sleep 1 + dnsflood_start + +} + +case "$1" in +'start') + dnsflood_start + ;; +'stop') + dnsflood_stop + ;; +'restart') + dnsflood_restart + ;; +*) + echo "Usage: $0 start|stop|restart" + exit 1 +esac + diff --git a/network/dnsflood/slack-desc b/network/dnsflood/slack-desc new file mode 100644 index 0000000000000..b88ba1b2eea26 --- /dev/null +++ b/network/dnsflood/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler----------------------------------------------------| +dnsflood: dnsflood (DNS Flood Detector) +dnsflood: +dnsflood: dnsflood is a tool to detect abusive usage levels +dnsflood: on high traffic nameservers. +dnsflood: +dnsflood: dns_flood_detector was written by Dennis Opacki +dnsflood: +dnsflood: +dnsflood: +dnsflood: +dnsflood: |