Nuno

Asked: 2016-06-30 13:14:33 +0800 CST2016-06-30 13:14:33 +0800 CST 2016-06-30 13:14:33 +0800 CST

Run shell script on the event of "possible SYN flooding"

I'd like to write a script that gets all the stats I need (top IPs, used memory, netstat, etc) at the time I got an SYN flooding, and write to a report file.

So, is it possible to trigger a script/command when the kernel alerts for "possible SYN flooding on port XXX" ?

Jun 27 22:12:21 xxxx kernel: [xxxx.xxxx] possible SYN flooding on port 443. Sending cookies. Jun 27 22:13:22 xxxx kernel: [xxxx.xxxx] possible SYN flooding on port 443. Sending cookies. Jun 27 22:14:25 xxxx kernel: [xxxx.xxxx] possible SYN flooding on port 443. Sending cookies.

1 Answers

Voted

Best Answer

HBruijn
2016-06-30T14:12:33+08:002016-06-30T14:12:33+08:00
In short: yes!

But that depends a bit in the syslog daemon you're running.

Syslog-ng allows that with the program() destination.

Rsyslog offers actions.
2

Run shell script on the event of "possible SYN flooding"

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?