The script against DDOS attacks

I will give an example of a simple script against DDOS attacks for NAT servers.
The script is executed when the total number of “conntrack” connections is more than 500000, it saves to the text file the IP address which has the most “conntrack” connections, who has more than 10,000 – adds to the ipset list.

Continue reading “The script against DDOS attacks”

Directories with a large number of files

Once there was an interesting situation, in the same directory there were millions of files.
And some of them are necessary.

When you try to view the list of files, you will naturally get a stupor for a long time.
Alternatively, they can be viewed via FTP, which has 10,000 for the frequent standard limit on the number of displayed files, for example, the FileZilla FTP client conveniently moves files in directories, but this option is long, because time is spent on FTP requests, the load on the drive is low.

If the files are not needed, you can delete them with the command (with the confirmation request to delete)

rm -r /dir/

Or delete everything without a request along with the directory:

rm -rf /dir/

In my case, small files were unnecessary, so going to the right directory, deleted the command below with anything that is smaller than the specified size:

cd /dir/
find -size -2 -type f -print -delete

Before deleting, you can see the number of such files and the total number, but this is also a lengthy process:

find -maxdepth 1 -size -2 -type f -print | wc -l
find -maxdepth 1 -type f -print | wc -l

If, instead of -2, you specify 0, then files with zero size will be deleted, that is, empty.

If you need to sort the files by directories, go to the directory with files, create the necessary directories, for example, by dates and move the files by template (all whose names begin on 2017, -maxdepth 1 indicates that you do not need to search for files in subdirectories):

cd /dir/
mkdir 2017
find -maxdepth 1 -type f -name '2017*' -exec mv -vn -t /dir/2017 {} \+

The result of the execution can be written to the file by adding to the command “> file”, for example:

find -maxdepth 1 -type f -name '2017*' -exec mv -vn -t /dir/2017 {} \+ > /dir/dir/file.log

Shredding data with Shred

Shred – allows you to overwrite the specified file with random data in order to ensure, if necessary, the more difficult process of recovery or the impossibility of data recovery.
On some file systems, data deletion is not guaranteed and the use of shred may not be effective.

The list of possible arguments:
Help program:

man shred

Continue reading “Shredding data with Shred”

Using wipe in Linux

wipe – utility for secure full erasing of information.

Install command in Linux Ubuntu/Debian:

sudo apt-get install wipe

I will describe some startup keys:
-f Disable confirmation requests.
-r Recursively Removes all subdirectories, symbolic links are not touched.
-c If the rights of the directory are read-only, then they will be changed to write.
-i Detailed information mode.
-s Quiet mode, most messages are not displayed.
-q Fast mode, directories are overwritten with random data 4 times.
-Q The number of rewrite cycles. Standard 4.
-a Stop execution on error.
-R Install a random device.
-l Specify the size of the device block, for example when using floppy disks, etc.
-D Follow symbolic links, they don’t get touched by default.
-v Displays the version of the program.
-h Display help.

Continue reading “Using wipe in Linux”

View and configure sharing of files and folders Windows from the command line

I will give an example of some commands for setting up sharing of resources.

View shared resources:

net share

Deleting a shared resource:

net share <sharename> /delete

Sharing a folder:

net share sharename=C:\dir

Example of disconnecting users from the share:

net session \\pc1 /delete

To close an open network file, use the command:

net file file_id /close

An example of granting user rights to a file (N – not set, W – write, C – change, F – full access):

cacls file.txt /G User:w

To cancel user access to a share:

cacls /R User

We allow up to 5 users to simultaneously connect to a shared resource:

net share sharename /users:5

Example of caching settings from a share (manual/BranchCache/documents/programs/none):

net share myshare /cache:manual

I want to note that when opening a share to a resource in the firewall, the following ports should be opened: TCP 139, TCP 445, UDP 137, UDP 138.

See also my articles:
Installing and using the nbtscan network scanner
Some information about the virus encryptor Trojan.Encoder.12544 attacked 06/27/2017