|
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
/**
* @author Robbin Fan
*
*/
publicclass IPBanner {
publicstaticfinalString NETSTAT = "netstat -nt";
publicstaticfinalString IP_INSERT = "iptables -I INPUT -i eth0 -j DROP -p tcp --dport 80 -s ";
publicstaticfinalString IP_DEL = "iptables -D INPUT -i eth0 -j DROP -p tcp --dport 80 -s ";
publicstaticfinalString HOST_IP = "61.129.70.239:80";
publicstaticfinal long BAN_TIMEOUT = 30 * 60 * 1000L;
publicstaticfinal long BAN_INTERVAL = 30 * 1000L;
publicstaticfinalint CONCURRENT = 80;
publicstaticfinalint SYN_CONCURRENT = 8;
publicstaticfinalMap banMap = newHashMap();
publicstaticvoid ban()throwsException{
Set banList = dynamicBanIP();
System.out.println();
System.out.println("Time: " + newDate());
Runtime runtime = Runtime.getRuntime();
List expiredIPList = newArrayList();
for(Iterator iter = banMap.entrySet().iterator(); iter.hasNext();){
Map.Entry entry = (Map.Entry) iter.next();
if((System.currentTimeMillis() - ((Long) entry.getValue()).longValue()) > BAN_TIMEOUT){
expiredIPList.add(entry.getKey());
}
}
for(int i = 0; i <expiredIPList.size(); i++){
runtime.exec(IP_DEL + expiredIPList.get(i));
System.out.println("DEL IP: " + expiredIPList.get(i));
banMap.remove(expiredIPList.get(i));
}
for(Iterator iter = banList.iterator(); iter.hasNext();){
String ip = (String) iter.next();
if(!banMap.containsKey(ip)){
runtime.exec(IP_INSERT + ip);
banMap.put(ip, newLong(System.currentTimeMillis()));
System.out.println("BAN IP:" + ip);
}
}
System.out.println("---ban ip list---");
for(Iterator iter = banMap.keySet().iterator(); iter.hasNext();){
String ip = (String) iter.next();
System.out.println(ip);
}
}
publicstaticSet dynamicBanIP()throwsException{
String ipstat = null;
Set banList = newHashSet();
List ipList = newArrayList();
List countList = newArrayList();
List synCountList = newArrayList();
List finCountList = newArrayList();
Runtime runtime = Runtime.getRuntime();
Process process = runtime.exec(NETSTAT);
InputStream input = process.getInputStream();
InputStreamReader inputReader = newInputStreamReader(input);
BufferedReader reader = newBufferedReader(inputReader);
reader.readLine();
reader.readLine();
while((ipstat = reader.readLine()) != null){
StringTokenizer token = newStringTokenizer(ipstat);
while(token.hasMoreTokens()){
token.nextToken();
token.nextToken();
token.nextToken();
String originalIP = token.nextToken();
String ip = token.nextToken().split(":")[0];
String status = token.nextToken();
if(HOST_IP.equals(originalIP)){
if(!ipList.contains(ip)){
ipList.add(ip);
countList.add(newInteger(1));
if("SYN_RECV".equals(status)){
synCountList.add(newInteger(1));
}else{
synCountList.add(newInteger(0));
}
if("FIN_WAIT1".equals(status)){
finCountList.add(newInteger(1));
}else{
finCountList.add(newInteger(0));
}
}else{
int index = ipList.indexOf(ip);
countList.set(index, newInteger(((Integer) countList.get(index)).intValue() + 1));
if("SYN_RECV".equals(status)){
synCountList.set(index, newInteger(((Integer) synCountList.get(index)).intValue() + 1));
}
if("FIN_WAIT1".equals(status)){
finCountList.set(index, newInteger(((Integer) finCountList.get(index)).intValue() + 1));
}
}
}
}
}
reader.close();
inputReader.close();
input.close();
process.destroy();
for(int i = 0; i < ipList.size(); i++){
if(((Integer) countList.get(i)).intValue() > CONCURRENT)
banList.add(ipList.get(i));
if(((Integer) synCountList.get(i)).intValue() > SYN_CONCURRENT)
banList.add(ipList.get(i));
if(((Integer) finCountList.get(i)).intValue() > SYN_CONCURRENT)
banList.add(ipList.get(i));
}
return banList;
}
publicstaticvoid main(String[] args)throwsException{
while(true){
ban();
Thread.sleep(BAN_INTERVAL);
}
}
}
|