diff options
| author | Freemor <freemor@freemor.ca> | 2019-10-25 08:09:18 -0300 |
|---|---|---|
| committer | Freemor <freemor@freemor.ca> | 2019-10-25 08:09:18 -0300 |
| commit | 2f9f06fc4e96043a6d66b18b08f7a04a73858748 (patch) | |
| tree | 08c7c80d4301e3f3cd8ea5f6d3de4c0af45bdb6c | |
| parent | b452a5d543b1a366999f54f223db7ce4c0b034be (diff) | |
Update the README.txt some
| -rw-r--r-- | README.txt | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -29,3 +29,32 @@ You can see from the: % Information related to '117.221.0.0/20AS9829' that the net block in question is: 117.221.0.0/20. Often there is a CIDR: line with this info instead/also. + +Running: +-------- + +Block and unblock are fairly self explanitory so I wont talk about them + +theDrain has several ways it can be run. + +Executing it as a non-privledged user take a quick look and print out stats on +half open connections. + +Executing it as root will do the same as above but blacklist any IPs with more +then $max_ho Half Open connections. + +I find using something like: + +watch -n 5 theDrain + +as eiter root or nonpriv. depending on the desire to monitor or monitor and block +works very well. + +theDrain also logs to a file drain.txt. So you can leave it running via watch and +come back later to see what was blocked. + +It will also fire off e-mail alerts if it sees more then $alert_level Half Open +connections. sending the alert to the address specified in $alert_to + +Definitely take a look at the source and set the variable in a way that is sane for your use. + |