No description, website, or topics provided.
Python Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Dshield is a lightweight tool for defending DDoS, which has good performance on defending DDoS attacks of CC, pressure measurement softwares and other DDoS tools . but actually it does not has the ability to intercept attacks. It is based on IPtables firewall, using SS command to filter suspicious IPs and acting together with IPtables firewall to defend. When DDos attacking, this tool will analyse the purpose of origin of these links in real time and add the origin ips to the DROP chain of IPtables. Meanwhile these IPs will be added to the database. But we will unblock the IP until preset ttl. It performs quite well on the basic tests of the concurrent attacks, cc attacks of single IP. It is not suitable for the truly big stream attacks, but it can handle the lightweight DDoS as long as the flow does not excess the maximum bandwidth of server which may crash the service. Dshield may be the easiest and simplest software-level DDoS defense solution. It is developed with python which is easy to read and convenient for further modifying.

Dshield has been updated for 4 versions which origin name is “DDos-defender”, v4.0.0 adds GUI based on web visualization and was reconstructed totally on code-level. Dshield adapts influxDB+grafana on the basic constructure because of web visualized orientation. You can run it without installing any extra http services, because grafana has integrated a set of http service within, and the GUI is user-definable. It is very easy to use and hope you enjoy it.


本工具经过了4次更新,原名叫“DDoS-Defender”,本版本V4.0.0中新增了基于web可视化的图形界面,代码层基本上全部进行了重构。由于面向web可视化,所以底层架构上采用了influxDB + grafana的结合,你可以不需要安装任何额外的http服务来支持它的运行,因为grafana工具已集成了一套http服务,且图形是可自定义配置的。使用起来相当容易。保证你会喜欢上它!


  • Dshield/conf     Configure files
  • Dshield/data     Data buffer storage
  • Dshield/lib     Library of modules
  • Dshield/sbin     Main program
  • Dshield/logs     Logs directory
  • Dshield/test     Test cases

## Installation

Install Dshield with root user:

(1) Install grafana

yum -y install
service grafana-server start

or install it by adding yum source, vi /etc/yum.repos.d/grafana.repo and add the content below.


Then install it by yum and start grafana-server by service command.

yum install grafana
service grafana-server start

(2) Install Dshield

cd Dshield-master/

Installation finished and you can start it now!

service grafana-server restart
/usr/local/Dshield/sbin/dshield all start

Now you can log in the administration backend by URL http://{your_ip}:3000

username: admin password: admin


command usage

# /usr/local/Dshield/sbin/dshield all {start|stop|restart}    #Start all service
# /usr/local/Dshield/sbin/dshield cc {start|stop|restart}     #Start cc process
# /usr/local/Dshield/sbin/dshield sniff {start|stop|restart}  #Start ttl modle
# /usr/local/Dshield/sbin/inflctl {start|stop|restart}        #Only start InfluxDB process

modified configure file

Open File: /usr/local/Dshield/conf/default.ini

white list

support CIRD format

whitelisted_ips = ","

whitel_ttl_ips = ","

monitor interface

mont_interface = "eth0"

monitor port

mont_port = "80,22"

listen mode false means active defense, true means only record IP and ttl but not block

mont_listen = false

monitor interval specified in seconds

rexec_time = 5

block connections this parameter can assign the sensitivity of monitoring, 100 is recommanded

no_of_connections = 100

ip block time support 1d/1h/1m format

block_period_ip = "1m"

monitor protocol it is available for TTL monitor module, tcp-tcp only, udp-udp only, ‘’-all protocols are monitored

mont_protocol = "tcp"

block connections this parameter can assign the sensitivity of monitoring, 20000~100000 is recommanded

no_ttl_connections = 20000

ttl unblock time surpport 1d/1h/1m format

block_period_ttl = "1m"


Original Author: YWJT (Copyright (C) 2016)

Maintainer: Sunshine Koo