Merge tag 'upstream/1.20'

Upstream version 1.20

LICENSE

@@ -0,0 +1,281 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+

README

@@ -0,0 +1,91 @@
+DNS FLood Detector 1.2
+Dennis Opacki
+dopacki@adotout.com
+
+
+What is DNS Flood Detector?  
+
+DNS Flood Detector was developed to detect abusive usage levels on high 
+traffic nameservers and to enable quick response to the use of one's 
+nameserver to facilitate spam. DNS Flood Detector is distributed under the 
+Gnu Public License (see included LICENSE file for details).
+
+How does it work?    
+
+DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor 
+incoming  dns queries to a nameserver. The tool may be run in one of two 
+modes, either  daemon mode or "bindsnap" mode. In daemon mode, the tool 
+will alarm via syslog. In bindsnap mode, the user is able to get 
+near-real-time stats on usage to aid in more detailed troubleshooting. 
+By default, it will count dns queries directed to any address in the same
+network as the primary IP address on the interface being watched; the -A,
+-M, and -Q options can be used to modify this behaviour.
+
+As of version 1.2, DNS Flood Detector can now send source IP request
+data to a network-based collector as JSON. This lets you gather near
+real-time information about who is using your DNS servers, and from
+where. I've included a sample application called dns_flood_collector.pl,
+which you can use to receive and report these data. The output of this
+program can be easily fed into a graphing tool, such as Caida's 
+plot-latlong:
+
+http://www.caida.org/tools/visualization/plot-latlong/
+
+How do I build it?
+
+Execute ./configure.pl to select the appropriate make target. Then simply
+type "make".
+
+Why was it written?  
+
+I wrote DNS Flood Detector because the fifty or so public recursive 
+nameservers I am responsible for were being abused by both customers and 
+non-customers. DNS Flood Detector allows for prompt action when anomalous 
+conditions are detected. 
+
+What do I need to use it?  
+
+You need libpcap and a little bit of patience.
+
+What platforms does it work on?
+
+Linux, BSDI, FreeBSD, Mac OSX, Solaris
+
+Will it run under Windows {95,98,NT,2000,XP,2003,2008 or Win7}?  
+
+Maybe. I haven't tried. If it doesn't, feel free to submit a fix. 
+
+What does it look like?  
+
+Usage: ./dns_flood_detector [OPTION]
+
+-i IFNAME              specify interface to listen on
+-t N                   alarm at >N queries per second
+-a N                   reset alarm after N seconds
+-w N                   calculate stats every N seconds
+-x N                   create N buckets
+-m N                   mark total query rate every N seconds
+-A addr                filter for specific address
+-M mask                netmask for filter (in conjunction with -A)
+-Q                     don't filter by local interface address
+-b                     run in foreground in bindsnap mode
+-d                     run in background in daemon mode
+-D	               dump dns packets (implies -b)
+-v                     verbose output - use again for more verbosity
+-s                     send source IP stats to collector as JSON
+-z N.N.N.N             address to send stats to (default 226.1.1.2)
+-p N                   UDP port to send stats to (default 2000)
+-h                     display this usage information
+
+Sample Output:
+
+dopacki:~$ sudo ./dns_flood_detector -v -v -b -t10
+[15:14:56] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] 
+[15:14:56] source [10.0.24.2] - 0 qps tcp : 15 qps udp [15 qps A] 
+[15:15:06] source [192.168.1.45] - 0 qps tcp : 24 qps udp [8 qps A] [16 qps PTR] 
+[15:15:06] source [10.0.24.2] - 0 qps tcp : 15 qps udp [14 qps A] 
+[15:15:16] source [192.168.1.45] - 0 qps tcp : 23 qps udp [7 qps A] [15 qps PTR] 
+
+What if I have questions?  
+
+You can e-mail me at dopacki@adotout.com 

configure.pl

@@ -0,0 +1,19 @@
+#!/usr/bin/perl
+
+use strict;
+
+my $os = shift;
+
+# get target listings
+opendir(MAKE_TARGETS,'./makefiles');
+my @targets = grep { /Makefile/ && -f './makefiles/'.$_ && s/^Makefile-// } readdir(MAKE_TARGETS);
+closedir(MAKE_TARGETS);
+
+# display usage
+unless ($os && grep{/$os/}@targets) {print<<EOF;exit(0)}
+usage: $0 {@targets}
+EOF
+
+# link appropriate target
+symlink './makefiles/Makefile-'.$os, 'Makefile';
+print "type make.\n";

dns_flood_collector.pl

@@ -0,0 +1,157 @@
+#!/usr/bin/perl
+
+use strict;
+use threads;
+use threads::shared;
+use Sys::Syslog;
+use Data::Dumper;
+use Getopt::Long;
+use POSIX;
+use IO::Socket::Multicast;
+use JSON;
+
+# Native Maxmind library - http://www.maxmind.com/download/geoip/api/perl/
+# requires: http://www.maxmind.com/app/c
+use Geo::IP;
+
+# set these to the same port and multicast (or unicast) address as the detector
+use constant GROUP => '226.1.1.2';
+use constant PORT  => '2000';
+
+my %ipc_source :shared;
+my %ipc_customer :shared;
+my $time_to_die :shared = 0;
+my $debug;
+my $foreground=0;
+
+# determines how often you want to aggregage and write-out stats dumps
+my $interval = 60;
+
+# you can get the binary format GeoLiteCity.dat from Maxmind
+# http://www.maxmind.com/app/geolitecity
+my $gi = Geo::IP->open("/usr/local/GeoLiteCity.dat",GEOIP_MEMORY_CACHE | GEOIP_CHECK_CACHE);
+
+# adjust this to the path where you want to keep the 
+sub PATH {'/tmp/'}
+
+$|=1;
+
+GetOptions(
+  "debug" => \$debug,
+  "foreground" => \$foreground,
+  "interval=s" => \$interval,
+);
+
+
+main();
+exit();
+
+sub main() {
+
+  # daemonize unless running in foreground
+  unless ($foreground){
+    daemonize();
+  }
+
+  # prepare data acquisition thread
+  threads->new(\&get_data);
+
+  while (! $time_to_die ) {
+
+    # record time started to help evenly space runs
+    my $start_run = time();
+    my $next_run = $start_run + $interval;
+
+    # de-serialize latest copy of source address structure
+    # execute this in a isolated scope so that lock goes out of scope
+    {
+      my $source_distance;
+
+      # lock data structure to prevent other thread from updating it
+      lock(%ipc_source); 
+
+      # open coordinates file for graph generation
+      open(CRDS, ">".PATH."/coords.txt.tmp");
+
+      # calculate great circle distance between each source IP and local POP
+      foreach my $key (keys %ipc_source) { 
+
+        eval {
+        my $r = $gi->record_by_addr($key);
+
+        # write raw entry to coordinates file             
+        print CRDS $key.",".$ipc_source{$key}.",".$r->latitude.",".$r->longitude."\n";
+        };
+        if ($@) {
+          print CRDS $key.",".$ipc_source{$key}.",0,0\n";
+        }
+      }
+
+      # close coordinate file
+      close CRDS;
+      system("mv ".PATH."/coords.txt.tmp ".PATH."/coords.txt");
+
+      # clean out structure for next sample period
+      %ipc_source = ();
+    }
+
+    # sleep to make the interval
+    while((my $time_left = ($next_run - time())) > 0) {
+      sleep($time_left);
+    }
+  }
+  threads->join();
+  return;
+}
+
+# fetch data from UDP multicast
+sub get_data() {
+
+  # set up our multicast listener
+  # note: this will receive unicast fine too
+  my $sock = IO::Socket::Multicast->new(LocalPort=>PORT,ReuseAddr=>1);
+  $sock->mcast_add(GROUP) || die "Couldn't set group: $!\n";
+
+
+  while (  ! $time_to_die  ) {
+    my $data;
+    next unless $sock->recv($data,1500);
+
+    # decode JSON
+    eval {
+      my $obj = decode_json $data;
+      print Dumper $obj;
+      foreach my $ip (keys %{$obj->{data}}) {
+        my $count = $obj->{data}->{$ip};
+        lock(%ipc_source);
+        $ipc_source{$ip}+=$count;
+      }
+    };
+
+  }
+
+  # done!
+  threads->exit();
+}
+
+# daemonize application
+sub daemonize {
+
+  chdir '/' or die "Can't chdir to /: $!";
+  open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
+  open STDOUT, '>/dev/null';
+
+  # fork and exit parent
+  my $pid = fork();
+  exit if $pid;
+  die "Couldn't fork: $!" unless defined ($pid);
+  POSIX::setsid() || die ("$0 can't start a new session: $!");        
+  open STDERR, '>&STDOUT' or die "Can't dup stdout: $!";
+  
+  # signal handlers
+  $SIG{KILL} = \&handler;
+}
+
+sub handler {
+  $time_to_die = 1;
+}

dns_flood_detector.h

@@ -0,0 +1,79 @@
+/******************************************************************************
+
+        Program: dns_flood_detector.h
+         Author: Dennis Opacki <dopacki@adotout.com>
+           Date: Tue Mar 18 16:46:53 EST 2003
+        Purpose: Monitor DNS servers for abusive usage levels
+                 and alarm to syslog
+
+    Copyright (C) 2003 Dennis Opacki
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*******************************************************************************/
+
+// definitions
+#ifndef ETHER_HDRLEN
+#define ETHER_HDRLEN 14
+#endif
+#define NS_MAXDNAME 1025
+#define MAXSYSLOG 192
+#define MAXMESSAGE 1200
+#define MAXDATALET 64
+#define MAXHEAD 300
+#define MAX_TIME_LEN 20
+#define DEFAULT_PORT 2000
+#define DEFAULT_IP "226.1.1.2"
+#define HOST_NAME_MAX 254
+
+// evil Solaris hack
+#ifdef __sun__
+typedef uint8_t u_int8_t;
+typedef uint16_t u_int16_t;
+typedef uint32_t u_int32_t;
+#endif
+
+// prototypes
+void handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet);
+int calculate_averages();
+int saddr_stats(int sock, struct sockaddr_in addr, char *hostname);
+int scour_bucket(int i);
+int find_bucket(struct in_addr *ip_src);
+int daemonize(void);
+int malloc_fail(char * var, int size);
+int microsleep(unsigned int usec);
+
+// data structures
+struct my_dns {
+        u_int16_t dns_id;           /* query identification number */
+        u_int8_t  dns_flags1;       /* first byte of flags */
+        u_int8_t  dns_flags2;       /* second byte of flags */
+        u_int16_t dns_qdcount;      /* number of question entries */
+        u_int16_t dns_ancount;      /* number of answer entries */
+        u_int16_t dns_nscount;      /* number of authority entries */
+        u_int16_t dns_arcount;      /* number of resource entries */
+};
+ 
+struct bucket {
+        struct in_addr ip_addr;
+        unsigned int tcp_count;
+        unsigned int udp_count;
+        unsigned int qps;
+	int qstats[256];
+        time_t first_packet;
+        time_t last_packet;
+        time_t alarm_set;
+};
+

dnsflood

@@ -0,0 +1,36 @@
+#! /bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+test -f /usr/local/sbin/dns_flood_detector || exit 0
+
+case "$1" in
+	start)
+		echo -n "Starting DNS flood detector: dns_flood_detector"
+  		start-stop-daemon --start --quiet --exec /usr/local/sbin/dns_flood_detector -- -d
+		echo "."
+  		;;
+	stop)
+		echo -n "Stopping DNS flood detector: dns_flood_detector"
+  		start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector
+		killall dns_flood_detector
+		echo "."
+  		;;
+	restart|force-reload)
+		echo -n "Restarting DNS flood detector: dns_flood_detector... "
+  		start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector
+  		sleep 2
+  		start-stop-daemon --stop --quiet --exec /usr/local/sbin/dns_flood_detector
+  		sleep 4
+		killall dns_flood_detector
+		sleep 2
+  		start-stop-daemon --start --quiet --exec /usr/local/sbin/dns_flood_detector -- -d
+		echo "done."
+  		;;
+	*)
+  		echo "Usage: /etc/init.d/dnsflood {start|stop|restart|force-reload}"
+  		exit 1
+		;;
+esac
+
+exit 0

makefiles/Makefile-BSDI

@@ -0,0 +1,13 @@
+CFLAGS+=-O -g
+LDLIBS=-lpcap -pthread -lm
+
+all: dns_flood_detector
+	strip dns_flood_detector
+clean:
+	rm -rf dns_flood_detector *.o *~
+install: 
+	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile
+
+dns_flood_detector: dns_flood_detector.c

makefiles/Makefile-FreeBSD

@@ -0,0 +1,13 @@
+CFLAGS+=-O -g
+LDLIBS=-lpcap -pthread -lm
+
+all: dns_flood_detector
+	strip dns_flood_detector
+clean:
+	rm -rf dns_flood_detector *.o *~
+install: 
+	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile
+
+dns_flood_detector: dns_flood_detector.c

makefiles/Makefile-Linux

@@ -0,0 +1,13 @@
+CFLAGS=-Wall -O -D_BSD_SOURCE -g
+LDLIBS=-lpcap -lpthread -lm
+
+all: dns_flood_detector
+	strip dns_flood_detector
+clean:
+	rm -rf dns_flood_detector *.o *~
+install: 
+	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile
+
+dns_flood_detector: dns_flood_detector.c

makefiles/Makefile-OSX

@@ -0,0 +1,13 @@
+CFLAGS+=-Wall -O -g -I/usr/local/include -I/usr/include
+LDLIBS=-lpcap -lpthread -lm
+
+all: dns_flood_detector
+	strip dns_flood_detector
+clean:
+	rm -rf dns_flood_detector *.o *~
+install: 
+	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile
+
+dns_flood_detector: dns_flood_detector.c

makefiles/Makefile-Solaris

@@ -0,0 +1,13 @@
+CFLAGS+=-O -g -I/usr/local/include -I/usr/include
+LDLIBS=-L/usr/local/lib -L/usr/lib -lpcap -lpthread -lm -lsocket -lnsl
+
+all: dns_flood_detector
+	strip dns_flood_detector
+clean:
+	rm -rf dns_flood_detector *.o *~
+install: 
+	cp dns_flood_detector /usr/local/sbin/
+distclean: clean
+	rm Makefile
+
+dns_flood_detector: dns_flood_detector.c