ddos.sh shell script question

hello - i realize this is not a forum for the ddos.sh but this forum is where the script was first suggested to me.

i keep getting emails like the following:

Banned the following ip addresses on Tue Jan 20 06:01:01 EST 2015

56 with 56 connections

i recently mentioned an issue of the age of the script which is quite a few years old. upon investigating, i think what may be happening is the script was written long before IP6 was introduced. when i look at the script, i see this is the heart of it:

 netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

and here is an example of what i see when i just run “netstat -ntu”:

tcp        0      0           ESTABLISHED
tcp        0     64           ESTABLISHED
tcp        0      0 ::ffff:     ::ffff:  TIME_WAIT
tcp        0      0 ::ffff:    ::ffff:    FIN_WAIT2

notice the ::ffff: ? the first “cut -d:” step cant seem to handle the IP6 stuff, which is causing the blank lines being emailed to me.

i am thinking a simple workaround might be to have something like my ol’ friend sed:

netstat -ntu | sed -e "s/::ffff://g;" |   .....

i wrote to the original author but never head back.

any thoughts?