Anti ConnectToMe DDOS
 

Anti ConnectToMe DDOS

Started by PPK, 17 January, 2015, 16:14:46

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

PPK

This script is sending reaction to $MyNick received from user. This is usually used as ddos when bad user or bad hubowner sending connection request ($ConnectToMe) with address of hub that he want to attack.
Script is very simple and support on client side is needed. Actually it is supported in FlylinkDC++

Code: lua
function UnknownArrival(tUser, sData) 
	if sData:sub(1, 8) == "$MyNick " then
		Core.SendToUser(tUser, "$Error CTM2HUB|")
		Core.Disconnect(tUser)
	end
end


How this works. Description as i'm received it from Rolex.

Quote
HUB1      = exploited hub that allows to send fake CTM
HUB2      = attacked hub
HUB2.ADDR   = address of attacked hub

DC1      = a bot that sends bad CTM requests to HUB1
DC2      = regular user on HUB1

DC1   ->   HUB1   $ConnectToMe DC2 HUB2.ADDR|
HUB1   ->   DC2   $ConnectToMe DC2 HUB2.ADDR|

DC2 doesnt find HUB2.ADDR in his blacklist and continues to process CTM request

DC2   ->   HUB2   socket_connect(HUB2.ADDR) + $MyNick DC2|$Lock ABC|
HUB2   ->   DC2   $Error CTM2HUB|      (this is the part needed to be done by the hub)

DC2 adds HUB2.ADDR  in his blacklist and closes connection

DC1   ->   HUB1   $ConnectToMe DC2 HUB2.ADDR|
HUB1   ->   DC2   $ConnectToMe DC2 HUB2.ADDR|

DC2 finds HUB2.ADDR in blacklist and ignores CTM request
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

SMF spam blocked by CleanTalk