Author Topic: Anti ConnectToMe DDOS  (Read 2587 times)

0 Members and 1 Guest are viewing this topic.

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Anti ConnectToMe DDOS
« on: 17 January, 2015, 16:14:46 »
This script is sending reaction to $MyNick received from user. This is usually used as ddos when bad user or bad hubowner sending connection request ($ConnectToMe) with address of hub that he want to attack.
Script is very simple and support on client side is needed. Actually it is supported in FlylinkDC++

Code: Lua
  1. function UnknownArrival(tUser, sData)
  2.         if sData:sub(1, 8) == "$MyNick " then
  3.                 Core.SendToUser(tUser, "$Error CTM2HUB|")
  4.                 Core.Disconnect(tUser)
  5.         end
  6. end

How this works. Description as i'm received it from Rolex.

Quote
HUB1      = exploited hub that allows to send fake CTM
HUB2      = attacked hub
HUB2.ADDR   = address of attacked hub

DC1      = a bot that sends bad CTM requests to HUB1
DC2      = regular user on HUB1

DC1   ->   HUB1   $ConnectToMe DC2 HUB2.ADDR|
HUB1   ->   DC2   $ConnectToMe DC2 HUB2.ADDR|

DC2 doesnt find HUB2.ADDR in his blacklist and continues to process CTM request

DC2   ->   HUB2   socket_connect(HUB2.ADDR) + $MyNick DC2|$Lock ABC|
HUB2   ->   DC2   $Error CTM2HUB|      (this is the part needed to be done by the hub)

DC2 adds HUB2.ADDR  in his blacklist and closes connection

DC1   ->   HUB1   $ConnectToMe DC2 HUB2.ADDR|
HUB1   ->   DC2   $ConnectToMe DC2 HUB2.ADDR|

DC2 finds HUB2.ADDR in blacklist and ignores CTM request
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

PtokaX forum

Anti ConnectToMe DDOS
« on: 17 January, 2015, 16:14:46 »