reports ddos attack in HexHub
 

reports ddos attack in HexHub

Started by Aptem, 19 December, 2011, 21:42:55

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Aptem

Hi
who can make a script that will notify the administrator attempts to DDoS attacks, as it is implemented on HexHub  ???
Quote-[04:57:46]DDoS is detected, is collecting information about the attack ...
The attacker is exploiting the following hubs:
dc.net:634
dc2.net:411
-[04:59:07] <Hub-Security> Port: 411, the frequency of flooding: 4.45 connections / sec. (267.18 connections / min.), The number of different fixed ip 204, the most common country: CN = China
The attacker is exploiting the following hubs:
dc.net:634
dc.net:411
dc2.net

PPK

Imo is that reporting based on $MyNick commands, and that is possible to script for PtokaX. And when it is from newer clients then it is possible to report hubs too :P
<<  	$MyNick 123443211212|
<<  	$Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.777Ref=somehubaddress.com:411
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

PPK

Afaik in hexhub it is as part of firewall plug-in  ::)
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

PPK

Actually i don't want to add $MyNick to deflood, i'm using c->c connection as cheat to detect IPv4 connectivity for users who connect to hub using IPv6 ;D
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

PPK

Yes and if i remember correctly only when it is not $MyNick for IPv4 connection check  :P
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

PPK

Most common type of DDOS on Direct Connect is to join big unsecure hub and send $ConnectToMe nick target_hub_ip:port| to all users many times per minute. All clients make connection to target hub and cause many client->client connections, high badwith usage and in case of bad OS (windoze of course) and no protection is hub unreachable for normal users. This type of attack can be detected by $MyNick commands and in case of newer clients is easy from $Lock to get what hub causing that attack.
I'm used script detecting those $MyNick commands and blocking those IPs in firewall :P
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Aptem

I understand that the script you can not do this  ???
I know who the admin is a script for ptokax and reports about the attacks in opchate, but he can not share the script :'(

PPK

#7
Quote from: Mutor on 20 December, 2011, 04:04:32
As $MyNick is part of client
to client communication after CTM's are sent I don't see which Arrival would
receive that data in the hub.
UnknownArrival  ::) Because client->client connection is created to hub :P You can check yourself, simply send with script $ConnectToMe mynick myhubip:myhubport| ;)

function UnknownArrival(curUser, sData)
    if string.sub(sData, 1, 8) == "$MyNick " then
	Core.SendToNick("PPK", "<_@o'> string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
    end
--    return true
end
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Aptem

Quote$MyNick [RO][RDS-RCS][OTOPENI][ANDREI] from IP: 82.137.15.227
reports username and IP, and can more statistics, a hub, as HexHub  ???

Black-Dragon

function UnknownArrival(curUser, sData)
    if string.sub(sData, 1, 8) == "$MyNick " then
	Core.SendToNick("PPK", "<_@o'> string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
    end
--    return true
end


possibbile and get the message in the chat op?

Aptem


Black-Dragon

dos.lua:3: ')' expected near 'from' error  :-[

SaymoN


Aptem

Quote from: Black-Dragon on 22 December, 2011, 12:03:56
dos.lua:3: ')' expected near 'from' error  :-[
Core.SendToOpChat(SetMan.GetString(24), string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")

Aptem

#14
help.
how to make a show with a hub is an attack?  ???
P.S. script only for information and not to deal with DDoS attack

SMF spam blocked by CleanTalk