Hi
who can make a script that will notify the administrator attempts to DDoS attacks, as it is implemented on HexHub ???
Quote-[04:57:46]DDoS is detected, is collecting information about the attack ...
The attacker is exploiting the following hubs:
dc.net:634
dc2.net:411
-[04:59:07] <Hub-Security> Port: 411, the frequency of flooding: 4.45 connections / sec. (267.18 connections / min.), The number of different fixed ip 204, the most common country: CN = China
The attacker is exploiting the following hubs:
dc.net:634
dc.net:411
dc2.net
Imo is that reporting based on $MyNick commands, and that is possible to script for PtokaX. And when it is from newer clients then it is possible to report hubs too :P
<< $MyNick 123443211212|
<< $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.777Ref=somehubaddress.com:411
Afaik in hexhub it is as part of firewall plug-in ::)
Actually i don't want to add $MyNick to deflood, i'm using c->c connection as cheat to detect IPv4 connectivity for users who connect to hub using IPv6 ;D
Yes and if i remember correctly only when it is not $MyNick for IPv4 connection check :P
Most common type of DDOS on Direct Connect is to join big unsecure hub and send $ConnectToMe nick target_hub_ip:port| to all users many times per minute. All clients make connection to target hub and cause many client->client connections, high badwith usage and in case of bad OS (windoze of course) and no protection is hub unreachable for normal users. This type of attack can be detected by $MyNick commands and in case of newer clients is easy from $Lock to get what hub causing that attack.
I'm used script detecting those $MyNick commands and blocking those IPs in firewall :P
I understand that the script you can not do this ???
I know who the admin is a script for ptokax and reports about the attacks in opchate, but he can not share the script :'(
Quote from: Mutor on 20 December, 2011, 04:04:32
As $MyNick is part of client
to client communication after CTM's are sent I don't see which Arrival would
receive that data in the hub.
UnknownArrival ::) Because client->client connection is created to hub :P You can check yourself, simply send with script $ConnectToMe mynick myhubip:myhubport| ;)
function UnknownArrival(curUser, sData)
if string.sub(sData, 1, 8) == "$MyNick " then
Core.SendToNick("PPK", "<_@o'> string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
end
-- return true
end
Quote$MyNick [RO][RDS-RCS][OTOPENI][ANDREI] from IP: 82.137.15.227
reports username and IP, and can more statistics, a hub, as HexHub ???
function UnknownArrival(curUser, sData)
if string.sub(sData, 1, 8) == "$MyNick " then
Core.SendToNick("PPK", "<_@o'> string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
end
-- return true
end
possibbile and get the message in the chat op?
Core.SendToOpChat
dos.lua:3: ')' expected near 'from' error :-[
what in string 3?
Quote from: Black-Dragon on 22 December, 2011, 12:03:56
dos.lua:3: ')' expected near 'from' error :-[
Core.SendToOpChat(SetMan.GetString(24), string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
help.
how to make a show with a hub is an attack? ???
P.S. script only for information and not to deal with DDoS attack