Author Topic: reports ddos attack in HexHub  (Read 3577 times)

0 Members and 1 Guest are viewing this topic.

Offline Aptem

  • Member
  • ***
  • Posts: 25
  • Karma: +1/-1
reports ddos attack in HexHub
« on: 19 December, 2011, 21:42:55 »
Hi
who can make a script that will notify the administrator attempts to DDoS attacks, as it is implemented on HexHub  ???
Quote
-[04:57:46]DDoS is detected, is collecting information about the attack ...
The attacker is exploiting the following hubs:
dc.net:634
dc2.net:411
-[04:59:07] <Hub-Security> Port: 411, the frequency of flooding: 4.45 connections / sec. (267.18 connections / min.), The number of different fixed ip 204, the most common country: CN = China
The attacker is exploiting the following hubs:
dc.net:634
dc.net:411
dc2.net
« Last Edit: 19 December, 2011, 22:10:09 by Aptem »

PtokaX forum

reports ddos attack in HexHub
« on: 19 December, 2011, 21:42:55 »

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: reports ddos attack in HexHub
« Reply #1 on: 19 December, 2011, 23:29:23 »
Imo is that reporting based on $MyNick commands, and that is possible to script for PtokaX. And when it is from newer clients then it is possible to report hubs too :P
Code: [Select]
<<  $MyNick 123443211212|
<<  $Lock EXTENDEDPROTOCOLABCABCABCABCABCABC Pk=DCPLUSPLUS0.777Ref=somehubaddress.com:411
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: reports ddos attack in HexHub
« Reply #2 on: 20 December, 2011, 01:00:34 »
Afaik in hexhub it is as part of firewall plug-in  ::)
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: reports ddos attack in HexHub
« Reply #3 on: 20 December, 2011, 01:34:42 »
Actually i don't want to add $MyNick to deflood, i'm using c->c connection as cheat to detect IPv4 connectivity for users who connect to hub using IPv6 ;D
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: reports ddos attack in HexHub
« Reply #4 on: 20 December, 2011, 02:07:53 »
Yes and if i remember correctly only when it is not $MyNick for IPv4 connection check  :P
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: reports ddos attack in HexHub
« Reply #5 on: 20 December, 2011, 02:55:11 »
Most common type of DDOS on Direct Connect is to join big unsecure hub and send $ConnectToMe nick target_hub_ip:port| to all users many times per minute. All clients make connection to target hub and cause many client->client connections, high badwith usage and in case of bad OS (windoze of course) and no protection is hub unreachable for normal users. This type of attack can be detected by $MyNick commands and in case of newer clients is easy from $Lock to get what hub causing that attack.
I'm used script detecting those $MyNick commands and blocking those IPs in firewall :P
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline Aptem

  • Member
  • ***
  • Posts: 25
  • Karma: +1/-1
Re: reports ddos attack in HexHub
« Reply #6 on: 20 December, 2011, 05:19:58 »
I understand that the script you can not do this  ???
I know who the admin is a script for ptokax and reports about the attacks in opchate, but he can not share the script :'(

Offline PPK

  • Administrator
  • Emperor
  • *****
  • Posts: 1 478
  • Karma: +209/-22
  • PtokaX developer
Re: reports ddos attack in HexHub
« Reply #7 on: 20 December, 2011, 13:04:40 »
As $MyNick is part of client
to client communication after CTM's are sent I don't see which Arrival would
receive that data in the hub.
UnknownArrival  ::) Because client->client connection is created to hub :P You can check yourself, simply send with script $ConnectToMe mynick myhubip:myhubport| ;)

Code: [Select]
function UnknownArrival(curUser, sData)
    if string.sub(sData, 1, 8) == "$MyNick " then
Core.SendToNick("PPK", "<_@o'> string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
    end
--    return true
end
« Last Edit: 20 December, 2011, 13:09:37 by PPK »
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

Offline Aptem

  • Member
  • ***
  • Posts: 25
  • Karma: +1/-1
Re: reports ddos attack in HexHub
« Reply #8 on: 20 December, 2011, 14:01:15 »
Quote
$MyNick [RO][RDS-RCS][OTOPENI][ANDREI] from IP: 82.137.15.227
reports username and IP, and can more statistics, a hub, as HexHub  ???

Offline Black-Dragon

  • Member
  • ***
  • Posts: 47
  • Karma: +0/-7
Re: reports ddos attack in HexHub
« Reply #9 on: 21 December, 2011, 23:00:23 »
Code: [Select]
function UnknownArrival(curUser, sData)
    if string.sub(sData, 1, 8) == "$MyNick " then
Core.SendToNick("PPK", "<_@o'> string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")
    end
--    return true
end

possibbile and get the message in the chat op?

Offline Aptem

  • Member
  • ***
  • Posts: 25
  • Karma: +1/-1
Re: reports ddos attack in HexHub
« Reply #10 on: 22 December, 2011, 07:54:44 »
Core.SendToOpChat

Offline Black-Dragon

  • Member
  • ***
  • Posts: 47
  • Karma: +0/-7
Re: reports ddos attack in HexHub
« Reply #11 on: 22 December, 2011, 12:03:56 »
dos.lua:3: ')' expected near 'from' error  :-[

Offline SaymoN

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-5
Re: reports ddos attack in HexHub
« Reply #12 on: 22 December, 2011, 15:19:03 »
what in string 3?

Offline Aptem

  • Member
  • ***
  • Posts: 25
  • Karma: +1/-1
Re: reports ddos attack in HexHub
« Reply #13 on: 23 December, 2011, 12:42:17 »
dos.lua:3: ')' expected near 'from' error  :-[
Core.SendToOpChat(SetMan.GetString(24), string.sub(sData, 1, -2).." from IP: "..curUser.sIP.."|")

Offline Aptem

  • Member
  • ***
  • Posts: 25
  • Karma: +1/-1
Re: reports ddos attack in HexHub
« Reply #14 on: 26 December, 2011, 13:12:08 »
help.
how to make a show with a hub is an attack?  ???
P.S. script only for information and not to deal with DDoS attack
« Last Edit: 28 December, 2011, 11:39:46 by Aptem »

PtokaX forum

Re: reports ddos attack in HexHub
« Reply #14 on: 26 December, 2011, 13:12:08 »