Raised This Month: $12 Target: $400
 3% 

[Linux] Source Query Proxy: DDoS Protection - Kernel redirection!


Post New Thread Reply   
 
Thread Tools Display Modes
xy9860
Junior Member
Join Date: Dec 2019
Old 01-08-2020 , 13:59   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #51

oh,I knew. I must run server first. but when I stop server it also show this error.
xy9860 is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-10-2020 , 05:23   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #52

Yea, it's a bug. I will fix it.
You can workaround it by cutting-off "server_transport_lifetime" option.

But in that case you should restart daemon each ~15 min. It's actual for CS:GO. For L4D2 you can leave it running
__________________

Last edited by spumer; 01-10-2020 at 05:25.
spumer is offline
misdocumeno
Junior Member
Join Date: Jan 2019
Old 01-23-2020 , 17:50   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #53

i dont know almost anything about linux, i only use it for game servers, so its being a hell to install this for me, and i have a lot of questions

first of all, i dont fully understand how it works, it detects possible DoS attacks and redirects them to a proxy before they can reach the srcds, so it doesnt get overloaded? the proxy would be like some kind of "trash can" of unwanted requests/packets/whatever? then i have to install SourceQueryCacheMono to be the trash can? how do i install it?

i tried to install it on ubuntu 18.04. kernel version 5.0.0-1028-gcp (i dont know if you need more info, ask for it if you need it):

i used "sudo apt-get install linux-headers-5.0.0-1028-gcp" and i got this (i guess its okay?)

Quote:
linux-headers-5.0.0-1028-gcp is already the newest version (5.0.0-1028.29~18.04.1).
The following packages were automatically installed and are no longer required:
grub-pc-bin libnuma1
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
then "sudo apt-get install gcc -y && sudo apt-get install make -y", i went to the poc folder, and "make", i got this
Quote:
make -C /lib/modules/`uname -r`/build M=$PWD modules
make[1]: Entering directory '/usr/src/linux-headers-5.0.0-1028-gcp'
CC [M] /home/brasil-dos-test/poc/poc.o
/home/brasil-dos-test/poc/poc.c: In function ‘init_module’:
/home/brasil-dos-test/poc/poc.c:200:2: error: implicit declaration of function ‘nf_register_hook’; did you mean ‘nf_register_net_hook’? [-Werror=implicit-function-declaration]
nf_register_hook(&pre_hook);
^~~~~~~~~~~~~~~~
nf_register_net_hook
/home/brasil-dos-test/poc/poc.c: In function ‘cleanup_module’:
/home/brasil-dos-test/poc/poc.c:215:2: error: implicit declaration of function ‘nf_unregister_hook’; did you mean ‘nf_unregister_net_hook’? [-Werror=implicit-function-declaration]
nf_unregister_hook(&pre_hook);
^~~~~~~~~~~~~~~~~~
nf_unregister_net_hook
cc1: some warnings being treated as errors
scripts/Makefile.build:291: recipe for target '/home/brasil-dos-test/poc/poc.o' failed
make[2]: *** [/home/brasil-dos-test/poc/poc.o] Error 1
Makefile:1614: recipe for target '_module_/home/brasil-dos-test/poc' failed
make[1]: *** [_module_/home/brasil-dos-test/poc] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-5.0.0-1028-gcp'
Makefile:8: recipe for target 'default' failed
make: *** [default] Error 2
so, as i got an error, i went to your github repository and i did what you say there
Quote:
sudo apt install dkms
sudo cp -R ./src /usr/src/sqproxy_redirect-1.0

Creating symlink /var/lib/dkms/sqproxy_redirect/1.0/source ->
/usr/src/sqproxy_redirect-1.0

DKMS: add completed.

sudo dkms add -m sqproxy_redirect -v 1.0

Kernel preparation unnecessary for this kernel. Skipping...

Building module:
cleaning build area...
make -j1 KERNELRELEASE=5.0.0-1028-gcp...
Signing module:
Generating a new Secure Boot signing key:
Can't load /var/lib/shim-signed/mok/.rnd into RNG
140251086410176:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/var/lib/shim-signed/mok/.rnd
Generating a RSA private key
.+++++
............................................. ..............+++++
writing new private key to '/var/lib/shim-signed/mok/MOK.priv'
-----
- /var/lib/dkms/sqproxy_redirect/1.0/5.0.0-1028-gcp/x86_64/module/sqproxy_redirect.ko
EFI variables are not supported on this system
/sys/firmware/efi/efivars not found, aborting.
cleaning build area...

DKMS: build completed.

sudo dkms install -m sqproxy_redirect -v 1.0

sqproxy_redirect:
Running module version sanity check.
- Original module
- No original module exists within this kernel
- Installation
- Installing to /lib/modules/5.0.0-1028-gcp/updates/dkms/

depmod...

DKMS: install completed.
but then i dont know what else to do, i dont know how to test it, i dont know if installing it with DKMS builds poc.ko too, if so, i dont know where is it, i dont know if it has to be loaded manually, basically im stuck

Last edited by misdocumeno; 01-23-2020 at 17:52.
misdocumeno is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-28-2020 , 08:59   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #54

misdocumeno, i think you don't read previous posts. Please re-read them.

You should not use it cause it's method deprecated: https://forums.alliedmods.net/showpo...7&postcount=47

I'm still rewriting codebase.

And answers to your questions is:

Q: how it works? it detects possible DoS attacks and redirects them to a proxy before they can reach the srcds, so it doesnt get overloaded?
A: No any auto-detection. Redirect and respond from cache for predefined packets types. It's can be used for A2S Flood Attack (when server spammed by info queries).
Now redirected only: A2S_INFO/A2S_PLAYERS/A2S_RULES: https://developer.valvesoftware.com/wiki/Server_queries

Q: SourceQueryCacheMono? I'm stuck ( i dont know what else to do, i dont know how to test it, i dont know if installing it with DKMS builds poc.ko too, if so, i dont know where is it, i dont know if it has to be loaded manually, basically im stuck)
A: Wait for new release. It will be fully automated. In the end you will be needed install 2 packets to your system and run. Other things will be configured automatically.
__________________
spumer is offline
misdocumeno
Junior Member
Join Date: Jan 2019
Old 02-04-2020 , 08:59   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #55

great, when do you think it will be ready? ill follow you on github, i guess you'll make a repository when its done, i hope to see it, i'd really appreciate it if you pm me on discord, mis#0279
misdocumeno is offline
spumer
Senior Member
Join Date: Aug 2011
Old 02-04-2020 , 09:23   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #56

Quote:
Originally Posted by misdocumeno View Post
great, when do you think it will be ready? ill follow you on github, i guess you'll make a repository when its done, i hope to see it, i'd really appreciate it if you pm me on discord, mis#0279
Updates will be pushed to existing repo: https://github.com/spumer/source-query-proxy
__________________
spumer is offline
spumer
Senior Member
Join Date: Aug 2011
Old 03-16-2020 , 10:14   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #57

I release first version of sqproxy (source query proxy).
First post updated. We still not have detailed documentation, any helps in that will be helpful
__________________
spumer is offline
insanedude
Member
Join Date: Mar 2009
Old 03-26-2020 , 16:46   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #58

The eBPF links do not work here -> https://github.com/spumer/source-query-proxy
insanedude is offline
spumer
Senior Member
Join Date: Aug 2011
Old 03-27-2020 , 15:13   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #59

Quote:
Originally Posted by insanedude View Post
The eBPF links do not work here -> https://github.com/spumer/source-query-proxy
Got it! Fixed.
__________________
spumer is offline
insanedude
Member
Join Date: Mar 2009
Old 03-29-2020 , 17:10   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #60

Thanks.
Waiting for some documentation as I'm struggling to make it work.

Python 3.7 (pip 18.1) installed. However, /etc/sqproxy doesn't exist. I'd assume we need to manually create it.
That's fine. Created those.
I saw this setting in the yaml file:

Code:
"# Automatically run eBPF redirection
  executable: 'python2'"
But why, since the requirement is "Python 3.7 or above"?
Do any additional changes need to be done on those files, except the IP binds and ports?

For example, does "network" within the dummy-game need to be configured?

On the "eBPF" part, I don't quite get the first point. Which should the target directory be? Can you give an example please?

PS. Running this on a test VM.. so i can break stuff and do some additional testing if needed
insanedude is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 15:41.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode