Raised This Month: $7 Target: $400
 1% 

[Linux] Source Query Proxy: DDoS Protection - Kernel redirection!


Post New Thread Reply   
 
Thread Tools Display Modes
asdfxD
Veteran Member
Join Date: Apr 2011
Old 01-26-2018 , 04:44   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #21

Quote:
Originally Posted by spumer View Post
Kernel module just for redirect traffic. Handling and responding to clients must done by other software.
You can found an example on the first page of this thread.
so i need sourcequerycachemono too for getting the servers visible again? okay thanks

edit: still not responding on server browser.

poc module is loaded
sqc successfully build on same host

command: mono QueryCache.exe 27915 myip 27015


Last edited by asdfxD; 01-26-2018 at 11:30.
asdfxD is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-30-2018 , 11:48   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #22

Quote:
Originally Posted by asdfxD View Post
so i need sourcequerycachemono too for getting the servers visible again? okay thanks

edit: still not responding on server browser.

poc module is loaded
sqc successfully build on same host
Check first post, it's updated:
  • Fix UDP checksum calculation in module (new version uploaded)
  • Added "Troubleshooting" section
__________________

Last edited by spumer; 01-30-2018 at 11:48.
spumer is offline
asdfxD
Veteran Member
Join Date: Apr 2011
Old 02-06-2018 , 04:58   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #23

Quote:
Originally Posted by spumer View Post
Check first post, it's updated:
  • Fix UDP checksum calculation in module (new version uploaded)
  • Added "Troubleshooting" section
thanks now it works fine & server is visible.


11 info queries and 0 other queries in last 10 seconds
10 info queries and 0 other queries in last 10 seconds
11 info queries and 0 other queries in last 10 seconds
11 info queries and 0 other queries in last 10 seconds
10 info queries and 0 other queries in last 10 seconds
11 info queries and 0 other queries in last 10 seconds
10 info queries and 0 other queries in last 10 seconds
11 info queries and 0 other queries in last 10 seconds
10 info queries and 0 other queries in last 10 seconds
11 info queries and 0 other queries in last 10 seconds

run querycache in screen.

Last edited by asdfxD; 02-06-2018 at 05:06.
asdfxD is offline
asdfxD
Veteran Member
Join Date: Apr 2011
Old 02-06-2018 , 12:55   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #24

why i get always this error?

PHP Code:
CC [M]  /home/poc/poc.o
/home/poc/poc.cIn function ‘init_module’:
/home/poc/poc.c:200:2errorimplicit declaration of function ‘nf_register_hook’ [-Werror=implicit-function-declaration]
  
nf_register_hook(&pre_hook);
  ^
/
home/poc/poc.cIn function ‘cleanup_module’:
/home/poc/poc.c:215:2errorimplicit declaration of function ‘nf_unregister_hook’ [-Werror=implicit-function-declaration]
  
nf_unregister_hook(&pre_hook);
  ^ 
i have this:

/boot/config-4.15.0:CONFIG_NETFILTER=y
/boot/config-4.15.0:CONFIG_NETFILTER_ADVANCED=y

what else is needed???

edit: just found out that global hooks nf_register_hook where removed in Kernel 4.13.x and newer kernels.. so back to 4.12 which works their.

Last edited by asdfxD; 03-05-2018 at 00:50.
asdfxD is offline
spumer
Senior Member
Join Date: Aug 2011
Old 02-06-2018 , 13:37   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #25

Yea, starting from 4.13 we should use nf_register_net_hook function.
I will support it, may be later.
__________________
spumer is offline
ish12321
Veteran Member
Join Date: May 2016
Old 04-13-2018 , 18:21   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #26

Quote:
Originally Posted by spumer View Post
Yea, starting from 4.13 we should use nf_register_net_hook function.
I will support it, may be later.
Could you support it now ,please sir.
__________________
['O|s|G'] | Death Wins a.k.a Ish Chhabra was here
ish12321 is offline
nixonkat
Member
Join Date: Nov 2016
Location: Turkey
Old 09-18-2018 , 14:33   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #27

Found an issue!
So, our server has DDoS protection, and it takes about 5 seconds to kick in.

In those 5 seconds, if someone hits with CHARGEN DDoS towards the server port, the actual dedicated server will reboot with Full_conntrack.

Until now, no IPtables rules has fixed this for me.
nixonkat is offline
spumer
Senior Member
Join Date: Aug 2011
Old 09-21-2018 , 02:50   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #28

You can modify module to drop CHARGEN packets. Drop will be handled before conntrack table. And overflow will be prevented.

Can you create dump of you traffic with CHARGEN DDoS attack and send me to PM?
__________________
spumer is offline
Xbonnik
New Member
Join Date: Dec 2012
Old 09-27-2018 , 18:33   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #29

Quote:
Originally Posted by spumer View Post
Yea, starting from 4.13 we should use nf_register_net_hook function.
I will support it, may be later.
Any ETA when you will support this?
Xbonnik is offline
spumer
Senior Member
Join Date: Aug 2011
Old 09-28-2018 , 13:18   Re: [Linux] [PoC] DDoS Protection - Kernel redirection!
Reply With Quote #30

Quote:
Originally Posted by Xbonnik View Post
Any ETA when you will support this?
To 6.10.18

I will publish it on github and update
__________________
spumer is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:53.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode