| Author | Message |
|---|
[-TE-]-RoLex
2009-08-09
18:12:35
|
| Quote | | Code: | <[-TE-]-Robot> A DDoS bot was detected with nick Kostya (89.237.60.130), attempting to crash it...
<[-TE-]-Robot> A DDoS bot was detected with nick Kostya (89.237.60.130), attempting to crash it... |
|
| Code: | *** Info on Kostya ***
Lock: EXTENDEDPROTOCOLABCABCABCABCABCABC
Pk: DCPLUSPLUS0.707ABCABC
Tag: <++ V:0.707,M:A,H:1/0/0,S:5>
Supports: MiniSlots XmlBZList ADCGet TTHL TTHF GetZBlock ZLIG
Status: Normal (1)
IP: 89.237.60.130
Description: 1
Connection: 5
Stated Share: 7,06 GiB (7 582 202 727 B) |
|
I've never seen a DDoS bot with user to user connection capability, there seems to be a mistake. What is this DDoS bot detection based on?
Thank you.
____________________
|
|
Vektor
2009-08-10
00:30:00
|
| Quote | | TEext verifies if a user sends the correct IP in $CTM and if a user sends more than 18 $CTM's with wrong IP in 1 second he/she/it is detected as DDoS bot. |
|
[-TE-]-RoLex
2009-08-10
00:33:10
|
| Quote | | 18! That user should definitely get killed it that case. Thank you for clarification.
____________________
']['ЂAMЂLiTЂ
|
|
Vektor
2009-08-10
00:37:50
|
| Quote | | During our tests in a hub with 2000+ users (that was Verlihub but now it is HeXHub, and it still is in default hublists of bots like supernova), we adjusted the maximum allowed $CTM rate from one user until no normal users were detected as DDoS bots and we found 18 as the best value. |
|
[-TE-]-RoLex
2009-08-10
01:10:12
|
| Quote | | I see. :-)
____________________
']['€AM€LiT€
|
|
[-TE-]-RoLex
2009-08-10
14:21:43
|
| Quote | I've been debugging everything, and it looks like those clients doesn't send 18 CTM's at all.
| Code: | [15:15:43] <[-TE-]-Robot> A DDoS bot was detected with nick [TT]shelter (89.250.2.141), attempting to crash it...
[15:16:42] <[-TE-]-Robot> A DDoS bot was detected with nick sausua (85.217.6.149), attempting to crash it... |
|
CTM debug:
| Code: | [14:58:44] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[14:58:58] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[14:59:44] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[14:59:59] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:00:45] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:01:02] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:01:45] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:02:04] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:02:45] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:03:06] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:03:45] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:04:10] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:04:46] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:05:12] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:06:15] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:07:18] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:08:21] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:08:40] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:09:25] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:09:41] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:10:27] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:10:41] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:11:30] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:11:41] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:12:32] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:12:41] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:13:34] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:13:42] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:14:37] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:14:42] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:15:39] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:15:43] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:16:10] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002
[15:16:42] sausua @ 85.217.6.149: $ConnectToMe [DSL]Jiun 85.217.5.199:2412
[15:17:11] [TT]shelter @ 89.250.2.141: $ConnectToMe ZenkaMarkovskij 10.81.0.65:16002 |
|
I can see 18 CTM's here but not in one second, so I still think there is a bug somewhere. :-(
____________________
']['€AM€LiT€
|
|
Vektor
2009-08-10
21:31:57
|
| Quote | | I posted here the settings required by DDoS bot detection feature. If you don't change settings in your hub according to what I posted, DDoS bot detection is impossible because the user gets kicked before TEext can count 18 $CTM's from him. TEext assumes you already have those settings. |
|
[-TE-]-RoLex
2009-08-11
01:17:31
|
| Quote | I see.
Is it possible to add a checkbox to disable DDoS bot detection? I guess those settings will affect other things and hub functionality, which is maybe not so good idea.
Thank you.
____________________
']['€AM€LiT€
|
|
Vektor
2009-08-11
01:21:22
|
| Quote | | The difference between TEext 7.02b and TEext 7.02a is that version 7.02b has this feature and 7.02a doesn't. Use version 7.02a if you don't want it. |
|
