/***Protector Version 1.0 by: ev1lut10n A simple little tool to protect your server against tcp and udp flood i hope my friend don't mind to run this on his box requirement : netfilter !! ps: I figure out the weak point of ddos deflate rely on cron job where it will be run every minutes considering this cron based tool to run a ddos tool will possible bypass a ddos deflate which run every 60 seconds via cron ==cron based ddos== system("./your_ddos_tool &"); for(;;) sleep 50; system("killall your_ddos_tool"); sleep 15; system("./your_ddos_tool &"); ==== So instead of relying on cron this tool will do a random check time **/ #include #include #include #include #include #include #define I_DONT_HAVE_ACCESS "iptables -A INPUT -p tcp -s " #define BUT_I_M_TRYING_TO_HELP "iptables -A INPUT -p udp -s " #define WEW " -j DROP" #define JUMLAH_ABNORMAL_KONEKSI 100 #define RANGE_DETIK 10 int cek_privilege() { unsigned int uid,euid; uid=getuid(); euid=geteuid(); //jika uid dan euid bukan 0 , sploit berhenti di sini if(uid!=0 && euid!=0) { printf("[-] To run this, you need to be root !!\n"); exit(-1); } return 0; } void banner() { fprintf(stdout,"Simple TCP and UDP Flood Protection v.1 by ev1lut10n\n"); } /**string trim originally from HashBox with modification**/ char *trim(char *buffer, char *stripchars) { int i = 0; int flag; char *start = buffer; while(flag){ flag = 0; for (i = 0; i < strlen(stripchars); i++) { if (*start == stripchars[i]) { start++; flag = 1; break; } } } char *end = start + strlen(start) - 1; while(flag){ flag = 0; for (i = 0; i < strlen(stripchars); i++) { if (*end == stripchars[i]) { *end = '\0'; --end; flag = 1; break; } } } return start; } void cek_dalam_waktu_acak() { char *sampah1; char str[300]; char *sampah2; char perintah[256]=""; int jumlah_koneksi; char hadouken[300]; char *pecahan_string_strtok; char ip_yang_lagi_konek_konek_terus[17]; FILE *file_sementara_doang; FILE *perintah_pipa=popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n","r"); int elite=0; while(fgets(str,sizeof(str),perintah_pipa) != NULL) { int len = strlen(str)-1; if(str[len] == '\n') { str[len] = 0; } strcpy(hadouken,trim(str, " ")); //printf("|%s|\n",hadouken); pecahan_string_strtok = strtok (hadouken," "); while (pecahan_string_strtok != NULL) { if(elite==0) { jumlah_koneksi=atoi(pecahan_string_strtok); elite=1; //printf("\njumlah koneksi: [%d] - ",jumlah_koneksi); } else { sampah1=strstr(pecahan_string_strtok,"Address"); sampah2=strstr(pecahan_string_strtok,"ervers"); if(sampah1 || sampah2) { printf("\nCopyright by Ev1lut10n 2011 All Rights Reserved\n"); } else { strcpy(ip_yang_lagi_konek_konek_terus,pecahan_string_strtok); } //printf("Dari src ip addr: %s\n",ip_yang_lagi_konek_konek_terus); elite=0; } if(jumlah_koneksi > JUMLAH_ABNORMAL_KONEKSI) { /**block tcp conn from tis fucktard**/ if(strlen(ip_yang_lagi_konek_konek_terus) > 4) { strcat(perintah,I_DONT_HAVE_ACCESS); strcat(perintah,ip_yang_lagi_konek_konek_terus); strcat(perintah,WEW); printf("\nmax conn reached : %d - %s\n",jumlah_koneksi,perintah); system(perintah); strcpy(perintah,""); /**block udp conn from tis fucktard**/ strcat(perintah,BUT_I_M_TRYING_TO_HELP); strcat(perintah,ip_yang_lagi_konek_konek_terus); strcat(perintah,WEW); printf("\nmax conn reached : %d - %s\n",jumlah_koneksi,perintah); system(perintah); strcpy(perintah,""); } } pecahan_string_strtok = strtok (NULL, " "); } } pclose(perintah_pipa); } int main() { cek_privilege(); int acak,delay; if (fork() != 0) { exit(1); } for(;;) { cek_dalam_waktu_acak(); delay=random() % RANGE_DETIK; sleep (delay); } }