Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Simple DoS mitigation framework

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 example
Octocat-spinner-32 .gitignore
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README.md
Octocat-spinner-32 aggregator.js
Octocat-spinner-32 proxy.js
README.md

NOTE: currently requires node-http-proxy 0.10.4 because a method I use was removed in 1.x

Presentation video from ToorCon San Diego

Link to SecTor 2013 Presentation

Slow/App DoS information and resources

(The documentation is sparse, will improve this next)

Dependencies:

npm install http-proxy@0.10.4
npm install uuid
npm install optimist

Optional:

npm install forever

Proxy

Usage:

/usr/bin/node ./proxy.js -o [loghost] -P [logport] -t [target_host] -p [target_port] -l [proxy_listen_port]

Options:
  -t  [required]
  -p  [required]
  -l  [required]
  -o  [default: "localhost"]
  -P  [default: 5555]

Aggregator

Usage:

/usr/bin/node ./aggregator.js  -l [listen_port]

Consumer datastream/commands

View events generated by the proxy:

echo -e "C\n" | ncat localhost 5555

Example output:

{"time":1379603264938,"type":"connect",
"host":"10.0.0.150"}

{"time":1379603264940,"type":"request",
"host":"10.0.0.150",
"url":"/changelog/","method":"GET",
"headers": (....),"uuid":
"f42095a1-3a4b-41fc-b005-46f504cde2a0"}

{"time":1379603263662,"type":"end",
"uuid":
"f42095a1-3a4b-41fc-b005-46f504cde2a0"}

Sending commands to proxy:

block 10.1.1.1|10000 Block 10.1.1.1 completely for 10 seconds
durl /kittens.jpg Add kittens.jpg to the disabled url list for greylisted hosts
grey 10.1.1.2|10000 Add 10.1.1.2 to greylist for 10 seconds
flush Clear blacklist

Bitdeli Badge

Something went wrong with that request. Please try again.