/***Protector Version 1.0
by: ev1lut10n
A simple little tool to protect your server against tcp and udp flood
i hope my friend don't mind to run this on his box
requirement : netfilter !!
ps:
I figure out the weak point of ddos deflate rely on cron job where it will be run every minutes
considering this cron based tool to run a ddos tool will possible bypass a ddos deflate which run every 60 seconds via cron
==cron based ddos==
system("./your_ddos_tool &");
for(;;)
sleep 50;
system("killall your_ddos_tool");
sleep 15;
system("./your_ddos_tool &");
====
So instead of relying on cron this tool will do a random check time
**/
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#define I_DONT_HAVE_ACCESS "iptables -A INPUT -p tcp -s "
#define BUT_I_M_TRYING_TO_HELP "iptables -A INPUT -p udp -s "
#define WEW " -j DROP"
#define JUMLAH_ABNORMAL_KONEKSI 100
#define RANGE_DETIK 10
int cek_privilege()
{
unsigned int uid,euid;
uid=getuid();
euid=geteuid();
//jika uid dan euid bukan 0 , sploit berhenti di sini
if(uid!=0 && euid!=0)
{
printf("[-] To run this, you need to be root !!\n");
exit(-1);
}
return 0;
}
void banner()
{
fprintf(stdout,"Simple TCP and UDP Flood Protection v.1 by ev1lut10n\n");
}
/**string trim originally from HashBox with modification**/
char *trim(char *buffer, char *stripchars)
{
int i = 0;
int flag;
char *start = buffer;
while(flag){
flag = 0;
for (i = 0; i < strlen(stripchars); i++) {
if (*start == stripchars[i]) {
start++;
flag = 1;
break;
}
}
}
char *end = start + strlen(start) - 1;
while(flag){
flag = 0;
for (i = 0; i < strlen(stripchars); i++) {
if (*end == stripchars[i]) {
*end = '\0';
--end;
flag = 1;
break;
}
}
}
return start;
}
void cek_dalam_waktu_acak()
{
char *sampah1;
char str[300];
char *sampah2;
char perintah[256]="";
int jumlah_koneksi;
char hadouken[300];
char *pecahan_string_strtok;
char ip_yang_lagi_konek_konek_terus[17];
FILE *file_sementara_doang;
FILE *perintah_pipa=popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n","r");
int elite=0;
while(fgets(str,sizeof(str),perintah_pipa) != NULL)
{
int len = strlen(str)-1;
if(str[len] == '\n')
{
str[len] = 0;
}
strcpy(hadouken,trim(str, " "));
//printf("|%s|\n",hadouken);
pecahan_string_strtok = strtok (hadouken," ");
while (pecahan_string_strtok != NULL)
{
if(elite==0)
{
jumlah_koneksi=atoi(pecahan_string_strtok);
elite=1;
//printf("\njumlah koneksi: [%d] - ",jumlah_koneksi);
}
else
{
sampah1=strstr(pecahan_string_strtok,"Address");
sampah2=strstr(pecahan_string_strtok,"ervers");
if(sampah1 || sampah2)
{
printf("\nCopyright by Ev1lut10n 2011 All Rights Reserved\n");
}
else
{
strcpy(ip_yang_lagi_konek_konek_terus,pecahan_string_strtok);
}
//printf("Dari src ip addr: %s\n",ip_yang_lagi_konek_konek_terus);
elite=0;
}
if(jumlah_koneksi > JUMLAH_ABNORMAL_KONEKSI)
{
/**block tcp conn from tis fucktard**/
if(strlen(ip_yang_lagi_konek_konek_terus) > 4)
{
strcat(perintah,I_DONT_HAVE_ACCESS);
strcat(perintah,ip_yang_lagi_konek_konek_terus);
strcat(perintah,WEW);
printf("\nmax conn reached : %d - %s\n",jumlah_koneksi,perintah);
system(perintah);
strcpy(perintah,"");
/**block udp conn from tis fucktard**/
strcat(perintah,BUT_I_M_TRYING_TO_HELP);
strcat(perintah,ip_yang_lagi_konek_konek_terus);
strcat(perintah,WEW);
printf("\nmax conn reached : %d -
%s\n",jumlah_koneksi,perintah);
system(perintah);
strcpy(perintah,"");
}
}
pecahan_string_strtok = strtok (NULL, " ");
}
}
pclose(perintah_pipa);
}
int main()
{
cek_privilege();
int acak,delay;
if (fork() != 0)
{
exit(1);
}
for(;;)
{
cek_dalam_waktu_acak();
delay=random() % RANGE_DETIK;
sleep (delay);
}
}