[RELEASE] XOF - Your Denial of Service Guardian

[Bustanity]

Nothing to see here anymore --

 

[SomeAsianDude]

Interesting , what is this coded in?
Looks very complicated! Good job on this.

 

[MaxZeus]

Go learn what is 'null routing' first.

This terminology is a representation of when you adjust the routing of a determined IP to null.

For your information it can be only done via a router and by using BGP-4, this also means you must be an Anonymous System in order to do this, and must own your own IP Block.

"Null Routing" can be only done in your own network, and not via software. *Unless w/ BGP-4*

Fix the terminology, otherwise the users gonna be just confused about what you are trying to tell them about.

 

[jMerliN]

There's nothing you can do on your own box in software to stop a DDoS. A DoS, perhaps, if the side effect of a low-volume of traffic is a major disruption in service. DDoS attacks literally overwhelm your endpoint with traffic. Even if your endpoint disregards all of it, the pipe is constantly saturated with information so that data you want is constantly being dropped/retransmitted, which causes connection failures, extremely high latencies, and very low bandwidth over time.

The only way to reliably stop this is to have an ISP with sufficiently capable hardware kill the offending traffic on a backbone that's large enough to mostly disregard the attack as noise. If your ISP can't handle the volume, they will contact their ISP and so on until someone can actually do something about it.

 

[MaxZeus]

People still believe software can do miracles

 

[Bustanity]

Interesting , what is this coded in?

C#

Go learn what is 'null routing' first.

This terminology is a representation of when you adjust the routing of a determined IP to null.

For your information it can be only done via a router and by using BGP-4, this also means you must be an Anonymous System in order to do this, and must own your own IP Block.

"Null Routing" can be only done in your own network, and not via software. *Unless w/ BGP-4*

Fix the terminology, otherwise the users gonna be just confused about what you are trying to tell them about.

That is exactly what XOF does, using Window's "route" command.
For some reason with it you don't need to own your IP block.

How windows route command works?

route -p add <REMOTE ADDR> MASK <MASK> <ALT-IP>

In XOF it does this for example

route -p add 152.95.251.24 MASK 255.255.255.255 192.168.0.254

I don't know then about whether or not the command works with all Windows versions but I have tested it on Windows Server 2008, Windows XP.

XOF is basically just a "front end" for this command.

Hopefully this cleared things up and gave some faith :

 

[MaxZeus]

You don't know what are you speaking about, really.

 

[Bustanity]

You don't know what are you speaking about, really.

Either way, I agree that I don't have much knowledge of such, yet I do know that this software works. I am a programmer, not an computer networking expert.

 

[MaxZeus]

Either way, I agree that I don't have much knowledge of such, yet I do know that this software works. I am a programmer, not an computer networking expert.

This is why you don't know what are you speaking about, and why you are going in error again and again with your affirmation.

You could accomplish this, by properly learning the

You must be registered to see links

that exists in W2008+ and earlier versions, instead of just trying to make a 'framework' for a command you never learned what was it really meant for.

Anyways, good luck and nice effort with your project.

 

[DriftCity]

*cough* Hardware Firewall with automatic IP and Packet filter *cough*

 

[DoorBell]

but some people dos my server did not lag or do anything to it. so whats the use of it.just wonder.

 

[DriftCity]

but some people dos my server did not lag or do anything to it. so whats the use of it.just wonder.

Dos doesn't really matter, DDoS does.
I have like 5 diffrent people dosing me all day, but I have 1000mbit so it won't lagg, even with 100mbit it won't start lagging. Unless someone has fast internet and is packet spamming you.

 

[AngraMainyu]

Here's a fun little snippet:

for (int i = 0; i < (int)hostAddresses.Length; i++)
	{
		IPAddress pAddress = hostAddresses[i];
	}

Not sure what you were trying to achieve, but I don't recommend doing this again. .FirstOrDefault() should work fine, unless you're trying to get only the last address in which case there's a better way to do that too.

The main area of interest seems to be the .UpdateTable call, which is raised as an event every 3 seconds or so. Thing is, your 'XOF' doesn't do what it says on the tin, or anything like it. Blacklisted and suspicious addresses are added to their respective string collections but beyond that your program doesn't appear to do anything meaningful with blocked addresses, they just sit there. I'm also looking at the IP table data grid you have on your Form object -- nothing seems to get added anywhere in your code except for a single call to .AddRange in the form initializer and the table ends up getting cleared every time .UpdateTable executes.

Also, in your call to BlockAddress, you initialize two objects and a string that are never assigned.

I don't know if you named the variables yourself, but if you did and my decompiler isn't just filling in missing debug data, "strs," "strs2," "str1," and "str3" are all terrible names for variables.

Edit: Nothing ever gets blacklisted because all that happens in your program is basically the following:

for remoteCon in connections
    someList.add(remoteCon, 1)
    if someList[remoteCon] > 40 then blockAddress

You may notice than 1 is never > 40

 

[SomeAsianDude]

*cough* Hardware Firewall with automatic IP and Packet filter *cough*

Is this your way of saying, "DO NOT DOWNLOAD"?

 

[DriftCity]

Is this your way of saying, "DO NOT DOWNLOAD"?

It's my way of saying that programs do not solve ddos attacks, you can block some ip adresses so they cant connect anymore, but you cant stop ddos attacks with programs. A hardware firewall does. But sure you can download it not wrong with it.

 

[SomeAsianDude]

It's my way of saying that programs do not solve ddos attacks, you can block some ip adresses so they cant connect anymore, but you cant stop ddos attacks with programs. A hardware firewall does. But sure you can download it not wrong with it.

Ah, so I see. Based on what you've said, I don't think that would be necessary, thank you.