This repository has been archived by the owner on Jun 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
attacks.js
156 lines (129 loc) · 4.69 KB
/
attacks.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
const express = require('express');
const httpProxy = require('http-proxy');
const { execSync } = require('child_process');
const fs = require('fs');
const net = require('net');
const dgram = require('dgram');
const http = require('http');
const url = require('url');
const MAX_CONNECTIONS_PER_IP = 100;
const CONNECTION_TIMEOUT = 60000;
const BLACKLIST_TIMEOUT = 300000;
const MAX_REQUESTS_PER_MINUTE = 100;
const LOG_FILE = 'logs.txt';
const connections = {};
const blacklist = {};
const requestCounts = {};
function addToBlacklist(ip) {
console.log(`Blacklisting IP address: ${ip}`);
blacklist[ip] = true;
setTimeout(() => {
console.log(`Removing IP address from blacklist: ${ip}`);
delete blacklist[ip];
}, BLACKLIST_TIMEOUT);
}
function logDDoSAttack(ip, pps) {
const logLine = `DDoS Attack Detected: IP ${ip} | Packets per second: ${pps}\n`;
fs.appendFile(LOG_FILE, logLine, (err) => {
if (err) {
console.error('Error writing to logs file:', err);
}
});
}
function handleIncomingData(socket, remoteAddress) {
let packetCount = 0;
let pps = 0;
const interval = setInterval(() => {
pps = packetCount;
packetCount = 0;
}, 1000);
socket.on('data', data => {
packetCount++;
console.log(`Received data from ${remoteAddress}: ${data}`);
});
socket.on('end', () => {
clearInterval(interval);
connections[remoteAddress]--;
console.log(`Connection closed with ${remoteAddress}`);
});
socket.on('error', err => {
clearInterval(interval);
console.error(`Error with connection from ${remoteAddress}: ${err.message}`);
connections[remoteAddress]--;
socket.destroy();
});
setInterval(() => {
if (pps > MAX_CONNECTIONS_PER_IP) {
console.log(`DDoS attack detected from ${remoteAddress}. Packets per second: ${pps}`);
logDDoSAttack(remoteAddress, pps);
addToBlacklist(remoteAddress);
clearInterval(interval);
socket.destroy();
}
}, 1000);
}
function applyFirewallRules(socket, remoteAddress) {
if (blacklist[remoteAddress]) {
console.log(`Rejected connection from blacklisted IP: ${remoteAddress}`);
socket.destroy();
return;
}
connections[remoteAddress] = (connections[remoteAddress] || 0) + 1;
socket.setTimeout(CONNECTION_TIMEOUT, () => {
connections[remoteAddress]--;
console.log(`Connection timeout for ${remoteAddress}`);
});
handleIncomingData(socket, remoteAddress);
}
const tcpServer = net.createServer(socket => {
const { remoteAddress } = socket;
console.log(`Incoming TCP connection from ${remoteAddress}`);
applyFirewallRules(socket, remoteAddress);
});
const udpServer = dgram.createSocket('udp4');
udpServer.on('error', (err) => {
console.error(`UDP server error:\n${err.stack}`);
udpServer.close();
});
udpServer.on('message', (msg, rinfo) => {
const remoteAddress = rinfo.address;
console.log(`Incoming UDP message from ${remoteAddress}`);
applyFirewallRules(udpServer, remoteAddress);
});
udpServer.on('listening', () => {
const address = udpServer.address();
console.log(`UDP server listening ${address.address}:${address.port}`);
});
udpServer.bind();
const PORT = 0;
tcpServer.listen(PORT, () => {
console.log(`TCP server is listening on all available ports`);
});
const app = express();
const proxy = httpProxy.createProxyServer({});
app.use((req, res, next) => {
const remoteAddress = req.connection.remoteAddress;
if (blacklist[remoteAddress]) {
res.status(403).send('Forbidden');
return;
}
const currentTime = Math.floor(Date.now() / 60000);
requestCounts[remoteAddress] = requestCounts[remoteAddress] || {};
requestCounts[remoteAddress][currentTime] = (requestCounts[remoteAddress][currentTime] || 0) + 1;
const requestCount = Object.values(requestCounts[remoteAddress]).reduce((a, b) => a + b, 0);
if (requestCount > MAX_REQUESTS_PER_MINUTE) {
console.log(`DDoS attack detected from ${remoteAddress}. Requests per minute: ${requestCount}`);
logDDoSAttack(remoteAddress, requestCount);
addToBlacklist(remoteAddress);
res.status(403).send('Forbidden');
} else {
next();
}
});
app.use((req, res) => {
const target = 'http://localhost';
proxy.web(req, res, { target: `${target}${req.url}` });
});
app.listen(5587, () => {
console.log('HTTP server with Layer 7 protection is listening on port 5587');
});