Giter Club home page Giter Club logo

d4c's Introduction

D4C

DNS DDoS Defence and Countermeasure.

d4c works as non-learning bridge and filter specified DNS packets that are suspected as DDoS traffic.

 % ./d4c 
 Usage of d4c
 	 * required options.
 	-r : Right interface name (netmap:ethX)
 	-l : Left interface name (netmap:ethY)
 
 	 * DNS filtering options.
 	-m : Filter suffix of DNS Query Name
 	-d : Destination prefixes of filtered DNS responses
 	-s : Source prefixes of NOT filtered DNS responses
 
 	 * misc.
 	-q : Max number of threads for interface
 	-e : Number of Rings of a vale port
 	-f : Daemon mode
 	-v : Verbose mode
 	-h : Print this help
  1. Drop DNS response packet from outer networks

DNS DDoS traffic is generated by open resolvers around the world. When assuming that "correct DNS responses are sent from correct resolver servers", DNS responses from resolver servers in outer own networks are fully incorrect.

So, d4c drop incorrect DNS response packets that match following conditions.

  • The packet is DNS response (QR flag is 1).
  • The packet is response from a resolver server (Authoritative flag is 0).
  • The destination address of packets is in the prefixes specified -d options.
  • The source address of packets is not in the prefixes specified -s options.

-d option helps that you can apply this filter for specified hosts and networks. Moreover, -s option allows that using resolver servers in outer own network such as Google Public DNS.

Example)

 sudo ./d4c -l netmap:p2p1 -r netmap:p2p2 -d 10.10.0.0/16 -d 172.16.0.0/16 -s 8.8.8.8/32

The filter is applied for the networks 10.10.0.0/16 and 172.16.0.0/16, and DNS response packets from Google DNS are allowed.

  1. Drop DNS query packet with specified QNAME

Query to generate DDoS traffic often contains striking QNAME. Dropping these query packets with striking QNAME helps reducing DDoS traffic. d4c provides a query filter function with QNAME suffix match. -m options specify QNAME as suffix.

Example)

 sudo ./d4c -l netmap:p2p1 -r netmap:p2p2 -m hogehoge.com -m hugahuga.com

All queries for .*hogehoge.com and .*hugahuga.com are dropped.

Filter rule 1 and 2 work independently. Specifying source/destination prefixes works only for rule 1.

Compile

d4c is a netmap application. netmap.ko and netmap driver for interfaces used by d4c must be installed in advance. In order to compile, netmap.h and netmap_user.h must be installed on /usr/include/net/.

d4c's People

Contributors

upa avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.