GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fnzv → phalanx

fnzv / phalanx

Licence: GPL-3.0 license
DDos detection and mitigation system written in Go (Experimental)

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects

Labels

ddos-detectionnetflow-v9ddos-protection

Projects that are alternatives of or similar to phalanx

Analysis-of-DDoS-Attacks-in-SDN-Environments
Analysis of DDoS attack in SDN Environments using miniedit and pox controller
Stars: ✭ 39 (+18.18%)
Mutual labels:  ddos-detection
PoW-Shield
Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
Stars: ✭ 99 (+200%)
Mutual labels:  ddos-protection
mCaptcha
A no-nonsense CAPTCHA system with seamless UX | Backend component
Stars: ✭ 473 (+1333.33%)
Mutual labels:  ddos-protection
packet-captures
packet captures of real-world ddos attacks
Stars: ✭ 87 (+163.64%)
Mutual labels:  ddos-protection
DDOS Detection
ddos attack detector using ML Algorithms
Stars: ✭ 38 (+15.15%)
Mutual labels:  ddos-protection
Anti-DDOS-Script
Anti DDOS Protection that will stop DDOS from taking down your Linux Server
Stars: ✭ 51 (+54.55%)
Mutual labels:  ddos-protection
ddos-mitigation
Tips to mitigate and secure your large-scale server against DDoS attacks.
Stars: ✭ 58 (+75.76%)
Mutual labels:  ddos-detection
flowanalyzer
Manito Networks Flow Analyzer
Stars: ✭ 42 (+27.27%)
Mutual labels:  netflow-v9
palantir
🔮 HTTP REST API reverse proxy
Stars: ✭ 21 (-36.36%)
Mutual labels:  ddos-protection
RealIP
The Spigot, Bungee and Velocity plugin that parses client IP addresses passed from the TCPShield network.
Stars: ✭ 121 (+266.67%)
Mutual labels:  ddos-protection
anti-ddos-lite
Anti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attack.
Stars: ✭ 96 (+190.91%)
Mutual labels:  ddos-protection
Exabgp
The BGP swiss army knife of networking
Stars: ✭ 1,713 (+5090.91%)
Mutual labels:  ddos-protection
epiphany
A pre-DDoS security assessment tool
Stars: ✭ 106 (+221.21%)
Mutual labels:  ddos-protection

phalanx

DDos dedection and mitigation system written in Go (Experimental)

Project components:

  • collectord
  • detectord
  • viewer

  1. collectord is the daemon responsible to collect Netflow or Pcap data and forward it to Redis for post-analysis.
    When configured on "host-based" mode the collector will gather data from an attached interface (via libpcap.. don't use it on high traffic rates) and send all the occurencies of an IP address to Redis
    (Example 100 requests from 8.8.8.8 --> will create on redis 8.8.8.8 --> 100 ).
    If Netflow is configured the collector will read all the netflow v9 records from port 0.0.0.0:9995 and send them into redis with the same logic but this time we take note also of Packets and Bytes sent by the IP address.
    An Influx output can be configured to collect Netflow data such as network Throughput,Packets,Requests. (If empty the collector won't do nothing)

  2. detectord reads all the collected data from Redis and apply the thresholds defined in the configuration file (detector.conf). Bans can result into ipset rules added into the current host or trigger a bash script to launch remote commands/tools (ssh into machine, shutoff, bgp announce)

  3. viewer is a client that reads current information from redis and prints it on screen (current bans, packets and bytes if netflow is enabled)

Requirements:

- All golang deps & golang
- sudo apt-get install libpcap0.8-dev
- redis-server
- (optional) influxdb and grafana for dashboarding https://grafana.com/dashboards/4208

Install

  • Git clone project into the machine
  • Get all deps with: go get -d ./...
  • Edit config files under conf/ (Example.. choose between host-based or netflow..thresholds.. on both conf files)
  • Build time!! go build detectord.go && go build collectord.go && go build viewer.go
  • Start the services: ./service start and to stop them ./service stop or kill processes via killall collectord && killall detectord

Scenarios

  • Host-based: Install Phalanx on Front-End machine that distribute traffic to a few web servers of a constant targeted site by Applicative DDoS attacks (Reaching maximum Apache workers or php fpm processes) from bots or crawlers (Add to whitelist all customers and "clean" IPs) then let Phalanx ban via configured thresholds.

  • Netflow: Get Netflow traffic from router or a configured linux box (An easy way to export nf from linux machines is: https://github.com/aabc/ipt-netflow ) to the machine where Phalanx is configured (port 9995) then after configured the thresholds you can call an external trigger (trigger.sh) to push some remote configurations (ssh into box + shutdown|/bgp announce|/set ipt|/shutoff via hypervisor API) or just notify your Slack/Telegram channel about it.



If you have any cool idea/problem just open an issue and i'll look into it.


Known issues

  • Netflow parse doesn't work on all netflow v9 records (tested on ipt and cisco nf export without issues)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].