2021 DDoS Issue

[TheShedCollector]

What are the chances those that paid for the botnet ever get a knock on the door?

Roughly the same chances of getting a blowjob from a nun.

 

[Nickolas Gurr]

Why not just turn KF off for a couple weeks. They'll eventually get bored.

This would mean accepting defeat.

 

[HTTP Error 404]

I wonder if encouraging a felony is against Twitter's TOS?

Nothing is against the Twitter TOS if you're a lefty, tranny, or nigger.

 

[Synthwave Obsessed]

Nothing is against the Twitter TOS if you're a lefty, tranny, or nigger.

Brb mutilating myself

 

[I (Don't) Have A Gun]

Sadly I'm a software guy not a hardware guy...
But hey if KF need some crowdfunding I'm sure I finally get on this crypto-thing the kids are going on about and buy Null a coffee or something.

 

[Thumb Butler]

You should become a beautiful and stunning transwoman so they're not allowed to harass you anymore. We do a lot for you by reading your forum for free so I don't think it's too much for us to ask that you take one for the team and cut your dick off to keep our free entertainment forum online.

This is the only option, You would be untouchable and transwomen are the only valid kind of people.

 

[Sheogorath]

i can give you csgo skins

 

[Nickolas Gurr]

I honestly cannot understand how can someone actually spend time and money on DDoSing Kiwifarms. What would it achieve? Do they think that the website would just die after a few days of DDoS? Kiwifarms in it's current iteration is 8 years old, it have seen worse shit than that.

 

[Viam]

Eh, if you remain as level-headed as you have been thus far and don't give mainstream Twitter audiences any genuine reason to hate you on top of the lies and exxagerations they're going off of at the moment, they're bound to lose interest eventually and stop paying for the DoS.

tbh, I'd be shocked if this were still going on in three day's time; God knows that Internet addicts are all ADD-ridden freaks that'll struggle to maintain interest in anything without a constant stream of news and drama to keep them from falling asleep.

 

[Neurotypical Mantis]

Nothing is against the Twitter TOS if you're a lefty, tranny, or nigger.

wrong, if you're not a lefty people are immediately allowed to call you slurs no matter how much of a specialboy minority you are

 

[Blackstar]

I'm doing my part.

 

[semiurgent]

I haven't gotten on the Brave train, but I'm in on Eth and cardano, would be more than happy to send a decent bit of each if Nool a wallet set up.

 

[Techpriest]

Give me some options. I am willing to spend piggybank money.

Juniper makes pretty solid switches and routers. I’d also look into maybe getting something to create a DMZ that you can flip on during an attack to automatically block and filter out certain addresses.

 

[In Memoriam]

I haven't gotten on the Brave train, but I'm in on Eth and cardano, would be more than happy to send a decent bit of each if Nool a wallet set up.

Look at the bottom of this page for wallet info fren

 

[Site of Origin]

Are you going copper or fiber for 10Gb? Fiberstore.com makes cheap knock off SFPs compatible with all major vendors and they work well. They also make their own switches, can't vouch for them.

If you got a beefy enough L3 switch, you could have it handle routing for you as well. Could save you a bit on cost. Just don't expect to take the entire BGP table into memory.

You could also ebay shop for cheap cisco ASR routers.

 

[Precursor James]

Some chump posted this on twitter:
https://twitter.com/DownFarms/status/1410351212155834371

Ez Clap Farms (@Ezclapfarms) | Twitter

The latest Tweets from Ez Clap Farms (@Ezclapfarms). Litecoin: LST4bf1qmCLcXJbs3tYzcAcFFj5s1dpdzt Monero: 468gFZ5VVyBQq1wMRpXMwnY1HB7JC82CnXAShefiXpY9UW65EvGAxyML5qazkiL1XPX3ktsTu3v5NPoT8GygBPe73EjHAnK

web.archive.org

 

[Null]

copper or fiber

What's the difference? I'd have to ask upstream.

 

[Zyklon Ben's Poison Pen]

So not knowing too much about this device it looks like a software router (probably what RouterOS is) ie: runs all packet processing in software on CPU's which does make it vulnerable to SYN floods because a SYN packet forces the Firewall/Router to setup a new session in memory to track it states. Looks quite Linuxy so its probably running IPTables.

What you want is a hardware router like some Cisco models (yeh I know (((Cisco)))) which uses dedicated silicon to handle packet processing and dedicated x86 CPU to run its Linux based overseer IOS.

What you can do then is use some sort of firewall behind the hardware router to try and track dead SYN packets and use BGP to have the hardware router route them to NULL and even use BGP to your upstream to have them routed to null. I was using the iptables_xt_recent module to do this but it was a little trigger happy.

 

[Right Wing Boomer Squads]

There are providers out there that provide a way for you to "route" onto their service during. DDOS attack, they scrub the traffic before it hits you. IIRC you said you had you own BGP ASN, correct? Its a simple GRE tunnel setup with Akamai. Works for bandwidth attacks, syn flooding, etc. You'd be dealing with networking guys, they don't really care whats behind the ASN.

DoS protection is normally a per-month cost from the ISP, and it isn’t cheap in my experience. All they do is just identify the prefix that is performing the DoS attack and then blackhole traffic from that prefix; meaning the customer never sees the traffic on their link. Josh basically wants to accomplish the same thing with a device of his own, which is difficult because even if the traffic is dropped by the device, the traffic is still using bandwidth on the link. This is the main reason why people pay their carrier to do it for them.

from what I understand about Josh’s setup, he doesn’t have his own ASN or /24, but he is being leased a prefix by an ISP - meaning he is most likely peering BGP to an ISP on a private ASN (64000-65000ish)
This would mean he’s not advertising directly into the global routing table, and probably isn’t receiving the global routing table, just a default route.
This is important as receiving the full table takes up a lot of resources (mostly RAM but also CPU on path calculations), so if it is just a default route, he can get away with slower hardware.

I’m going to jump in here with an other brand option to add to the pile: get a Fortigate 500E.
-40Gbps routing throughput
-2 SFP+ ports and about 8 SFP ports
-Nice web UI which is easy to configure
-configurable DoS protection
They cost about 5-7k AUD (phone posting right now, convert it yourself), and you can buy the hardware without and of the subscription crap (the DoS stuff isn’t subscription based, comes with hardware)
Underlying hardware is x86 with 16GB memory so they will handle the global routing table (should you desire it) easily.

An x86_64 machine with one of those gay router operating systems could be a decent bet

If you don’t mind a bit of a learning curve, this is where it’s at. Slightly radical option, I know, but this is unironically the cheapest option.

Netflix use FreeBSD and BIRD for a lot of their CDN. I also know that many of the state internet exchanges in AUS uses BIRD as well.

if you don’t want to use BSD, BIRD does run on Linux too. Another option, one gaining a lot of popularity, is FRR (a fork of Quagga). Big learning curve, but might save a lot of money if you can build a router out of spare parts.

 

[Site of Origin]

It just depends on what hardware you are working with, fiber in general is more flexible (swap out SFPs to shoot longer distances) but you might not need that.