I was under constant SYN floods and volumetric UDP flood attacks that were so large that even when all the source IPs got collected into a large iplist and blocked by iptables, it would still shut me down, because it was simply sending more than my NIC could handle. Sometimes the ISP would blackhole my IP during that happening, to protect his own infrastructure.I wrote a BPF XDP filter that rate limits packets in an efficient way, so they get dropped before they even enter the ring buffer and contributing IPs temporary blocked for an hour.I already experienced multiple DDoS attacks since deploying it and i wouldn't even have noticed them, if i wouldn't have checked with bpftool if something got blocked.They go into nowhere.
>>107891744just turn yourself in, anon
I also got constant ddos on my router. Weird thing is I kept getting it even after changing IP address. It had no effect on my internet so I just ignored it but I do wonder how they kept ddosing me after IP resets.
>>107891793Or at least I thought it was a ddos, don't really know exactly. I don't have the logs anymore so I can't check.
>>107891744What did you do to cause this, anon? You must have at least one clue, right? This is what the police would ask btw
>>107892037I moved a website off cloudflare and shittalked cloudflare.I also went to the cloudflare support forum and wrote an essay about how cloudflare sucks.
>>107891744If your link is getting flooded then even the world's most advanced firewall will not save you, let alone something like eBPF or a custom DPDK filtering application.
Update: it was my Blink sync module and my Smart fridge microwavator.
>>107892057So to wich other WAF service you migrate?
>>107892061A SYN flood fills up the nf_conntrack table and once it is full, starts dropping packets. And they stay in the table until they timeout.If nftables / iptables ratelimits, they still made it into nf_conntrack in the first place. Meanwhile a XDP BPF program executes before conntrack. It can prevent it from getting there.Meanwhile a UDP flood fills up the RX ring buffer. And once the ring buffer is full, we get packet drops. You can't stop the packet from getting into the memory in the first place, but BPF will be 10 to 100 times faster to kick it out again (while also avoiding conntrack, which is a thing for UDP as well).If it is above your hardware capabilities, you can't be saved. But the first bottleneck is on the software. With BPF the conntrack bottleneck is removed and the ring buffer bottleneck is up to 100 times better.
>>107891744What's your ip so I can do a quick scan?
>>107892584>WAFan nginx config
>>107892835Yeah, that's very clearly a hag. No idea why he decided to put that text on the image. Now he'll get permabanned and reported to the FBI instead of just getting a 3-day ban, and for what purpose? What an idiot.
>>107892882He's probably behind a proxy, meaning jannies will remove his shit along with every other post made by the same ip irrespective of content. It's over for legit proxy users.
>>107892787That's not a waf mongoloid
>>107893155Zero shock value. That baby getting shat on mogs everything else.
