We love the transparency and clarity in the privacy policy and the personal support from Deflect.
Articulo 19 Team
Category: Uncategorized
Opsdash provides near realtime storage and querying of the large volume of traffic reaching the Deflect edge (many millions of events per day).
It is composed of:
- an Elasticsearch cluster for data storage and querying;
- a Kibana interface to quickly and easily create visualisations of complex data;
- Logstash to enrich and insert logs into Elasticsearch;
- Log-courier to ship logs securely and rapidly from the edge to Logstash;
- nginx to restrict access to the powerful Elasticsearch API.
Edgemanage is a tool used to ensure maximum availability of Deflect edges. It observes the health of edges in the Deflect edge pool and selects the best ones to be active (i.e. in DNS) at any given time.
See the Edgemanage documentation on GitHub.
Swabber is responsible for managing the actual banning of IP addresses identified by either Banjax or Learn2ban.
It uses a ZMQ-based pub-sub mechanism for communication and bans the given IP addresses via IPTables to block identified malicious IP addresses at the TCP level. Swabber has been implemented with several configurable parameters for greater flexibility:
- bantime – describes the amount of time that malicious IP addresses should be banned from further HTTP requests.
- bindstrings – provides the list of addresses on which to listen for bans.
- interface – legitimate ban source to interact with
- backend – Swabber supports the following methods of banning:
- raw
- IPTables commands
- python-iptables library
- host.deny
- raw
Documentation
The vast majority of documentation and detail is available on Github. Swabber can be installed by running pip install swabber
Requirements
Swabber requirements can be installed via pip. The minimum supported version of python is 2.6. The code uses the “as” keyword and other conventions that are only present in 2.6 and onwards.
Operation
Swabber uses a pub/sub based system via ZMQ, whereby Swabber itself will try to connect to (ie subscribe to) a port (usually on localhost) where something will publish a ban by starting to listen (publishing) on the same port.
Swabber takes a ban as an IP address. If the IP address hasn’t been banned, it will be banned. If it is currently banned, the ban will be extended for the predefined ban time. This is defined in the configuration file swabber.yaml, this time defaults to two minutes.
Manual Execution
You can use the init script to run swabber as a daemon as normal:
/etc/init.d/swabberd start
Or if you want to observe more debug info:
swabberd -v
Banjax is responsible for early stage filtering, challenging and banning of bots, identified via regular expression (regex) matching, in conjunction with the Swabber module.
Banjax allows for per site configuration of either SHA-inverse proof-of-work or Captcha challenges. These challenges are served as a simple method to detect bot requests that have not been intercepted by one of the system configured regexes.
The Banjax module is integrated into the ATS proxy server working as a filter which intercepts and analyses HTTP requests before any content is served. This tool has a number of functional operations. It allows for the use of regular expression (regex) banning, SHA-inverse challenging and generation of Captchas. Additionally, it provides whitelisting capabilities to prevent banning of allowed bots as well as legitimate automated requests. The three Banjax functionalities are enabled as filters in banjax.conf. Additionally Banjax can gather and submit the detailed information on each request to Botbanger for further analysis of the requester behavior.
Regex detection
In the majority of large-scale attacks, clear and distinct patterns can be found in each attacker’s requests, allowing BotnetDBP to be fed with regular expressions to find these patterns and ban any bot whose requests show up with them at a given rate. The regex filter is basically imitating Fail2ban’s capabilities but with a greater level of efficiency needed for DDoS defence. This is done before serving any such requests and has proven crucial when particularly weak origins are under attack by a significantly large network of bots.
The regex filters are defined as a series of rules indicating the circumstance within which a given request should be banned. The parameters supported are:
- Rule – is the human readable name for a given regex to be banned.
- Regex – contains the regular expression string that a request will be tested against.
- Interval – is the window of time between requests that Banjax should consider.
- Hits_per_interval – is the number of hits for a given time window that Banjax should consider before banning a given IP address. The actual banning is calculated as 1/1000 x hits_per_interval. This means that for a given interval, Banjax considers the number of requests per millisecond and when it crosses the allowed threshold, a ban is implemented.
Challenging the request
The caching proxy does not offer an effective measure to prevent cache-busting attacks. In this type of attack, each bot requests a new, unique resource from the network. Because each request is different from the previous one, there is no copy of such a resource in the caching proxy so all the requests reach the origin, effectively amplifying the DDoS attack by the number of proxy servers. This strategy essentially turns the Deflect network against the very people we are trying to help.
To prevent this, BotnetDBP can be configured to serve challenges to each computer requesting the content, allowing only those which solve the challenge successfully to proceed (automatic detection of cache-busting has been implemented and will be deployed shortly). The Challenger filter supports two methods for HTTP requests: SHA-inverse challenge and Captcha challenge. These functions are primarily intended to mitigate cache-busting attacks but also serve to ensure the legitimacy of the request and to provide a mechanism to slow traffic during a heavy load.
- The SHA-inverse challenge asks the user browser for an inverse image of partial SHA256 value via Javascript. This ensures that traffic is originating from a legitimate browser rather than from a pre-programmed Bot. This challenge is seamless for the user as it occurs as part of the interaction between their browser and the server.
- By contrast, the Captcha is presented directly to the user, who must correctly solve the visual challenge and submit their answer before gaining access to the site’s content.
Banjax users can configure Challenger by the following parameters:
- the number of times a requester can fail a challenge before they are banned
- the difficulty level (the time taken for the browser to solve the SHA256 inverse problem)
- the length of time that a solved challenge can grant access to the requester
Additionally, there is a key which ensures that the cookies passed to and from the user have not been tampered with or manipulated and the tool can also be configured for multiple hostnames, allowing for different challenges to be set per host.
Allow List
The Banjax tool can also be configured to allow HTTP requests for specific IP addresses via the Allow Lister in order to interact with the server without interference.
- Home
- >
- Uncategorized
- >
- Page 3
Categories
Confederación de Nacionalidades Indígenas de la Amazonia Ecuatoriana
| Domain: | Human rights/Environment |
|---|---|
| Based in: | Ecuador |
| URL: | https://confeniae.net/ |
| Protected: | Since 2019 |
| About: | CONFENIAE is defending the rights of more than 1,500 Amazonian communities, including Kichwa, Shuar, Achuar, Waorani, Sapara, Andwa, Shiwiar, Cofan, Siona, Siekopai, and Kijus. The website represents Indigenous people protecting the Amazon from oil drilling and agribusiness to save their ancestral forest homelands. |
| Domain: | Human rights/Environment |
|---|---|
| Based in: | Ecuador |
| URL: | http://conaie.org |
| Protected: | Since 2019 |
| About: | Since 1980, CONACNIE has been promoting the consolidation and rights of Indigenous people in Ecuador. Their main objectives include fighting for Indigenous land and territories, supporting their own education (intercultural/bilingual), fighting against the oppression of the civil and ecclesial authorities, and protecting the cultural identities of Indigenous peoples. |
| Domain: | Environment |
|---|---|
| Based in: | Canada |
| URL: | http://extinctionrebellion.ca |
| Protected: | Since 2019 |
| About: | Extinction Rebellion is a global movement that uses non-violent civil disobedience in an attempt to halt mass extinctions of humans and other species and minimize the risk of social collapse. |
| Domain: | Civil society |
|---|---|
| Based in: | Canada |
| URL: | https://the-tower.ca/ |
| Protected: | Since 2018 |
| About: | The Tower is a social space for radicals and anarchists in Hamilton to share their events, projects, and libraries, and to socialize and organize. We stepped in when The Tower was under attack, and since then, we have kept their website, as well as their database of political books, on-line. |
| Domain: | Human rights |
|---|---|
| Based in: | Rakhine State, Myanmar |
| URL: | https://www.rohingya.org |
| Protected: | Since 2012 |
| About: | ARNO’s website covers rights abuses against the Rohingya people and other minority groups in Myanmar. These violations include arbitrary arrests, torture, rape, and deaths in detention. Over several decades, the Rohingya people have been ruthlessly persecuted and left stateless. In spite of Aung San Suu Kyi’s attempts to dismiss the Rohingya’s rights and ignore their pleas for justice, ARNO continues to bring stories of human rights violations to a global audience. |