ddos-protection-task

Tcp-server protected from syn-flood(ddos) attacks

Basic idea was taken from the publication

Glossary

DDOS

A DDoS attack, which stands for “distributed denial-of-service” is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

TCP Connection Attacks

These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.

Proof of work

Prerequisites

1. Install a rust stable toolchain: rustup install stable
2. Install a rust nightly toolchain: rustup install nightly
3. Install bpf-linker: cargo install bpf-linker

Build eBPF

cargo xtask build-ebpf

To perform a release build you can use the --release flag. You may also change the target architecture with the --target flag

Build Server

BPF_PATH=target/bpfel-unknown-none/release/ddos-protection-task cargo build --bin server

Run release

BPF_PATH=target/bpfel-unknown-none/release/ddos-protection-task RUST_LOG=info cargo xtask run

Run in docker(possible only after building ebpf)

Server

Server build

docker build -f ./docker/server/Dockerfile -t 'server:08022023' .

Server run

docker run  --privileged  --env RUST_LOG=debug --name rust-server --net host server:08022023

it's impossible to run the server using bpf without the flag issue

Client

Client build

docker build -f ./docker/client/Dockerfile -t 'client:08022023' . 

Client run

docker run --env RUST_LOG=debug --name rust-client --net host client:08022023