Weekly Update 22: Bender
As I take my journey head-on into building denial of service protection & web application firewalls that are fully customizable and scale really well, I’ve learned a lot of new things — especially this week. The first being, that with a bit of kernel magic, I can now MITM whole IP ranges on port 80/443 transparently, push them through my DDoS filter for layer 7 attacks, and then route them to their final destination, all without any code changes on the users end. This is huge because it’s essentially transparent to the end user, and still handles the SSL termination all at the same time. In addition to this, I’ve figured out the next evolution for the DDoS mitigation — aptly named Bender. Bender, name inspired by Futurama, is an automatic DDoS mitigation system that watches the network for spikes in L3/L4 traffic and web traffic. If a significant spike is noted, Bender will enable DDoS mitigation patterns, begin doing a live tcpdump into PCAP for further analysis.
I’ve opted for Bender to preform that tcpdump into pcap automatically because, with this simple enhancement, we can use eBPF and some magic python scripts to write filters in user-land for similar attacks and stop them earlier. Additionally, the entire attack session log from the web is bundled with the PCAP for analysis, helping build better rules in the future, and our DROP Naughty List. A DROP Naughty list is useful, because when attacks start streaming in we automatically apply temporary bans on known offender origins and any IP address consistently being rejected by our firewall gets a network-level IP ban on it until the attack is lifted. I was surprised how much math went into this whole project, it helped me gain immense amount of insight into how to efficiently watch for attacks, automate the capture process, and automate the rule generator cycle.
On the personal side of things, I’m pretty happy with the forward momentum, I love my family very much and it’s nice to relax and worry-less about everything. The forward momentum and possibilities around the corner in life are exciting, and I’m thankful for my families support in this journey!
That’s all I’ve got for this week, till next!