Concept
Using the BPF (Berkeley Packet filter) toolset combined with the Iptables XT_BPF module enables high-performance packet filtering to address large-scale DDoS attacks. BPF Tools contains a simple set of Python scripts that are used to parse the Pcap file, and others are primarily used to generate BPF bytecode.
First, download and install Bpftools
Download the zip file in Https://github.com/cloudflare/bpftools, or you can download it via git, and then compile the installation script as follows:
#!/bin/bash#yum-y kernel-headersyum-y Install python-setuptools libpcap-devel readline-devel binutils-devel Bison Flexeasy_install pcappyeasy_install argparsecd./linux_tools/makecd.
Second, the test
2.1 Fetching part of the package data for testing
Tcpdump-i eth0-s0-w Sample.pcap
2.2 Can turn Sample.pcap into ASCII view
Cat Sample.pcap |. /pcap2hex--ascii|head
2.3 Using Parsedns to view detailed DNS information
./parsedns 04f938b79dab00238ba9f9d9080045000041c547000040117b6b3da495fa4137252400355bde002d3a380879800500010000000000000339383205733 737776905626361626403636f6d0000010001
2.4 Test filter rules
Cat Sample.pcap |./filter-b "'./bpfgen--offset DNS--*.BCC??. com ' "| TCPDUMP-NR-| More
III. deployment of the Department
Reference: https://blog.cloudflare.com/introducing-the-bpf-tools/
CentOS leverages CloudFlare's bpf-tools for DDoS protection
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
