this code is from the Live Emulation Listener.
Code:
public static bool m_IsUsingSpamDetection;
public static Dictionary<string, SocketSpam> m_Connections = new Dictionary<string, SocketSpam>();
private static string m_LastBannedIP;
public struct SocketSpam
{
public long m_InitialTimestamp;
public int m_ConnectionsMade;
public bool m_Banned;
public long m_BannedTimestamp;
public List<long> m_ConnectionTimestamps;
public SocketSpam(long init, int con, bool banned, long bannedInit)
{
m_InitialTimestamp = init;
m_ConnectionsMade = con;
m_Banned = banned;
m_BannedTimestamp = bannedInit;
m_ConnectionTimestamps = new List<long>();
}
}
public static string WindowsCmdExec(string cmd)
{
var process = new Process()
{
StartInfo = new ProcessStartInfo("cmd")
{
UseShellExecute = false,
RedirectStandardInput = true,
RedirectStandardOutput = true,
CreateNoWindow = true,
Arguments = string.Format("/c \"{0}\"", cmd)
}
};
process.Start();
return process.StandardOutput.ReadToEnd();
}
public static void BanFromFirewall(string ip)
{
WindowsCmdExec(string.Format("netsh advfirewall firewall add rule name=\"" +
"@{0}\" " + "dir=in interface=any action=block remoteip={0}", ip));
Console.WriteLine("{0} has been banned from the firewall for spamming", ip);
}
public static void UnbanFromFirewall(string ip)
{
WindowsCmdExec(string.Format("netsh advfirewall firewall delete rule name=\"" +
"@{0}\"", ip));
Console.WriteLine("{0} has been unbanned from the firewall", ip);
}
public static long GetTimeStamp()
{
return DateTimeOffset.UtcNow.ToUnixTimeSeconds();
}
public static bool SpamDetection(string ip)
{
if (ip == m_LastBannedIP)
return true;
m_IsUsingSpamDetection = true;
if (m_Connections.ContainsKey(ip))
{
if (m_Connections.TryGetValue(ip, out SocketSpam spamOut))
{
if (spamOut.m_Banned) return true;
spamOut.m_ConnectionsMade++;
m_Connections[ip] = spamOut;
spamOut.m_ConnectionTimestamps.Add(GetTimeStamp());
int detection = 0;
for (int i = 0; i < spamOut.m_ConnectionTimestamps.Count; i++)
{
if (i == spamOut.m_ConnectionTimestamps.Count - 1)
{
// last iteration
break;
}
else
{
// if the current connection timestamp minus the last is within a second
if ((spamOut.m_ConnectionTimestamps[i + 1] - spamOut.m_ConnectionTimestamps[i]) <= 1)
{
detection++;
}
}
}
if (detection >= 50)
{
// if 50 detections of connections made within a second of eachother (highly unlikely)
BanFromFirewall(ip);
spamOut.m_BannedTimestamp = GetTimeStamp();
spamOut.m_Banned = true;
m_Connections[ip] = spamOut;
Console.WriteLine("Socket spam detected from {0}", ip);
m_IsUsingSpamDetection = false;
m_LastBannedIP = ip;
return true;
}
}
}
else
{
m_Connections.Add(ip, new SocketSpam(GetTimeStamp(), 0, false, 0));
}
m_IsUsingSpamDetection = false;
return false;
}
DISCORD: xexghosted