From 1bd0ba2608490d9740d3ccd653cdcf68ee50d83a Mon Sep 17 00:00:00 2001
From: Sefinek <contact@sefinek.net>
Date: Fri, 20 Dec 2024 22:27:53 +0100
Subject: [PATCH] Skip UDP traffic

---
 index.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/index.js b/index.js
index 0617b58..046b40f 100644
--- a/index.js
+++ b/index.js
@@ -50,6 +50,14 @@ const processLogLine = async line => {
 		return;
 	}
 
+	// Report MUST NOT be of an attack where the source address is likely spoofed i.e. SYN floods and UDP floods.
+	// TCP connections can only be reported if they complete the three-way handshake. UDP connections cannot be reported.
+	// More: https://www.abuseipdb.com/reporting-policy
+	if (proto === 'UDP') {
+		log(0, `Skipping UDP traffic: SRC=${srcIp} DPT=${dpt}"`);
+		return;
+	}
+
 	if (isIpReportedRecently(srcIp)) {
 		const lastReportedTime = reportedIps.get(srcIp);
 		const elapsedTime = Math.floor(Date.now() / 1000 - lastReportedTime);