JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Skip UDP traffic

Browse source
This commit is contained in:
Sefinek 2024-12-20 22:27:53 +01:00
parent 3f176d2ba5
commit 1bd0ba2608
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
index.js
View file

@ -50,6 +50,14 @@ const processLogLine = async line => {
return; return;
} }
// Report MUST NOT be of an attack where the source address is likely spoofed i.e. SYN floods and UDP floods.
// TCP connections can only be reported if they complete the three-way handshake. UDP connections cannot be reported.
// More: https://www.abuseipdb.com/reporting-policy
if (proto === 'UDP') {
log(0, `Skipping UDP traffic: SRC=${srcIp} DPT=${dpt}"`);
return;
}
if (isIpReportedRecently(srcIp)) { if (isIpReportedRecently(srcIp)) {
const lastReportedTime = reportedIps.get(srcIp); const lastReportedTime = reportedIps.get(srcIp);
const elapsedTime = Math.floor(Date.now() / 1000 - lastReportedTime); const elapsedTime = Math.floor(Date.now() / 1000 - lastReportedTime);