Project BAIU – The Bad Ass IP & User ID Rate Limiter

Project BAIU

The most powerful, extensible, customizable, TRUE DDoS, and TRUE Distributed Brute Force Prevention tool since 2012 (compare it, I dare you :D ) and now it handles all ports and protocols, not just HTTP/S!

Get It!

DOWNLOADS

Download Project BAIU and get it running on your F5s today!

BAIU will actively monitor, and/or restrict the ability of network based entities, both human and automated software, accessing certain aspects of a hosted site that is viewable on the internet over periods of hours, to days, to weeks, to months with multiple, user-defined, variable control methods for restriction, event triggers, multiple methods of counting IP and/or UserID access, and multiple variable, user-defined timing controls that set independent timing constraints for monitoring and restricting IP/UserID access. It is capable of monitoring and restricting via a static and dynamically distributed model when monitoring and restricting IPs and/or userID/strings. Monitoring and restricting over customizable periods of time (hours, days, weeks, months) significantly reduces the daily chances of attacks. Rather than the “here and now” approach commonly used, BAIU registers, catalogs, analyzes, trends, and consider behavioral characteristics to determine the appropriate reaction. This is the core of the static monitoring and restriction functionality. At this time BAIU only works for the F5 networking appliances as long as the F5 can process iRules which is every appliance they made regardless of licensing. A10 has developed a load balancer/WAF combo that support iRules through conversion and this code is all TCL based so theoretically it can be ported to virtually any system that supports TCL and a database.

Project BAIU F5 iRules updated: 2018-03-26

F5 iRules (core of BAIU):

XXX 020 Blacklist IP UserAgent Referer

XXX 030 UID Extract All Sites Add Header

XXX_040_BAIU_Tru_R8L

XXX 071 BAIU CnC

Shell Scripts for Syncing Tracking and Blocking Stats across multiple F5s:

Ban List Sync for 1st WAF

Ban List Sync for 2nd WAF

ReqCnt 10min Sync for 1st WAF

ReqCnt 10min Sync for 2nd WAF

ReqCnt_Hourly Sync for 1st WAF

ReqCnt_Hourly Sync for 2nd WAF

Rolling Ban Sync for 1st WAF

Rolling Ban Sync for 2nd WAF

Week Counts Sync for 1st WAF

Week Counts Sync for 2nd WAF

WHOIS DB For Attackers of ProjectBAIU.org and the Enterprises I work with:

Updated 2018-03-27

WHOIS DB with 64,356 unique IP/CIDR WHOIS Entries with Latest WHOIS DB v2.0 Processing

Email Us if you have any questions!

Contact Info

info@projectbaiu.org

Owner and Security Consulting:
The WAF Guy
www.waflogic.com