- A DDoS protection toolset is now given away for free, hoping to make DDoSing on the dark web a thing of the past.
- The outcome will depend on how robust the tool is proven to be, and for now, users are already criticizing it.
- The creators of the toolset called “EndGame” have been working on its development and testing for many months now.
A new DDoS protection tool called “EndGame” has launched on the dark web, promising to have a fundamentally positive impact on the cybercriminal scene. DDoS (Distributed Denial of Service) attacks are a constant headache for dark web portal operators, as they are pretty common in the field. Owners of competing marketplaces and platforms and users who feel that they have reasons to hit a darknet platform hire DDoS swarms for as little as $10 per hour or $200 per day, taking the business of their targets offline. So, what does the “EndGame” bring to the table?
The team behind “EndGame” has recently announced that they are releasing the protection toolkit for free, after working on it for many months now. As they say, EndGame constitutes of thousands of lines of code, deriving from eight open-source projects, six NGINX modules, and utilizing six open-source libraries. The actual code of the EndGame has not been open-sourced yet, but it is expected to be soon. As for what features empower the EndGame, the developers have presented the following list:
- A front system designed to protect the core application servers on an onion service in a safe and private way
- Locally compiled and locally run (no trusted or middle party)
- A combination of multiple different technologies working together in harmony
- Fully scripted and easily deploy-able (for mass scaling!) on blank Debian 10 systems
- Fully featured NGINX LUA script to filter packets and provide a captcha directly using the NGINX layer
- Rate limiting via Tor’s V3 onion service circuit ID system with secondary rate limiting based on a test cookie-like system
- Easy Configuration for both local and remote (over Tor) front systems
- Easily configurable and change-able to meet an onion service’s needs
Of course, not everyone was impressed by this announcement. Some users stated that publishing a generator means this CAPTCHA will be 100% cracked in less than a day, as someone could very easily write a bot that can bypass the confirmation step. The EndGame author responded by saying that not everything in the toolset’s protection mechanisms has been revealed through the CAPTCHA generator, so breaking it won’t be as easy as it may seem.
If the “EndGame” is adopted by dark web portals and deployed on a large number of websites, and if the tool is proven to be robust enough, we may finally experience the eclipse of DDoS attacks on the dark web. That would make the underground more reliable, which would have a domino effect on a whole set of intertwined elements.