Some people are DDosing our servers... how could this be stopped?
Which servers?
[QUOTE=Brodster55;27203273]Some people are DDosing our servers... how could this be stopped?[/QUOTE]
Depends on the type of attack. Some are easy to stop, others are insanely hard if not outright impossible.
-snip i'm retarded-
Negotiate with the person who is doing it..... Or just contact your host's support email, if you're talking about [b] your [/b] server :v:
DDoS them back
Have you been campaigning against wikileaks? Nothing you can do now, sorry.
[QUOTE=AngryChairR;27206519]Have you been campaigning against wikileaks? Nothing you can do now, sorry.[/QUOTE]
seems like you've been campaigning against making good jokes
I thought it was funny. :p
Ignore it it will stop within 2 hours
If its a box you can remote desktop to then install a firewall and it should help. And get commview to view where the IPs coming from and you can block the specific IP. A lot of it is trial and error. But I'm no pro. Also contact the host or your ISP.
Get wire shark if you own your own box, record all IP's then block them.
[QUOTE=Steven :D;27213733]Get wire shark if you own your own box, record all IP's then block them.[/QUOTE]
Obviously uneducated in the situation, I will not begin to list the reasons why this is stupid and will not work. You sir just lost the internet.
My box got attacked earlier today. We managed to stay more or less online, but it's an annoyance. The attack hit around 200mbit I think.
The attackers are pretty persistent though. They've attacked a few times today.
[img]http://dl.dropbox.com/u/9104987/attack.png[/img]
Players ingame had a lagspike, the server "didn't exist" to hlsw/server browser for a few minutes.
[editline]5th January 2011[/editline]
[QUOTE=DeveloperConsol;27206399]DDoS them back[/QUOTE]
That won't solve it, but it's a fun idea nonetheless.
If it is a minor problem you can ask your host to deny access to your/there servers using MMC. Here is a thread with a simple video I created awhile back on how people who host there servers on there own machine/dedicated server can stop a simple attack.
[url=http://www.facepunch.com/threads/982863-How-to-quot-Block-quot-a-network-attack.?highlight=]Thread[/url]
If its a major problem switch hosts.
Not all (G)ame (S)erver (P)roviders take the time to invest money in protecting their customers. There are a lots of professional grade firewalls out there that do help. Part of the reason they may not invest in there firewall is because they get a bit expensive.
[editline]5th January 2011[/editline]
[QUOTE=RoFLWaFFLEZZ;27206028]wasn't me[/QUOTE]
[img]http://img193.imageshack.us/img193/6331/faillg.jpg[/img]
You know if you ask the moderators they may give you his details which then you an go back to their ISP well you require a signed document by a judge for them to reveal the info, But I'de take him down get him put away,
On the otherhand there is no cheap efficient way to stop a Dos
[QUOTE=freefall1103;27216351]You know if you ask the moderators they may give you his details which then you an go back to their ISP well you require a signed document by a judge for them to reveal the info, But I'de take him down get him put away,[/QUOTE]
Or you add them on Steam, open up wireshark and start a voice call, and hope that they don't have a VPN.
[QUOTE=|FlapJack|;27216391]Or you add them on Steam, open up wireshark and start a voice call, and hope that they don't have a VPN.[/QUOTE]
That would be the simpler way, indeed.
I never liked wireshark... It always dies on me.
change your IP if possible?
[QUOTE=Hizan;27217106]change your IP if possible?[/QUOTE]
That's just giving in.
Identify the packets being sent with this:
[url]http://www.wireshark.org/[/url]
After you've done that, determine whether it's a dumb A2C_Print spam, syn flood, UDP flood or ICMP attack.
Then download this and stick it on all of your servers:
[url]http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9[/url]
More than likely it is A2C_Print spam.
I think we're all missing the point here.
There are three reasons that you're being DDoSed (well, in most cases at least)
- Jealousy
- You've done something that has 'offended someone'
- You're using something that they believe is theirs
Now I would say that the top one is really a compliment.
Most good DDoSers will have tens, if not hundreds of IPs at their disposal. The only real thing you can do is manually block them (firewalls make this much easier, presenting you with a list of the IPs with most connections made) but this won't sort the problem. With a game such as Garrysmod, where upload/download rates can vary drastically amongst normal players, some DDoSers just get away with most of their IPs unblocked. As suggested by the two above, get Wireshark and catch these packets as they leave, it should proide you with info on what size the DDoSers are using. But again, the good ones will vary it up a bit. It's an almost un-winnable battle, and although these hosts such as Bro-Hosters who claim to provide you with adequate DDoSing protection are trying fairly hard, it's just not something you can win if they're determined enough.
The only physical solution would be to get an uberfast connection, but that's out of the question.
Anyway, I just deal with it by totally ignoring it and playing it down. That way they get bored and don't bother. The only reason they do it is so that you open posts like this - it's simply confirmation that they're getting to you.
Stand strong and take none o dat bo schett.
[QUOTE=Proffrink;27221534
The only physical solution would be to get an uberfast connection, but that's out of the question.
[/QUOTE]
The is another Physical solution and that has something to do with a 2nd network card which takes all the flak I don't know how it works personally, never messed with one however they are also rather expensive.
[QUOTE=Adamm;27214685]Obviously uneducated in the situation, I will not begin to list the reasons why this is stupid and will not work. You sir just lost the internet.[/QUOTE]
Sorry you feel that way, but unless you want to spend money on equipment for your own box or such, DDoSing is hard to prevent. If you can somehow find the persons home IP address then you can report that to his ISP and there goes the guys internet (hopefully).
EDIT: Wireshark is the way to go.
[QUOTE=freefall1103;27222322]The is another Physical solution and that has something to do with a 2nd network card which takes all the flak I don't know how it works personally, never messed with one however they are also rather expensive.[/QUOTE]
All you can do with a second NIC is have a failover IP through which you can get onto the server and nullroute the attack.
[QUOTE=Kamern;27219719]Identify the packets being sent with this:
[url]http://www.wireshark.org/[/url]
After you've done that, determine whether it's a dumb A2C_Print spam, syn flood, UDP flood or ICMP attack.
Then download this and stick it on all of your servers:
[url]http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9[/url]
More than likely it is A2C_Print spam.[/QUOTE]
then he can just do a A2S_INFO spam
Try to manage it out and ignore it till it stops.
[QUOTE=deathslayer95;27222782]Try to manage it out and ignore it till it stops.[/QUOTE]
Yeah, what if it doesn't stop and most of the OP's playerbase decides to move along?
[QUOTE=Steven :D;27223100]Yeah, what if it doesn't stop and most of the OP's playerbase decides to move along?[/QUOTE]
Well, too bad for him.
[QUOTE=Proffrink;27221534]I think we're all missing the point here.
There are three reasons that you're being DDoSed (well, in most cases at least)
- Jealousy
- You've done something that has 'offended someone'
- You're using something that they believe is theirs
Now I would say that the top one is really a compliment.
Most good DDoSers will have tens, if not hundreds of IPs at their disposal. The only real thing you can do is manually block them (firewalls make this much easier, presenting you with a list of the IPs with most connections made) but this won't sort the problem. With a game such as Garrysmod, where upload/download rates can vary drastically amongst normal players, some DDoSers just get away with most of their IPs unblocked. As suggested by the two above, get Wireshark and catch these packets as they leave, it should proide you with info on what size the DDoSers are using. But again, the good ones will vary it up a bit. It's an almost un-winnable battle, and although these hosts such as Bro-Hosters who claim to provide you with adequate DDoSing protection are trying fairly hard, it's just not something you can win if they're determined enough.
The only physical solution would be to get an uberfast connection, but that's out of the question.
Anyway, I just deal with it by totally ignoring it and playing it down. That way they get bored and don't bother. The only reason they do it is so that you open posts like this - it's simply confirmation that they're getting to you.
Stand strong and take none o dat bo schett.[/QUOTE]
Not really, most "DDoSers" just use spoofed packets which exploit whatever application a server is hosting. Mindlessly flooding something is idiotic in almost all cases and just shows that someone is pretty much just buying a php shell off hackforums or something equally retarded. Rarely will these type of people flood a 1gbps line and are stupidly easy to block with something like peerblock or some other simplistic filtering program, you should really just be laughing at them.
You can't really stop a DoS attack without having some sort of decent firewall like iptables, stopping a DoS attack on Windows for an SRCDS server is pretty much impossible except for really idiotic udp attacks that aren't spoofed.
Sorry, you need to Log In to post a reply to this thread.
