My garrysmod server hosted with OVH keeps getting DDoS'd.
It doesn't last long, it crashes my server real fast and makes everything on the dedi unresponsive for about 4 minutes max.
[IMG]http://i.gyazo.com/576c2c0035b714b0481530b6421816ec.png[/IMG]
Heres what the traffic looks like.
Neat.
Are you just letting us know? We can't help it...
[QUOTE=F14;45291373]My garrysmod server hosted with OVH keeps getting DDoS'd.
[/QUOTE]
[QUOTE=Cyberuben;45291470]Are you just letting us know? We can't help it...[/QUOTE]
Fixing the problem now.
Sorry ive just came in from work really tired, want I want to know is are there any ways to stop it? For example firewall rules I have added around 10 but its cut out the majority of the attacks but I am still getting these attacks.
[QUOTE=F14;45291620]Sorry ive just came in from work really tired, want I want to know is are there any ways to stop it? For example firewall rules I have added around 10 but its cut out the majority of the attacks but I am still getting these attacks.[/QUOTE]
If you do something like
[code]iptables -A INPUT -m length --length 1:65535 -j DROP[/code]
That should stop the packets from coming though.
This is what happens when you ban 12 year olds from your DarkRP server.
[QUOTE=Toastibite;45292264]This is what happens when you ban 12 year olds from your DarkRP server.[/QUOTE]
I really doubt a 12 year old can overcome 460 gbs protection.
[editline]4th July 2014[/editline]
[QUOTE=Revenge282;45292149]If you do something like
[code]iptables -A INPUT -m length --length 1:65535 -j DROP[/code]
That should stop the packets from coming though.[/QUOTE]
I am on windows, I am going to add you on steam to talk further if that is ok.
You're being hit with 40Mbps and you mention 460Gbps protection?
[QUOTE=alexanderk;45292782]You're being hit with 40Mbps and you mention 460Gbps protection?[/QUOTE]
The DDoS mitigation for OVH is delayed, so it doesn't kick in for as long as 30 seconds.
[QUOTE=alexanderk;45292782]You're being hit with 40Mbps and you mention 460Gbps protection?[/QUOTE]
ROFL..
And OVH has the option to use the Anti-DDoS Permanently add me on steam if you need more help regarding that.
[url]http://steamcommunity.com/profiles/76561198047160866/[/url]
[QUOTE=tzahush;45292960]ROFL..
And OVH has the option to use the Anti-DDoS Permanently add me on steam if you need more help regarding that.
[url]http://steamcommunity.com/profiles/76561198047160866/[/url][/QUOTE]
I have it on permanently already.
[editline]4th July 2014[/editline]
[QUOTE=alexanderk;45292782]You're being hit with 40Mbps and you mention 460Gbps protection?[/QUOTE]
You clearly know nothing about OVH and mitigation, yet you feel the need to post?
[QUOTE=F14;45293361]You clearly know nothing about OVH and mitigation, yet you feel the need to post?[/QUOTE]
I do know about mitigation, and considering the currently largest DDoS attack in recorded history is 75Gbps to 300Gbps (unconfirmed number), how do you suggest someone would hit you with enough data to effectively render your server useless? If that's the case - OVH is shit at mitigation.
I do know about OVH too - I've used them before, thanks.
Before you continue to point out that other people don't know anything about mitigation - I'd like for you to request statistics from OVH as to the magnitude of the attack. :)
[QUOTE=alexanderk;45293434]I do know about mitigation, and considering the currently largest DDoS attack in recorded history is 75Gbps to 300Gbps (unconfirmed number)
Before you continue to point out that other people don't know anything about mitigation - I'd like for you to request statistics from OVH as to the magnitude of the attack. :)[/QUOTE]
•••••••••••• did a DDoS attack of 400 Gb/S
[url]http://arstechnica.com/security/2014/02/biggest-ddos-ever-aimed-at-cloudflares-content-delivery-network/[/url]
Back on track,
If you don't how to use firewall settings and all that research it on google or ask OVH Support to do it for you.
[QUOTE=alexanderk;45293434]I do know about mitigation, and considering the currently largest DDoS attack in recorded history is 75Gbps to 300Gbps (unconfirmed number), how do you suggest someone would hit you with enough data to effectively render your server useless? If that's the case - OVH is shit at mitigation.
I do know about OVH too - I've used them before, thanks.
Before you continue to point out that other people don't know anything about mitigation - I'd like for you to request statistics from OVH as to the magnitude of the attack. :)[/QUOTE]
Ok then, so OVH lie when they say they have 460gbs protection?
They may be.
[QUOTE=alexanderk;45293890]They may be.[/QUOTE]
Well there is a possibility but I highly doubt a company as big as OVH with there reputation would lie.
Even so - I hope you get this sorted out!
[QUOTE=alexanderk;45293963]Even so - I hope you get this sorted out![/QUOTE]
Thanks have a nice night.
OVH don't lie. I've been hit with a 84gbps flood, of which I had two seconds of lag before the mitigation service kicked in. HOWEVER-> I am hosted with a OVH derivative, soyoustart.
[QUOTE=Phoenixf129;45294362]OVH don't lie. I've been hit with a 84gbps flood, of which I had two seconds of lag before the mitigation service kicked in. HOWEVER-> I am hosted with a OVH derivative, soyoustart.[/QUOTE]
Is there a difference? :)
[QUOTE=F14;45294389]Is there a difference? :)[/QUOTE]
Cheaper, same quality. Seems quicker on the support though.
[QUOTE=Phoenixf129;45294436]Cheaper, same quality. Seems quicker on the support though.[/QUOTE]
Fair play sir.
[editline]4th July 2014[/editline]
[QUOTE=F14;45294442]Fair play sir.[/QUOTE]
Phoenixf129,
do you have permanent mitigation on?
[editline]4th July 2014[/editline]
[QUOTE=F14;45294442]Fair play sir.[/QUOTE]
Phoenixf129,
do you have permanent mitigation on?
Also I think I captured an attack, would I be correct when I say the one highlighted is an attack?
[IMG]http://i.gyazo.com/852c8039ed4411076d5d19df3b61f08b.png[/IMG]
[QUOTE=F14;45294442]
-Snip, long post-
[/QUOTE]
It's hard to tell what the attacker is by looking at a capture list, that could be a legitimate user that just so happened to send multiple packets in that small time frame. However, [URL="http://whatismyipaddress.com/ip-lookup"]IP address lookups[/URL] can help you distinguish legitimate users from possible attackers
[QUOTE=F14;45294442]-long and silly-[/QUOTE]
Pro-tip: Look for repeating patterns in packet length, or source ports. Mainly length. You're not going to get DoS'ed by a single IP address except maybe once in a million years, and it's not even going to register above 5mpbs 99.998% of the time. (No, you are not the .002%)
On a sidenote though, if you are still getting DoS'ed, that's kind of hilarious.
[B]Also[/B], you don't even look like you're capturing a part of the attack. The timing between your packets is far too long for an attack...
soyoustart operate differently. You may want to look at their "GAME" range. You'll notice on top of the DDoS Protection, they give you the ability to modify ports and firewall rules (from one of their switches) without the need for ipTables.
I honestly have never installed wireshark, nor any iptables configuration since I moved to soyoustart. I haven't needed to.
I remember talking to some guy about OVH because he was talking about getting hit with DMCAs from old markie mark for a while and OVH just flat-out denies them cos he kept sending in DMCAs with false information and shit
Also heard that when server hosts won't accept DMCAs, you'd better have a host with flexible DOS mitigation and OVH was one of those hosts
[QUOTE=Phoenixf129;45295535]soyoustart operate differently. You may want to look at their "GAME" range. You'll notice on top of the DDoS Protection, they give you the ability to modify ports and firewall rules (from one of their switches) without the need for ipTables.
I honestly have never installed wireshark, nor any iptables configuration since I moved to soyoustart. I haven't needed to.[/QUOTE]
SYS are just a subsidiary and are considered the "Slightly more personal to SME" range of server hosting, with OVH being enterprise and kimsufi being their "absolutely personal" range. All of them use the same support systems, albeit enterprise get actual account managers etc.
Otherwise the wireshark posted above is useless seeing as we can't see packet contents with it.
The wireshark posted above has an outbound packet highlighted :rolleyes:
It is an attack if you're attacking someone ;)
[QUOTE=Blasteh;45298939]The wireshark posted above has an outbound packet highlighted :rolleyes:
It is an attack if you're attacking someone ;)[/QUOTE]
If I attacked someone me dedi would be closed down :rolleye:
Sorry, you need to Log In to post a reply to this thread.
