[QUOTE=Pantho;34272361]US Host NFOServers are pretty fucking awesome at mitigating it, only on there VPS systems, but they are dedicated VPS and mine are all on e3-1270's so good enough for me :D
EU however, I can't find any magical host that does all the work for me, for now I'm trying some stuff and failing :)[/QUOTE]
The ping and the $$$ kinda stops me being motivated however.
on a good day there are about 7k COD4 servers, because i am feeling generous lets double that amount because not all servers are dedicated and say there are 14k servers. lets say the person is Stan's boyfriend and also has access to the ET exploit adding another 200 servers. That leaves us at about 14200 IP's how the hell did you ever managed to have a 100k IP block list?
On top of that i would like to add that running every packet true a 100K IP block list is very CPU demanding task.
If you are looking for a proper solution i suggest you set up a Virtual Firewall and do DPI
[QUOTE=OldFusion;34272562]on a good day there are about 7k COD4 servers, because i am feeling generous lets double that amount because not all servers are dedicated and say there are 14k servers. lets say the person is Stan's boyfriend and also has access to the ET exploit adding another 200 servers. That leaves us at about 14200 IP's how the hell did you ever managed to have a 100k IP block list?
On top of that i would like to add that running every packet true a 100K IP block list is very CPU demanding task.
If you are looking for a proper solution i suggest you set up a Virtual Firewall and do DPI[/QUOTE]
Because most of them are seemingly fake.
[QUOTE=OldFusion;34272562]on a good day there are about 7k COD4 servers, because i am feeling generous lets double that amount because not all servers are dedicated and say there are 14k servers. lets say the person is Stan's boyfriend and also has access to the ET exploit adding another 200 servers. That leaves us at about 14200 IP's how the hell did you ever managed to have a 100k IP block list?
On top of that i would like to add that running every packet true a 100K IP block list is very CPU demanding task.
If you are looking for a proper solution i suggest you set up a Virtual Firewall and do DPI[/QUOTE]
DNS, ET, Quake, unreal 3 games, some CS servers, cod4.
There are only 5-7k CoD4 servers on the master list, dedicated or otherwise. Although I did give peerblocker a try with just a direct rip from CoD4 master servers and it didn't block many at all, using the list provided in this thread blocked an insane amount.
It is however very CPU demanding.
[QUOTE=Pantho;34272793]DNS, ET, Quake, unreal 3 games, some CS servers, cod4.
There are only 5-7k CoD4 servers on the master list, dedicated or otherwise. Although I did give peerblocker a try with just a direct rip from CoD4 master servers and it didn't block many at all, using the list provided in this thread blocked an insane amount.
It is however very CPU demanding.[/QUOTE]
In retrospect, those lists are about a year old. Next time there is an attack, use wireshark to log packets, remove appropriate IP's and make a list for them.
Easiest way to make a list is in excel and save it as a txt file and remove spaces.
[QUOTE=nuttyboffin;34264235]Why dont we aquire the program, decompile it and have some fun with by telling it to devnull some of the servers devnull client talks with or somthing?[/QUOTE]
a. This wouldn't work because his server does the attacking, all the client does it send a packet to his server saying where to attack.
b. Why don't you just make your own script? Its not that overly complicated..
A DRDoS script can easily be made with a batch/shell script and a simple UDP packet sender.
Why not start going after the ones using DevNull if you cannot go after the one who makes it? Scare the kids away from using it.
Set up a dummy server, record the IP addresses of people who come in and threaten to DDoS the server, and if the server's DDoS'd the second the kids leave, use your own DDoSer to DDoS the DevNull users' Internet connections. Knock 'em offline for a while.
If you don't have access to a botnet, maybe some concerned GMod users could set up a community botnet for the purpose of DDoSing DevNull users?
[QUOTE=SPESSMEHREN;34280120]
If you don't have access to a botnet, maybe some concerned GMod users could set up a community botnet for the purpose of DDoSing DevNull users?[/QUOTE]
That's the stupidest thing I've read in 2012.
SOPA will stop DDoS! +1 SOPA !!!
Its a conspiracy! Wikipedia and all the other sites that closed are seths otsher servers.
VOTE FOR SOAP WOO!
[QUOTE=Charrax;34281022]SOPA will stop DDoS! +1 SOPA !!!
Its a conspiracy! Wikipedia and all the other sites that closed are seths otsher servers.
VOTE FOR SOAP WOO![/QUOTE]
Most of my posts are dumb, but this one tops it.
[QUOTE=FaceLurker;34280566]That's the stupidest thing I've read in 2012.[/QUOTE]
No, the stupidest thing I've read in 2012 is about 99% of the posts in DevNull threads.
At least I'm brainstorming instead of going around in endless circles
Holy shit, I used to play PG all the time.
And now it's gone because of retarded fucking asshole 10 year olds.
[QUOTE=Hailedbean;34281578]Most of my posts are dumb, but this one tops it.[/QUOTE]
Cant understand sarcasm i guess.
[QUOTE=343N;34302174]Holy shit, I used to play PG all the time.
And now it's gone because of retarded fucking asshole 10 year olds.[/QUOTE]
Things like this will either make or break online gaming.
wow stan u ruined my life i want to play gmod and 10 year olds ddos my server wtf
Is there any progress on this? Cause i would like to be able to play GMOD again without constantly ddos. It ruins the fun really.
I have a question, does the DevNull program send the packets to a specific port (say 27015) or is it just which ever port it feels like it or what?
Which ever port, that is why it could also be used to attack websites.
[QUOTE=Chessnut;34398870]Which ever port, that is why it could also be used to attack websites.[/QUOTE]
I guess then you can specify which port it attacks?
[QUOTE=frosty802;34399090]I guess then you can specify which port it attacks?[/QUOTE]
Why do you want to know?
[QUOTE=frosty802;34399090]I guess then you can specify which port it attacks?[/QUOTE]
Yes, you can specify which port it attacks.
[QUOTE=Chrik;34412209]Why do you want to know?[/QUOTE]
Just want to know if I can do some port blocking or detection or w/e.
Seeing as you can just makes it harder. Stateful Packet Inspection consumes time and resource but in this case might have to be used to detect the packets and drop them.
Can someone PM me or post the contents of the packets it sends? Including packet headers. Thanks.
[QUOTE=frosty802;34414011]Just want to know if I can do some port blocking or detection or w/e.
Seeing as you can just makes it harder. Stateful Packet Inspection consumes time and resource but in this case might have to be used to detect the packets and drop them.
Can someone PM me or post the contents of the packets it sends? Including packet headers. Thanks.[/QUOTE]
The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.
[QUOTE=hexpunK;34416586]The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.[/QUOTE]
I do know you know lol. But I was just asking as it would be useful to tell the System Admin at the DC were I work to add some rules for it to the main firewalls. Therefore anyone that does have a gameserver inside will hopefully be protected against the main cause.
[QUOTE=hexpunK;34416586]The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.[/QUOTE]
I think you'll find most of the time its the quantity of packets being sent not the size that does it.
[img]http://i0.kym-cdn.com/entries/icons/original/000/000/554/facepalm.jpg[/img]
[img]http://puu.sh/f9Rz[/img]
Anyone seen this yet? [url]http://rankgamehosting.ru/index.php?showtopic=1320[/url]
[QUOTE=Ruzza;34468076]
Anyone seen this yet? [url]http://rankgamehosting.ru/index.php?showtopic=1320[/url][/QUOTE]
does that work for srcds
i don't think it blocks 'statusResponse' stuff, only getStatus stuff
[QUOTE=Ruzza;34468076][img]http://i0.kym-cdn.com/entries/icons/original/000/000/554/facepalm.jpg[/img]
[img]http://puu.sh/f9Rz[/img]
Anyone seen this yet? [url]http://rankgamehosting.ru/index.php?showtopic=1320[/url][/QUOTE]
I found your DDoS problem so I made an illustration to help you.
[img]http://dl.dropbox.com/u/5601782/ss%20%282012-01-31%20at%2010.png[/img]
[QUOTE=slayer3032;34468978]I found your DDoS problem so I made an illustration to help you.
[img]http://dl.dropbox.com/u/5601782/ss%20%282012-01-31%20at%2010.png[/img][/QUOTE]
I was referring to the type of the attack, not what OS I'm running.
Sorry, you need to Log In to post a reply to this thread.
