Anti DDoS

In the past week of playing garrysmod, there have been at least five people who got banned or kicked for griefing and their response is DDoSing the server, making it unplayable even ever after they have disconnected. I would make this myself if I had any knowledge of source, but I don’t, so I would be really grateful if this was made and given to garry to add to the game, or even better, given to valve to stop the problem for all source games. I’ve already sent valve a request for their stance on DDoS and I’ll post it when I get a response.

I don’t really know the technical details behind DDoS so I understand if it may not be possible to defend against, but to anyone who does have an idea and makes it, everyone will be very grateful.

Perhaps this will help with finding solutions.

Most DDoS attacks can’t be dealt with at the application level, they need to be mitigated at the network level.

The source engine is flawed.
The GSP’s are helpless software doesn’t always help.
Using iptables doesn’t always help.
Anyone can obtain access to dos ability now.

Protip: Blacklist CoD4 master server.

cod4master.activision.com

that just stops your server being used in a drdos

It stops DevNull’s reflected dos system from working properly. Since Stan relies on cod4 servers.

This little shit that got his admin demoted keeps ddosing my favorite server. FUCK. I hope valve gets back with my request soon.

What I do when my box is attacked is first start wireshark if I can access the box, then call my datacenter to mitigate the attack. If I have his IP I will email his ISP regarding it and with enough complaints they will do something about it.

You also should make sure people aren’t spamming A2S_INFO packets, which will crash your server, you can find a mod on AlliedModers that will protect it.

There isn’t much you can do about a DDoS except mitigate it or wait it out.

Also, valve wont be able to help me.

That doesn’t work. That just prevents you from looking up CoD4 servers. Stan can still lookup the masterlist and get a list of servers to use against you.

AFAIK what he does is send a packet to the CoD4 master server with your IP spoofed and it sends you the full server list consistently.

[editline]

I guess I am wrong.

A server i’m helping with has been getting hit by cod4, ‘statusRespone’, attacks at 580mbit/s. Then there’s the generic 22mbit source engine query attack which removes the server from the master list.

no, he gets the master serverlist for himself, and then uses this list to get every single COD4 server to send their status info to your server constantly, which allows him to multiply his amount of data sent to you

Example: his server sends a relatively short phrase that looks like this €€€€200 in a packet that says it’s from the target server, and then the server replies to you it it’s entire playerlist, pings, frags, map, gamemode, etc. which is quite a big jump in how much data is being sent to you
now calculate in the… 900 COD4 servers online right now according to gametracker.com

–edit–
oh nvm, it decided to filter out nonUS servers, 6350 servers

Having some sort of automatic system where you get all cod4 and quake3 servers and block all the ips would be pretty sweet

the problem isn’t ignoring the requests as much as it is that the sheer amount of data makes it impossible to process everything to ignore it in the first place

Why doesn’t Activision filter out this problem, then?

Because if they fixed it they wouldn’t make any more money than if they left it

I think the better question is why wouldn’t they add some sort of anti spam to begin with

As long as they make money they won’t care about that problem.
Or they are too busy with releasing the next 20 CoD games.

That’s wrong, if you block the servers in your firewall or iptables or however you do it, it can’t send you the data. it’s not like the server takes in all your data and then goes “Ohhh…nvm, hes blocked delete that !”.

No matter if you have a firewall, iptables, etc., the only thing it can do is prevent traffic from reaching the applications. The packets are still present, and they are still saturating your line. In some cases, those CoD status packets are enough to knock a normal server offline just by purely over-saturating the line.