Strange server behaviour.

[Sibercat]

Strange server behaviour Ram usage was around 50%,seem to be a DDOS Attack ?.

vCPU 2 - Intel Xeon E5-2670 v2

3.75 Mem (GiB)

SSD 1 x 4 30GB

-----------------------------------------------------------------

[RadicalEdward2]

Right now, there's a server that keeps duplicating itself with the same IP.

All of them are Lakeside with the ip 95.91.202.231

All of the them also have the same tongue and cheek name "Fun Server with Bots" but something else that trails off about DDOSs

[Radeon3]

Looks so cryptic, can't tell wheter the server owner tries to send us a message or the ddosser

[iTweek.]

as has a well bored

because yesterday was indeed correct something going .. xDDD

[Bananas]

Don't know what that screenshot is about, but that's really silly. Would highly suggest that whoever did that not give the ddoser laughs.

[TacTicToe]

WELLLLL now that explains why my GSP's DDoS protection keeps kicking in for different strange reasons. These are what I have been receiving lately. I was wondering why this IP on my box kept getting attacked. Good thing they were not able to affect our server. ;-)

(D)DoS attack against your service 
Nov 28 2015 12:10:49 PM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a specific type of UDP flood/18
Filter duration: about 2 days

What does this mean? 
(D)DoS attack against your service 
Nov 28 2015 09:00:21 AM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a flood of UDP traffic from port 111
Filter duration: about 7 days

What does this mean? 
(D)DoS attack against your service 
Nov 28 2015 08:56:52 AM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a flood of TCP traffic from specific ports to specific ports
Filter duration: about 60 minutes

What does this mean? 
(D)DoS attack against your service 
Nov 28 2015 08:45:25 AM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a UDP-based DRDoS through TeamSpeak servers
Filter duration: about 30 minutes

What does this mean? 
(D)DoS attack against your service 
Nov 27 2015 02:33:48 PM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a UDP flood containing the string "statusResponse"
Filter duration: about 7 days

What does this mean? 
(D)DoS attack against your service 
Nov 27 2015 02:20:19 PM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a UDP-based DRDoS through TeamSpeak servers
Filter duration: about 30 minutes

What does this mean? 
(D)DoS attack against your service 
Nov 27 2015 02:14:23 PM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a flood of TCP traffic from specific ports to specific ports
Filter duration: about 60 minutes

What does this mean? 
(D)DoS attack against your service 
Nov 27 2015 02:14:23 PM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a flood of syn-ack TCP traffic from port 80/2
Filter duration: about 8 days

What does this mean? 
(D)DoS attack against your service 
Nov 27 2015 11:04:20 AM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a UDP flood of length-28 packets
Filter duration: about 24 hours

What does this mean? 
(D)DoS attack against your service 
Nov 27 2015 10:51:18 AM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a specific type of UDP flood related to Source engine queries
Filter duration: about 24 hours

What does this mean? 
(D)DoS attack against your service 
Nov 25 2015 10:23:47 PM PT	Our system responded to a (D)DoS against your service with a filter.

Target address: 104.153.104.205
Attack: a UDP flood of length-29 packets
Filter duration: about 24 hours

Edit: Just sent in a support ticket to my GSP to see if there is anything we can do to catch this person.

[boxes]

Edit: Just sent in a support ticket to my GSP to see if there is anything we can do to catch this person.

Hope it goes well.

[TacTicToe]

I have added "DDoS Protected" to the server name to antagonize the bastard. Will increase my chances of catching him. Possibly.

[Chrisjh0223]

What is a GSP? And good luck, I hope you catch the perpetrator.

[Bananas]

"Catching" them is very unlikely. They are using rented booters to attack. There are multiple providers for these services. At best, you would "catch" whoever is selling the services.

If you really want to discuss prevention methods/info with someone, you should contact DoctorB0NG.

[TacTicToe]

GSP = Game Server Provider

[Sibercat]

Most likely some script kiddie paid for a Botnet with this mom's credit card. As a side note, i have added Auto scaling on my server, now Server stays up after a DDoS attack, but people do get dropped from the server when the attack is happening the ping stays at around 900 for a minute or two.

Edit:

This is new, got hit with close to a 3GiB attack for about 5min