Need better DDos Proof Servers

[iTweek.]

oh ovh has reported them to analyze with the ASA. Since I myself überhaubt not access more strikes have.

Sign in again tomorrow ... not really -.-

I myself have since Friday no access to the root :-D

this ddos is time Friday permanently. I wonder how many botnets has and how much he spends it well

once the server and then on the other.

[ex_member]

...

Edited September 22, 2018 by ex_member

[iTweek.]

let's see what the write tomorrow.

if not even "good" harware firewall that can stop .. mass instead of class. whether a dedicated server can stop, unlikely

wait and coffee. Now it's ok to work on the maps

[DoctorB0NG]

Ask your provider if they support BCP38. It is one of the first things you need against UDP flood and TCP SYN attacks. Inspecting the packets on your server is already too late, because they have reached you, so you need something in front of your UDK server. If a separate router is too costly, then consider taking a virtual dedicated server as gateway !

If the provider does not support this, find one that do support this and you will probably get rid of this script kiddie !!!

It's not too late because the attacks do not get close to saturating the NIC interface on the server.

The attacks are easily filtered through targeted iptables rules. This is how I blocked them in the fall and it works very well. No need to reinvent the wheel here, folks.

I'm just waiting for my OVH box to get set up and well be up and running.

[Cronus]

RenX exclusively uses UDP. The attacks are targeted at the UDP port that the game server is bound to.

@cronus How big did the caps end up being after a day? Did you have TCP dump running with a time parameter instead of a packet limit parameter?

I just through it together quick to do a packet limit parameter, figured out about how much runs in a minute. I think when I calculated I had like 1-3 months to clear old pcaps. I think I only had 100GB free at the time. So its a great quick solution to get the pcaps, just check disk space every month or two heh

I just checked my old logs, and for 3 days ish work of pcaps it was 6GB

The only problem with that is if we run the dump every X seconds with the duration parameter specified in total packets, there's a high probability that we'll either miss some packets or run overlapping dumps.

How did you work around this?

There wasn't anything to workaround, it just worked, considering the floods are several hundred to thousand packets, its very easy to capture quite a few of the malicious packets.

[ex_member]

...

Edited September 22, 2018 by ex_member

[yosh56]

Ask your provider if they support BCP38. It is one of the first things you need against UDP flood and TCP SYN attacks. Inspecting the packets on your server is already too late, because they have reached you, so you need something in front of your UDK server. If a separate router is too costly, then consider taking a virtual dedicated server as gateway !

If the provider does not support this, find one that do support this and you will probably get rid of this script kiddie !!!

It's not too late because the attacks do not get close to saturating the NIC interface on the server.

The attacks are easily filtered through targeted iptables rules. This is how I blocked them in the fall and it works very well. No need to reinvent the wheel here, folks.

I'm just waiting for my OVH box to get set up and well be up and running.

Unfortunately we are reinventing the wheel.... in public this time.

[Cronus]

I forgot to mention @b0ng It would only start a new capture after the previous capture ended. It wasn't starting it every X amount of packets no matter if the previous finished or not, it waited.

[DoctorB0NG]

My OVH server is deployed so now I just need to configure it. Hopefully I have time tonight but I might not.

[Ryz]

My OVH server is deployed so now I just need to configure it. Hopefully I have time tonight but I might not.

Hope you have!

Maybe some people can motivate you a bit more by donating on the bottom of this page:

http://tyrant.gg/

[DoctorB0NG]

I'll probably start working on it on lunch break but the part that's gonna take the longest is updating windoze server so that I can install visual c++ 2015 for Agent's bot.

[Profane Pagan]

Sorry to interrupt the professional conversation, I am just coming from the game. If a server was not crashing, some hacker was having a field day, and with elaborate hacks he ruined the game for everybody. Moreover he was a troll too. After we kicked him out, he was coming back with other player's nicknames, made us understood we couldn't ban him, because he is defended by proxies. (Would be good if you couldn't change your nick into an already taken name). After a server died he followed us to the next one to ruin the game over there as well. By the way I am a bit unsure, but later it was like he had multiple characters simultaneously. We kicked one out, the hacking was continued. Or there were two hackers... It is interesting one or two person(s) can wreck a community's joy. How long until we can play again without the vulnerable servers? I understand the advice, that we should be constructive on this topic, because He-Who-Must-Not-Be-Named is watching us, but I thought I'd share this with you.

[DoctorB0NG]

http://tyrant.gg/showthread.php?tid=437 ... 90#pid2390

[Chrisjh0223]

After we kicked him out, he was coming back with other player's nicknames, made us understood we couldn't ban him, because he is defended by proxies. (Would be good if you couldn't change your nick into an already taken name).

Well, you can't change your username into someone else's name if it's protected by Steam. I know in one of Kenz3001's videos he had an issue where the game or Steam PMed him "You are using a protected username, you will be kicked out if you don't authenticate within 30 seconds." So some people DO have protected usernames; I advise RenX players to use Steam to safeguard their usernames.

[Fffreak9999]

That may be a developer protection?

[Profane Pagan]

Well, something just crossed my mind today. I should be really thankful for your efforts, building Renegade X up. Thank you Bong! and thank you many others for your continous work against DDoS, and everything else!

[joe_]

I have some server experience (mainly Linux). If any grunt work is needed send me a PM. Happy to help any way I can.

... I miss my Renegade time!

[iTweek.]

success well smaller. The server does not smear more from through the new filter, but still remain laags.

edit:

okey laggt I can control via software. Now he does it with earth .. 780mb / s, according to website.

server is now completely unreachable

wait wait^^

[ex_member]

...

Edited September 22, 2018 by ex_member

[iTweek.]

correctly identified. Bong or I tuhen already user best cost efficiency, the server to operate.

[Cronus]

I still do not think that dealing with the packages directly on the application server is a good approach to solve the issue.

The purpose of DDOS is exactly that, to flood the server until there is no response.

Imagine a situation having a bus that can transport 60 passengers. But you have 200 on the bus station.

So, letting all 200 in the bus and then trying to make order and get 140 out of the bus would not be the best approach!

You would never get an order and your bus would not leave the station.

Good approach would be to select those 60 passengers directly on the bus station, and allow JUST them to get on the bus. The rest of 140 stays out.

Of course, you can try getting a better server(bigger BUS) and hope to be able to deal with the amount of packages that are used currently. But, as you can buy better hardware, he can increase the amount of packages being sent !

We have been easily mitigating the large attacks, the attacks he is doing is against the application, so the ONLY way is to packet capture and make rules to drop those malicious packets. Trust me on this b0ng has it in the bag, It works everytime. It just costs more $$$ and therefore if there are no attacks we don't spend the money on it.

All in All, b0ng knows how to resolve it, he did, we did what he told us. No DDoS attacks harm us then.

[iTweek.]

I doubt but gaze times

[Cronus]

I'm sorry iTweek but your english is not the greatest and I really have a hard time understanding what you say.

[iTweek.]

Yes I know..

[ex_member]

...

Edited September 22, 2018 by ex_member

[Cronus]

No it doesn't take long. B0ng just has a different job than he did way back, and hasn't had time to setup the servers. Its literally sitting there waiting for him to install, I'll try to help him this weekend with it if he needs help. We don't even need the pcaps from attacks to stop it, b0ng already has 90% of his attack types blocked. It just takes time to setup the infrastructure again as I already said.

I don't see us using a VPN to limit traffic. This is an open game for anyone that downloads it can play. Sorry that wouldn't work.

That being said, thank you for speaking up and trying to help, not many around here understand attacks or linux for that matter. It's much appreciated.

[Flamezz|Ninja]

I have a question.. can passworded servers be DDOSed even if the attacker doesnt know the password?

[Fffreak9999]

Yes, it makes no difference

[Cronus]

I've put up a DDoS Protected server until B0ng gets his up.

[uSA]MPForums.com AOW [DDoS Protected]

74.91.113.100:7777

It uses all of b0ng's filters to block the ddos, in fact while i was sleeping at 4:15am Central we got attacked and I observed logs and saw no harm coming to the server.

[Profane Pagan]

Thank you!

4:15 central time? Did that ass automatize the DDoS attacks?!

[Ryz]

I've put up a DDoS Protected server until B0ng gets his up.

[uSA]MPForums.com AOW [DDoS Protected]

74.91.113.100:7777

It uses all of b0ng's filters to block the ddos, in fact while i was sleeping at 4:15am Central we got attacked and I observed logs and saw no harm coming to the server.

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

[Cronus]

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

The only attacks were 12 hours ago, it could be possible we restarted the server or something? I didn't setup an IRC bot until a few hours ago so im watching it now more closely.

Also irc is at irc.cncirc.net #MPF-RenegadeX

[RoundShades]

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

The only attacks were 12 hours ago, it could be possible we restarted the server or something? I didn't setup an IRC bot until a few hours ago so im watching it now more closely.

Also irc is at irc.cncirc.net #MPF-RenegadeX

No clue how you did it, but bless you sir.

[Ryz]

Have to say the server by Cronus is very stable now, good job!

[Cronus]

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

The only attacks were 12 hours ago, it could be possible we restarted the server or something? I didn't setup an IRC bot until a few hours ago so im watching it now more closely.

Also irc is at irc.cncirc.net #MPF-RenegadeX

No clue how you did it, but bless you sir.

I followed b0ngs help, Thank him too.

[Cronus]

I've got my server online and ddos protected.

[Ks.ol]

it is a pity that I ping 180-190, does not work normally play(