Jump to content

Need better DDos Proof Servers


TK0104

Recommended Posts

oh ovh has reported them to analyze with the ASA. Since I myself überhaubt not access more strikes have.

Sign in again tomorrow ... not really -.-

I myself have since Friday no access to the root :-D

this ddos is time Friday permanently. I wonder how many botnets has and how much he spends it well

once the server and then on the other.

Link to comment
Share on other sites

Ask your provider if they support BCP38. It is one of the first things you need against UDP flood and TCP SYN attacks. Inspecting the packets on your server is already too late, because they have reached you, so you need something in front of your UDK server. If a separate router is too costly, then consider taking a virtual dedicated server as gateway !

If the provider does not support this, find one that do support this and you will probably get rid of this script kiddie !!!

It's not too late because the attacks do not get close to saturating the NIC interface on the server.

The attacks are easily filtered through targeted iptables rules. This is how I blocked them in the fall and it works very well. No need to reinvent the wheel here, folks.

I'm just waiting for my OVH box to get set up and well be up and running.

Link to comment
Share on other sites

  • Totem Arts Staff
RenX exclusively uses UDP. The attacks are targeted at the UDP port that the game server is bound to.

@cronus How big did the caps end up being after a day? Did you have TCP dump running with a time parameter instead of a packet limit parameter?

I just through it together quick to do a packet limit parameter, figured out about how much runs in a minute. I think when I calculated I had like 1-3 months to clear old pcaps. I think I only had 100GB free at the time. So its a great quick solution to get the pcaps, just check disk space every month or two heh

I just checked my old logs, and for 3 days ish work of pcaps it was 6GB

The only problem with that is if we run the dump every X seconds with the duration parameter specified in total packets, there's a high probability that we'll either miss some packets or run overlapping dumps.

How did you work around this?

There wasn't anything to workaround, it just worked, considering the floods are several hundred to thousand packets, its very easy to capture quite a few of the malicious packets.

Link to comment
Share on other sites

  • Totem Arts Staff
Ask your provider if they support BCP38. It is one of the first things you need against UDP flood and TCP SYN attacks. Inspecting the packets on your server is already too late, because they have reached you, so you need something in front of your UDK server. If a separate router is too costly, then consider taking a virtual dedicated server as gateway !

If the provider does not support this, find one that do support this and you will probably get rid of this script kiddie !!!

It's not too late because the attacks do not get close to saturating the NIC interface on the server.

The attacks are easily filtered through targeted iptables rules. This is how I blocked them in the fall and it works very well. No need to reinvent the wheel here, folks.

I'm just waiting for my OVH box to get set up and well be up and running.

Unfortunately we are reinventing the wheel.... in public this time.

Link to comment
Share on other sites

Sorry to interrupt the professional conversation, I am just coming from the game. If a server was not crashing, some hacker was having a field day, and with elaborate hacks he ruined the game for everybody. Moreover he was a troll too. After we kicked him out, he was coming back with other player's nicknames, made us understood we couldn't ban him, because he is defended by proxies. (Would be good if you couldn't change your nick into an already taken name). After a server died he followed us to the next one to ruin the game over there as well. By the way I am a bit unsure, but later it was like he had multiple characters simultaneously. We kicked one out, the hacking was continued. Or there were two hackers... It is interesting one or two person(s) can wreck a community's joy. How long until we can play again without the vulnerable servers? I understand the advice, that we should be constructive on this topic, because He-Who-Must-Not-Be-Named is watching us, but I thought I'd share this with you.

Link to comment
Share on other sites

After we kicked him out, he was coming back with other player's nicknames, made us understood we couldn't ban him, because he is defended by proxies. (Would be good if you couldn't change your nick into an already taken name).

Well, you can't change your username into someone else's name if it's protected by Steam. I know in one of Kenz3001's videos he had an issue where the game or Steam PMed him "You are using a protected username, you will be kicked out if you don't authenticate within 30 seconds." So some people DO have protected usernames; I advise RenX players to use Steam to safeguard their usernames.

Link to comment
Share on other sites

  • Totem Arts Staff
I still do not think that dealing with the packages directly on the application server is a good approach to solve the issue.

The purpose of DDOS is exactly that, to flood the server until there is no response.

Imagine a situation having a bus that can transport 60 passengers. But you have 200 on the bus station.

So, letting all 200 in the bus and then trying to make order and get 140 out of the bus would not be the best approach!

You would never get an order and your bus would not leave the station.

Good approach would be to select those 60 passengers directly on the bus station, and allow JUST them to get on the bus. The rest of 140 stays out.

Of course, you can try getting a better server(bigger BUS) and hope to be able to deal with the amount of packages that are used currently. But, as you can buy better hardware, he can increase the amount of packages being sent !

We have been easily mitigating the large attacks, the attacks he is doing is against the application, so the ONLY way is to packet capture and make rules to drop those malicious packets. Trust me on this b0ng has it in the bag, It works everytime. It just costs more $$$ and therefore if there are no attacks we don't spend the money on it.

All in All, b0ng knows how to resolve it, he did, we did what he told us. No DDoS attacks harm us then. :)

Link to comment
Share on other sites

  • Totem Arts Staff

No it doesn't take long. B0ng just has a different job than he did way back, and hasn't had time to setup the servers. Its literally sitting there waiting for him to install, I'll try to help him this weekend with it if he needs help. We don't even need the pcaps from attacks to stop it, b0ng already has 90% of his attack types blocked. It just takes time to setup the infrastructure again as I already said.

I don't see us using a VPN to limit traffic. This is an open game for anyone that downloads it can play. Sorry that wouldn't work.

That being said, thank you for speaking up and trying to help, not many around here understand attacks or linux for that matter. It's much appreciated.

Link to comment
Share on other sites

  • Totem Arts Staff

I've put up a DDoS Protected server until B0ng gets his up.

[uSA]MPForums.com AOW [DDoS Protected]

74.91.113.100:7777

It uses all of b0ng's filters to block the ddos, in fact while i was sleeping at 4:15am Central we got attacked and I observed logs and saw no harm coming to the server.

Link to comment
Share on other sites

I've put up a DDoS Protected server until B0ng gets his up.

[uSA]MPForums.com AOW [DDoS Protected]

74.91.113.100:7777

It uses all of b0ng's filters to block the ddos, in fact while i was sleeping at 4:15am Central we got attacked and I observed logs and saw no harm coming to the server.

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

Link to comment
Share on other sites

  • Totem Arts Staff

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

The only attacks were 12 hours ago, it could be possible we restarted the server or something? I didn't setup an IRC bot until a few hours ago so im watching it now more closely.

Also irc is at irc.cncirc.net #MPF-RenegadeX

Link to comment
Share on other sites

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

The only attacks were 12 hours ago, it could be possible we restarted the server or something? I didn't setup an IRC bot until a few hours ago so im watching it now more closely.

Also irc is at irc.cncirc.net #MPF-RenegadeX

No clue how you did it, but bless you sir.

Link to comment
Share on other sites

  • Totem Arts Staff

Don't want to break the optimism, but I joined the server today (like 7 hours before this post) and people explained it was down at least twice. While I played (2 hours) it stayed up.

Thx for your effort btw!

The only attacks were 12 hours ago, it could be possible we restarted the server or something? I didn't setup an IRC bot until a few hours ago so im watching it now more closely.

Also irc is at irc.cncirc.net #MPF-RenegadeX

No clue how you did it, but bless you sir.

I followed b0ngs help, Thank him too. :)

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...