Page 1 of 3 123 LastLast
Results 1 to 25 of 55

Thread: DDOS ?

  1. #1
    Join Date
    Sep 2008
    Posts
    104

    DDOS ?

    Guys I may sound stupid but I wonder about this graph.
    If I understand correct blue line shows "out going bandwidth".
    Question is:
    Is my server getting attacked or my server attacc someone else do to some trojan?

    http://silentsoldiers.net/forum/images/ddos.bmp

    Thanks

  2. #2
    Join Date
    Jun 2009
    Location
    California
    Posts
    509
    Looks like your server is attacking someone else.

  3. #3
    Join Date
    Apr 2011
    Posts
    74
    It's yours sending "things" out...check it further and act faster ( this or next time )

  4. #4
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by MikeJohnson View Post
    Looks like your server is attacking someone else.
    To be honest my server has fresh install of windows 2008 R2 OEM.
    I only have couple game servers on it.
    So I wonder how the hell I get any kind of trojan on my server.

    Thanks!

  5. #5
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by MBGear View Post
    It's yours sending "things" out...check it further and act faster ( this or next time )
    I wish !!! problem is when this happend I can't even access my server.
    Will have to ask datacenter to put my idrack to separate port.

  6. #6
    Join Date
    Apr 2011
    Posts
    74
    Take backups of what you need and then fully collaborate with your provider to resolve this and even better investigate further. Do it fast because these things could cost you money!

  7. #7
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by MBGear View Post
    Take backups of what you need and then fully collaborate with your provider to resolve this and even better investigate further. Do it fast because these things could cost you money!
    I want to ask if anyone can give me an idea what can I do to find the solution.
    As you know every datacenter don't care about customers issues.
    example from last night i request information and they told me that i getting hit with ddos: they did not provide Ip's or any help what so ever.
    May be someone know some software can trace or monitor activities?
    Do to w2k8 has nonething to do such a thing.
    Thanks.

  8. #8
    Join Date
    Aug 2010
    Location
    Berkshire, UK.
    Posts
    161
    Quote Originally Posted by dxds View Post
    As you know every datacenter don't care about customers issues.
    That is a very bold statement that i would totally disagree with.


    First questions i would raise would be;

    Are you the only user with access to remote desktop?
    You said the server has game servers on, Do you run any sort of Game Control Panel?
    What kind of games are you hosting?
    Do you have a firewall installed?

  9. #9
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by Rob-Rackedeu View Post
    That is a very bold statement that i would totally disagree with.


    First questions i would raise would be;

    Are you the only user with access to remote desktop?
    You said the server has game servers on, Do you run any sort of Game Control Panel?
    What kind of games are you hosting?
    Do you have a firewall installed?
    1) Firewall installed.
    2) Only I have access to RDP
    3) Game: CS 1.6 Dedicated server
    4) Clean OEM Win2k8 not pirated like allot of people using.
    5) No control Panel for Gaming server.

  10. #10
    Join Date
    Aug 2010
    Location
    Berkshire, UK.
    Posts
    161
    Ok great,

    Does your firewall provide any sort of information in regards to incoming/outgoing connections? If it does it should be able to provide information and possibly current network usage of each outgoing connection. It may also show or tell you what program is utalising that connection.

    Do you run any 3rd party modifications for the CS servers? Any perl scripts or such like?

    Regards

  11. #11
    Join Date
    Sep 2008
    Posts
    104

    * Sick of low end losers who has no life

    Quote Originally Posted by Rob-Rackedeu View Post
    Ok great,

    Does your firewall provide any sort of information in regards to incoming/outgoing connections? If it does it should be able to provide information and possibly current network usage of each outgoing connection. It may also show or tell you what program is utalising that connection.

    Do you run any 3rd party modifications for the CS servers? Any perl scripts or such like?

    Regards
    I am waiting on data-center to move my iDRACK port to another switch.
    Because all my NIC's on R610 connected to same renter switch right now.
    Do to heavy DDOS my connection to the RDP times out.
    Have to wait for respond.
    Also wonder if any 3rd party software for Win OS can detect ddos and notify me when this happening at list give logs what ips was trying ddos me.

  12. #12
    Quote Originally Posted by dxds View Post
    I am waiting on data-center to move my iDRACK port to another switch.
    Because all my NIC's on R610 connected to same renter switch right now.
    Do to heavy DDOS my connection to the RDP times out.
    Have to wait for respond.
    Also wonder if any 3rd party software for Win OS can detect ddos and notify me when this happening at list give logs what ips was trying ddos me.
    There's software called "snort" that should help you out.

  13. #13
    Join Date
    Aug 2009
    Location
    United Kingdom
    Posts
    388
    Quote Originally Posted by dxds View Post
    As you know every datacenter don't care about customers issues.
    I'm quite sure that if you were to tell the DC that you were DDoSing someone, they would be cared!

    Quote Originally Posted by dxds View Post
    Also wonder if any 3rd party software for Win OS can detect ddos and notify me when this happening at list give logs what ips was trying ddos me.
    Going by those graphs, you are NOT getting DDoS'd, you are however sending a DDoS out. Either that or you are having a heck of a traffic spike!!

    Try connecting to remote desktop and opening up resource monitor. Under networking, expand it and click on the Out B/s or Send B/s (can't remember) It'll tell you what process is sending out the most traffic.
    Last edited by Tom,; 05-20-2011 at 09:38 PM. Reason: forgot to add the bottom solution bit!
    .

  14. #14
    Is the graph actually reporting backwards? I've seen it several times before, consult your provider to confirm. In regards to sending a DDOS, it would be a DOS if it was

  15. #15
    It could be the graph from the switch - outbound from the switch (to the server) = incoming DoS.

  16. #16
    Join Date
    Sep 2008
    Posts
    104
    OK just find out what is going on.
    1) this is not comming from my server.
    2) This is true ddos ( more like udp flood from China and Russia )
    Today was most beutiful attack 100Mbps for 12 hours none stop.
    As i quote before Data Center won't help.
    Tech support offering solution that will cost me $15.000 per month and that a bunch of crap.
    I do not need 1Gbps pipe line and cisco equipment because someone has no life.
    Thanks

  17. #17
    Join Date
    Sep 2008
    Posts
    104
    I just made a video so you guys can see UDP flood.
    Wonder if anyone know solution for this.

    http://www.screencast.com/t/Lw6Y7vxI0

    Thx

  18. #18
    Join Date
    May 2008
    Posts
    117
    You have 3 options:
    1. Close down your server.
    2. Stay up and suffer under skiddies DDoS attack.
    3. Buy 1Gbps pipe and hope they wont waste all your bandwidth.

    Third option would be best.

    Just a question are you hosting with Colostore?

  19. #19
    Join Date
    Jan 2008
    Location
    Europe
    Posts
    779
    4th option - Move to a ddos protected host or proxy behind a ddos protection provider

  20. #20
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    It would be much cheaper and faster to actually host with the DDoS protected provider vs. using a proxy.

  21. #21
    Join Date
    May 2008
    Posts
    117
    Proxying game servers is not good thing to do.
    DDoS protected dedicated will be probably more than +15$/month but who know.

  22. #22
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by MMrs View Post
    You have 3 options:
    1. Close down your server.
    2. Stay up and suffer under skiddies DDoS attack.
    3. Buy 1Gbps pipe and hope they wont waste all your bandwidth.

    Third option would be best.

    Just a question are you hosting with Colostore?
    Yes colostore I collocate my R610 x5500 server there.

  23. #23
    Join Date
    Sep 2008
    Posts
    104
    Also best solution is to send a 1u server to datacenter and use that server as firewall with custom script.

  24. #24
    Join Date
    Oct 2002
    Location
    Vancouver, B.C.
    Posts
    2,699
    Quote Originally Posted by dxds View Post
    I just made a video so you guys can see UDP flood.
    Wonder if anyone know solution for this.

    http://www.screencast.com/t/Lw6Y7vxI0

    Thx
    Do you have any legitimate UDP traffic? If not, a simple ACL at your provider's edge, or instated by their transits on their behalf, would be an effective way of dealing with attacks that can be easily identified. So long as you're not being attacked on the same port and protocol as your legitimate services, this would be your best bet as it doesn't require any specialized DDoS mitigation hardware.

    If your provider is unable or unwilling to implement such measures, you may want to consider switching to a provider that is.
    ASTUTE INTERNET: Advanced, customized, and scalable solutions with AS54527 Premium Performance and Canadian Optimized Network (Level3, Shaw, CogecoPeer1, GTT/Tinet),
    AS63213 Cost Effective High Performance Network (Cogent, HE, GTT/Tinet)
    Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami

  25. #25
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    UDP floods are by far the easiest to mitigate. The real problematic attacks are TCP, especially HTTP GET.

Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 10-14-2010, 05:52 PM
  2. Replies: 0
    Last Post: 10-03-2010, 12:39 PM
  3. Replies: 7
    Last Post: 01-17-2007, 12:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •