Results 26 to 50 of 55
Thread: DDOS ?
-
05-22-2011, 04:38 PM #26WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
From what I have seen they are picked on UDP port 27015
Problem was windows OS does not have anything against this.
I have tried block UDP TCP etc...... and flood still used 50% to 90% of network resources.
Also let say i don't run game server all ports are blocked from in and out including local: As long NIC with that IP up and running flood pounding.
Who ever attack that IP they could pick any port and still used 90% of network resources.
From what I learned they used spoofed IP's send 1 UDP packet and dropped.
With 100 requests in interval of 1 sec no matter what you do, Win OS will be screwed by such attack.
As of right now I contact www.serverwizards.com and they told me that with custom script they can stop this nonsense.
I have spare 1u server ready to ship to datacenter with www.skynet-solutions.net software and hope this will help.
From previous reply's I have seen people offering to get 1GB pipe line, and i think no matter how big pipe line with botnet it will not able to handle it.
Trust me 11 year old game not a best idea to invest money in to
Reason they attacked because server reached #1 rank in the world and some people jealous.
Thanks
-
05-22-2011, 11:01 PM #27WHT Addict
- Join Date
- Apr 2007
- Posts
- 139
the games are licensed or cracked ?
if cracked , propably that would be the reason
-
05-23-2011, 02:56 AM #28WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
From my point of view your post don't make any sense.
Server is licensed.
FYI: I will not spend $$ for the server + Windows OS + colocation to run illegal stuff and don't recommend anyone else to do so.
I just so another post who got hit with 25Gb DDOS.. "I guess he/she runs illegal business "
Maybe every who get hit with DDOS runs illegal service?
Thanks.Last edited by dxds; 05-23-2011 at 03:09 AM.
-
05-23-2011, 04:00 AM #29Newbie
- Join Date
- Mar 2010
- Posts
- 5
Greetings,
Can someone please provide some good DDOS Protected VPS providers?
Best Regards,
Abhijit
-
05-23-2011, 05:56 AM #30Newbie
- Join Date
- May 2011
- Posts
- 17
DDOS means "Distributed Denial of Service (network attack)"
-
05-23-2011, 11:14 AM #31WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
Visit NFO VPS they provide good protection.
NFO = http://www.nfoservers.com/
Also you can check promo code for nfo on www.webhostingtalk.
-
05-23-2011, 01:41 PM #32Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
Sir, you have a rootkit. Or as the techies might say, "Man, you've been ROOTED!" In other words, someone has compromised your server and planted software that grants server privileges without your knowledge, most likely for the purpose of launching a DDoS attack from your machine.
Shutting down your server won't help, because the same behavior will start again as soon as you reboot. Buying more bandwidth won't solve the problem either, since the rootkit will consume whatever bandwidth you give it. Buying more bandwidth to fight a DDoS attack makes about as much sense as a bank obtaining additional cash to keep in their vault to prevent bank robberies.
The way to fight this is to simply identify the rootkit and remove it. Install something like chkrootkit or rkhunter and see what it finds.
Do this:
# cd /tmp
# wget http://entomy.com/chkrootkit.tar.gz
# tar –xzvf chkrootkit.tar.gz
# mkdir /usr/local/chkrootkit
# mv /tmp/chkrootkit*/* /usr/local/chkroorkit
# cd /usr/local/chkrootkit
# make sense
That last line will take a minute to run. To test run the scanner issue the following command.
# /usr/local/chkrootkit/./chkrootkit
Setup a cron job to scan your system for rootkits every day. Run it with this command to have the result emailed to you for review.
/usr/local/chkrootkit/./chkrootkit | mail -s 'CHKROOTKIT for server1' you@email.com
You will need to change you@email.com to your actual email address. You can also modify 'CHKROOTKIT for server1' to describe your particular server, since the text between those single-quotes will be the subject of the email sent to you.Last edited by ajonate; 05-23-2011 at 01:53 PM.
-
05-23-2011, 05:57 PM #33WHT Addict
- Join Date
- May 2008
- Posts
- 117
Is it Conter Strike or any other Valve game? Because Valve uses mostly UDP port 27015 for their game servers.
Also you cant block that malicious traffic with your server. Only way to 'get ride' of it is getting higher pipe or blocking it before it hits your server.
-
05-23-2011, 06:11 PM #34Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
Sure you can, depending on the type of malicious traffic of course. You can turn a lot of it away at the server level. Mod_evasive can convert a web request into a simple "error 403" text response on certain behavior. You can also block malicious traffic at the server level using mod_security and APF (Advanced Policy Firewall) when other types of suspicious behavior is detected.
You can make your server a tough enough customer that a lot of vandals will give up on you, and do it all using open source software on the server level.
-
05-23-2011, 06:26 PM #35WHT Addict
- Join Date
- May 2008
- Posts
- 117
First of its not HTTP attack and its not even TCP traffic.
Second even one attacking server that has higher pipe then yours is able to kill your server connection with UDP flood and you cant do nothing but wait and hope that your hosting company will block that traffic before it hits your server.
-
05-23-2011, 07:00 PM #36Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
-
05-24-2011, 01:49 AM #37WHT Addict
- Join Date
- May 2008
- Posts
- 117
-
05-24-2011, 01:57 AM #38Web Hosting Guru
- Join Date
- Jun 2007
- Posts
- 264
That's obscure. How well would the firewall scale to block the port is the question. Think simple and react, base the next step based on that.
-
05-24-2011, 02:05 AM #39Newbie
- Join Date
- Apr 2011
- Posts
- 7
Your server may be attacked.
this is my point of view.
-
05-24-2011, 02:08 AM #40Web Hosting Guru
- Join Date
- Jun 2007
- Posts
- 264
what makes you say that?
-
05-24-2011, 02:27 AM #41Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
I believe that it automatically bans the IP address for a specified amount of time when it detects suspicious behavior.
The firewall also subscribes to several monitoring services, if you configure it that way, so an IP address that's on a rampage may already be blocked before the attack even begins.
-
05-24-2011, 02:32 AM #42Web Hosting Guru
- Join Date
- Jun 2007
- Posts
- 264
How do you know? Do you know the Op's setup? Another paid human bot perhaps?
-
05-24-2011, 02:39 AM #43Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
-
05-24-2011, 02:41 AM #44Web Hosting Guru
- Join Date
- Jun 2007
- Posts
- 264
-
05-24-2011, 04:25 AM #45WHT Addict
- Join Date
- Dec 2005
- Location
- The Netherlands
- Posts
- 107
-
05-24-2011, 10:12 AM #46WHT Addict
- Join Date
- May 2008
- Posts
- 117
-
05-24-2011, 10:24 AM #47Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
-
05-24-2011, 12:33 PM #48WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
Some people miss read
Ok now I have seen everything.
Seems allot of people confused so let me clear some of the stuff.
#1
ajonate: I don't have Linux firewall installed or Linux server.
So I am not sure about your post about regarding a rootkit.
#2
MMrs: I would like to point out that when I made video of the attack cs server was offline and all port was blocked ( I meen ALL In OUT every port on the server was blocked. ) Only way i was able connect to server is via "iDRACK" / KVM do to ports was blocked i could not able connect to the server via RDP.
#3
I do not have IIS or any web server running on my server not even FTP.
Also I have changed my RDP port so random people don't try to hack in to the RDP.
Server has nothing install clean no extra stuff just CS server that is all.
Even when ALL port UDP TCP ICMP I meen all ports are blocked that including banding IPS that attack my server I still could not prevent attacker from owning my network. With netstat shows no connection has been made to server or between server and other clients.
Thanks.
-
05-24-2011, 12:53 PM #49Web Hosting Master
- Join Date
- Apr 2011
- Location
- Las Vegas, NV
- Posts
- 1,643
So what's keeping you from using a free Windows rootkit detection & removal tool?
http://www.sophos.com/en-us/products...i-rootkit.aspx
-
05-24-2011, 03:54 PM #50WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
Thanks
I would like to say thanks to everyone for help and time.
I giving up on lame ddos problems and put server for sale on ebay.
If anyone one interested let me know.
Again thank you for all your help.
Similar Threads
-
Ddos Management | Handle most ddos attacks on server level | save hundreds!
By jon-f in forum Systems Management OffersReplies: 0Last Post: 10-14-2010, 05:52 PM -
Ddos Management | Handle most ddos attacks on server level | save hundreds!
By jon-f in forum Systems Management OffersReplies: 0Last Post: 10-03-2010, 12:39 PM -
Got DDoS? BLCC DDoS Protection sale! Stop HTTP GET attacks in their tracks!
By ddosguru in forum Dedicated Hosting OffersReplies: 7Last Post: 01-17-2007, 12:49 PM