Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 55

Thread: DDOS ?

  1. #26
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by hhw View Post
    Do you have any legitimate UDP traffic? If not, a simple ACL at your provider's edge, or instated by their transits on their behalf, would be an effective way of dealing with attacks that can be easily identified. So long as you're not being attacked on the same port and protocol as your legitimate services, this would be your best bet as it doesn't require any specialized DDoS mitigation hardware.

    If your provider is unable or unwilling to implement such measures, you may want to consider switching to a provider that is.
    From what I have seen they are picked on UDP port 27015
    Problem was windows OS does not have anything against this.
    I have tried block UDP TCP etc...... and flood still used 50% to 90% of network resources.
    Also let say i don't run game server all ports are blocked from in and out including local: As long NIC with that IP up and running flood pounding.
    Who ever attack that IP they could pick any port and still used 90% of network resources.
    From what I learned they used spoofed IP's send 1 UDP packet and dropped.
    With 100 requests in interval of 1 sec no matter what you do, Win OS will be screwed by such attack.
    As of right now I contact www.serverwizards.com and they told me that with custom script they can stop this nonsense.
    I have spare 1u server ready to ship to datacenter with www.skynet-solutions.net software and hope this will help.
    From previous reply's I have seen people offering to get 1GB pipe line, and i think no matter how big pipe line with botnet it will not able to handle it.
    Trust me 11 year old game not a best idea to invest money in to
    Reason they attacked because server reached #1 rank in the world and some people jealous.
    Thanks

  2. #27
    the games are licensed or cracked ?

    if cracked , propably that would be the reason

  3. #28
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by Amman-DJ View Post
    the games are licensed or cracked ?

    if cracked , propably that would be the reason
    From my point of view your post don't make any sense.
    Server is licensed.
    FYI: I will not spend $$ for the server + Windows OS + colocation to run illegal stuff and don't recommend anyone else to do so.
    I just so another post who got hit with 25Gb DDOS.. "I guess he/she runs illegal business "
    Maybe every who get hit with DDOS runs illegal service?
    Thanks.
    Last edited by dxds; 05-23-2011 at 03:09 AM.

  4. #29
    Greetings,

    Can someone please provide some good DDOS Protected VPS providers?

    Best Regards,
    Abhijit

  5. #30
    DDOS means "Distributed Denial of Service (network attack)"

  6. #31
    Join Date
    Sep 2008
    Posts
    104
    Quote Originally Posted by handsomeabhi View Post
    Greetings,

    Can someone please provide some good DDOS Protected VPS providers?

    Best Regards,
    Abhijit
    Visit NFO VPS they provide good protection.
    NFO = http://www.nfoservers.com/
    Also you can check promo code for nfo on www.webhostingtalk.

  7. #32
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by dxds View Post
    I just made a video so you guys can see UDP flood.
    Wonder if anyone know solution for this.

    http://www.screencast.com/t/Lw6Y7vxI0

    Thx
    Sir, you have a rootkit. Or as the techies might say, "Man, you've been ROOTED!" In other words, someone has compromised your server and planted software that grants server privileges without your knowledge, most likely for the purpose of launching a DDoS attack from your machine.

    Shutting down your server won't help, because the same behavior will start again as soon as you reboot. Buying more bandwidth won't solve the problem either, since the rootkit will consume whatever bandwidth you give it. Buying more bandwidth to fight a DDoS attack makes about as much sense as a bank obtaining additional cash to keep in their vault to prevent bank robberies.

    The way to fight this is to simply identify the rootkit and remove it. Install something like chkrootkit or rkhunter and see what it finds.

    Do this:

    # cd /tmp
    # wget http://entomy.com/chkrootkit.tar.gz
    # tar –xzvf chkrootkit.tar.gz
    # mkdir /usr/local/chkrootkit
    # mv /tmp/chkrootkit*/* /usr/local/chkroorkit
    # cd /usr/local/chkrootkit
    # make sense


    That last line will take a minute to run. To test run the scanner issue the following command.

    # /usr/local/chkrootkit/./chkrootkit

    Setup a cron job to scan your system for rootkits every day. Run it with this command to have the result emailed to you for review.

    /usr/local/chkrootkit/./chkrootkit | mail -s 'CHKROOTKIT for server1' you@email.com

    You will need to change you@email.com to your actual email address. You can also modify 'CHKROOTKIT for server1' to describe your particular server, since the text between those single-quotes will be the subject of the email sent to you.
    Last edited by ajonate; 05-23-2011 at 01:53 PM.

  8. #33
    Join Date
    May 2008
    Posts
    117
    Is it Conter Strike or any other Valve game? Because Valve uses mostly UDP port 27015 for their game servers.

    Also you cant block that malicious traffic with your server. Only way to 'get ride' of it is getting higher pipe or blocking it before it hits your server.

  9. #34
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by MMrs View Post
    Also you cant block that malicious traffic with your server.
    Sure you can, depending on the type of malicious traffic of course. You can turn a lot of it away at the server level. Mod_evasive can convert a web request into a simple "error 403" text response on certain behavior. You can also block malicious traffic at the server level using mod_security and APF (Advanced Policy Firewall) when other types of suspicious behavior is detected.

    You can make your server a tough enough customer that a lot of vandals will give up on you, and do it all using open source software on the server level.

  10. #35
    Join Date
    May 2008
    Posts
    117
    Quote Originally Posted by ajonate View Post
    Sure you can, depending on the type of malicious traffic of course. You can turn a lot of it away at the server level. Mod_evasive can convert a web request into a simple "error 403" text response on certain behavior. You can also block malicious traffic at the server level using mod_security and APF (Advanced Policy Firewall) when other types of suspicious behavior is detected.

    You can make your server a tough enough customer that a lot of vandals will give up on you, and do it all using open source software on the server level.
    First of its not HTTP attack and its not even TCP traffic.
    Second even one attacking server that has higher pipe then yours is able to kill your server connection with UDP flood and you cant do nothing but wait and hope that your hosting company will block that traffic before it hits your server.

  11. #36
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by MMrs View Post
    First of its not HTTP attack and its not even TCP traffic.
    Second even one attacking server that has higher pipe then yours is able to kill your server connection with UDP flood and you cant do nothing but wait and hope that your hosting company will block that traffic before it hits your server.
    APF can deal with UDP traffic attacks.

    It's nice if the data center has a hardware firewall solution, but I don't count on anything from them. I have my own comprehensive security policy in place that keeps the ankle-biters at bay, or at least it has so far.

  12. #37
    Join Date
    May 2008
    Posts
    117
    Quote Originally Posted by ajonate View Post
    APF can deal with UDP traffic attacks.

    It's nice if the data center has a hardware firewall solution, but I don't count on anything from them. I have my own comprehensive security policy in place that keeps the ankle-biters at bay, or at least it has so far.
    How will your firewall prevent them from UDP flooding?

  13. #38
    That's obscure. How well would the firewall scale to block the port is the question. Think simple and react, base the next step based on that.

  14. #39
    Your server may be attacked.

    this is my point of view.

  15. #40
    what makes you say that?

  16. #41
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by MMrs View Post
    How will your firewall prevent them from UDP flooding?
    I believe that it automatically bans the IP address for a specified amount of time when it detects suspicious behavior.

    The firewall also subscribes to several monitoring services, if you configure it that way, so an IP address that's on a rampage may already be blocked before the attack even begins.

  17. #42
    How do you know? Do you know the Op's setup? Another paid human bot perhaps?

  18. #43
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by IH-Chris View Post
    How do you know? Do you know the Op's setup? Another paid human bot perhaps?
    The OP hasn't said. Not knowing what kind of protection he might already be using, if any, I'm not ready to recommend that he start throwing money at the problem until I know that standard open source solutions are implemented and are determined to be effective.

  19. #44
    Quote Originally Posted by ajonate View Post
    The OP hasn't said.
    Why comment on something you have no idea about?

  20. #45
    Join Date
    Dec 2005
    Location
    The Netherlands
    Posts
    107
    Quote Originally Posted by ajonate View Post
    The OP hasn't said. Not knowing what kind of protection he might already be using, if any, I'm not ready to recommend that he start throwing money at the problem until I know that standard open source solutions are implemented and are determined to be effective.
    Well your hints and tips are definitely not going to work.

    The guy is using Windows, and there is no rkhunter or chkrootkit for Windows.
    That same counts for APF / mod_security (if IIS installed)

  21. #46
    Join Date
    May 2008
    Posts
    117
    Quote Originally Posted by ajonate View Post
    I believe that it automatically bans the IP address for a specified amount of time when it detects suspicious behavior.

    The firewall also subscribes to several monitoring services, if you configure it that way, so an IP address that's on a rampage may already be blocked before the attack even begins.
    Do you know what that "ban" means? Your firewall will just drop or reject these packets. This wont block the attacker sending you that trash.


    On topic: With co-location its even worse because it takes long time to move your server to other datacenter.

  22. #47
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by Mikej0h View Post
    Well your hints and tips are definitely not going to work.

    The guy is using Windows, and there is no rkhunter or chkrootkit for Windows.
    That same counts for APF / mod_security (if IIS installed)
    Windows? I didn't catch that.

  23. #48
    Join Date
    Sep 2008
    Posts
    104

    Some people miss read

    Ok now I have seen everything.
    Seems allot of people confused so let me clear some of the stuff.
    #1
    ajonate: I don't have Linux firewall installed or Linux server.
    So I am not sure about your post about regarding a rootkit.

    #2
    MMrs: I would like to point out that when I made video of the attack cs server was offline and all port was blocked ( I meen ALL In OUT every port on the server was blocked. ) Only way i was able connect to server is via "iDRACK" / KVM do to ports was blocked i could not able connect to the server via RDP.

    #3
    I do not have IIS or any web server running on my server not even FTP.
    Also I have changed my RDP port so random people don't try to hack in to the RDP.

    Server has nothing install clean no extra stuff just CS server that is all.
    Even when ALL port UDP TCP ICMP I meen all ports are blocked that including banding IPS that attack my server I still could not prevent attacker from owning my network. With netstat shows no connection has been made to server or between server and other clients.

    Thanks.

  24. #49
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by dxds View Post
    #1
    ajonate: I don't have Linux firewall installed or Linux server.
    So I am not sure about your post about regarding a rootkit.
    So what's keeping you from using a free Windows rootkit detection & removal tool?

    http://www.sophos.com/en-us/products...i-rootkit.aspx

  25. #50
    Join Date
    Sep 2008
    Posts
    104

    Thanks

    I would like to say thanks to everyone for help and time.
    I giving up on lame ddos problems and put server for sale on ebay.
    If anyone one interested let me know.
    Again thank you for all your help.

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 10-14-2010, 05:52 PM
  2. Replies: 0
    Last Post: 10-03-2010, 12:39 PM
  3. Replies: 7
    Last Post: 01-17-2007, 12:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •