I run a small game server on Win 7 where I play with about a dozen friends, but apparently someone hates our server because we've been receiving UDP Flood attacks, they aren't powerful enough to shut the server down but it does overwhelm it and when legitimate players try to log in, it says the server is full.
According to server logs they are spamming connection attemps with some sort of script that runs automatically, my server log shows thousands of requests like these:
Connection Attempt made by gKByjeYw (cKWZUJsD)
Connection Attempt made by PCqiRitw (dIjxGLCM)
Connection Attempt made by XnbeqGCP (3jdoarzq)
Connection Attempt made by YSdUsjOb (MvjOjTgZ)
Connection Attempt made by JOMD8MoC (GJWnTkuh)
that gibberish is supposed to be username and cdkey, which are not valid at all but they still hammering my server.
According to my wireshark records all the attacks come from a Single IP address, so this is a DOS attack, Not a DDOS attack. Probably the IP is spoofed because when I ban it, they come back with a different IP.
Thanks for the reply, it would be great if I could create a whitelist and only those IP can access the port where the gameserver resides, is there any firewall that has a feature like that? I have Win 7
Also, I'm afraid some of my players have dynamic IP address, maybe if they get one of those free domain names, I could whitelist their domain name, but I don't know any program that can do that.
We firewall at the network level (your provider should be able to offer you that). Doing it server side leaves you open to problems if your port becomes flooded. Maybe someone else can chime in with Windows tips, I only work with Linux.
As for the whitelist you simply write a script to update the whitelist based on trusted user names (and their IP once they connect) or all successfully authenticated users. There is no need for them to have a static IP.
Dallas Colocation by Incero
e: sales(at)incero(dot)com • 855.217.COLO (2656)
Colocation & Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber
As far as I know, nothing else uses the port used to connect to my game server, so I could block all access to it and only allow trusted IPs, but I dont know of any software that provides such functionality, at least for Win 7