Results 1 to 5 of 5
  1. #1

    Unhappy [Help] UDP Flood attack against my game server

    Hi,

    I run a small game server on Win 7 where I play with about a dozen friends, but apparently someone hates our server because we've been receiving UDP Flood attacks, they aren't powerful enough to shut the server down but it does overwhelm it and when legitimate players try to log in, it says the server is full.

    According to server logs they are spamming connection attemps with some sort of script that runs automatically, my server log shows thousands of requests like these:

    Connection Attempt made by gKByjeYw (cKWZUJsD)
    Connection Attempt made by PCqiRitw (dIjxGLCM)
    Connection Attempt made by XnbeqGCP (3jdoarzq)
    Connection Attempt made by YSdUsjOb (MvjOjTgZ)
    Connection Attempt made by JOMD8MoC (GJWnTkuh)

    that gibberish is supposed to be username and cdkey, which are not valid at all but they still hammering my server.

    According to my wireshark records all the attacks come from a Single IP address, so this is a DOS attack, Not a DDOS attack. Probably the IP is spoofed because when I ban it, they come back with a different IP.

    Here is a screenshot of my wireshark log

    Is there a way to block or mitigate this type of attack, since it comes from a single source? Any advice would be greatly appreciated

  2. #2
    Join Date
    Aug 2004
    Location
    Dallas, TX
    Posts
    3,507
    On your firewall I would whitelist trusted ips ( an automated dump of successfully connected players ) and rate limit pps for all other IPs. We do this a lot and it works great.
    Dallas Colocation by Incero, 8 years and counting!
    e: sales(at)incero(dot)com 855.217.COLO (2656)
    Colocation & Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
    SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber

  3. #3
    Thanks for the reply, it would be great if I could create a whitelist and only those IP can access the port where the gameserver resides, is there any firewall that has a feature like that? I have Win 7

    Also, I'm afraid some of my players have dynamic IP address, maybe if they get one of those free domain names, I could whitelist their domain name, but I don't know any program that can do that.

  4. #4
    Join Date
    Aug 2004
    Location
    Dallas, TX
    Posts
    3,507
    We firewall at the network level (your provider should be able to offer you that). Doing it server side leaves you open to problems if your port becomes flooded. Maybe someone else can chime in with Windows tips, I only work with Linux.

    As for the whitelist you simply write a script to update the whitelist based on trusted user names (and their IP once they connect) or all successfully authenticated users. There is no need for them to have a static IP.
    Dallas Colocation by Incero, 8 years and counting!
    e: sales(at)incero(dot)com 855.217.COLO (2656)
    Colocation & Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
    SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber

  5. #5
    As far as I know, nothing else uses the port used to connect to my game server, so I could block all access to it and only allow trusted IPs, but I dont know of any software that provides such functionality, at least for Win 7

Similar Threads

  1. UDP Flood Attack From my website(ip) Help me
    By amitkumar in forum Hosting Security and Technology
    Replies: 21
    Last Post: 03-04-2013, 02:34 PM
  2. Help, Under UDP flood attack
    By mehrdadabed in forum Dedicated Server
    Replies: 9
    Last Post: 07-22-2012, 11:19 PM
  3. Dedicated Server offers udp flood protection
    By ryansmith in forum Dedicated Server
    Replies: 2
    Last Post: 04-26-2012, 05:59 AM
  4. which data center can provide UDP Flood Attack protection?
    By popuser in forum Dedicated Server
    Replies: 4
    Last Post: 09-07-2010, 12:11 AM
  5. Server Unplugged UDP Attack to known node
    By maxihost in forum Hosting Security and Technology
    Replies: 4
    Last Post: 02-02-2006, 04:00 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •