• Anti DDoS
    118 replies, posted
  • Avatar of thegrb93
  • In the past week of playing garrysmod, there have been at least five people who got banned or kicked for griefing and their response is DDoSing the server, making it unplayable even ever after they have disconnected. I would make this myself if I had any knowledge of source, but I don't, so I would be really grateful if this was made and given to garry to add to the game, or even better, given to valve to stop the problem for all source games. I've already sent valve a request for their stance on DDoS and I'll post it when I get a response. I don't really know the technical details behind DDoS so I understand if it may not be possible to defend against, but to anyone who does have an idea and makes it, everyone will be very grateful. Perhaps this will help with finding solutions. [url]http://wiki.alliedmods.net/SRCDS_Hardening#Lag.2FDOS[/url]
  • Avatar of LuaMilkshake
  • Most DDoS attacks can't be dealt with at the application level, they need to be mitigated at the network level.
  • Avatar of Aide
  • The source engine is flawed. The GSP's are helpless software doesn't always help. Using iptables doesn't always help. Anyone can obtain access to dos ability now.
  • Avatar of Bawbag
  • [QUOTE=Latirom;34100481]Protip: Blacklist CoD4 master server. cod4master.activision.com[/QUOTE] that just stops your server being used in a drdos
  • Avatar of JustSoFaded
  • [QUOTE=Bawbag;34101143]that just stops your server being used in a drdos[/QUOTE] It stops DevNull's reflected dos system from working properly. Since Stan relies on cod4 servers.
  • Avatar of thegrb93
  • This little shit that got his admin demoted keeps ddosing my favorite server. FUCK. I hope valve gets back with my request soon.
  • Avatar of zzaacckk
  • What I do when my box is attacked is first start wireshark if I can access the box, then call my datacenter to mitigate the attack. If I have his IP I will email his ISP regarding it and with enough complaints they will do something about it. You also should make sure people aren't spamming A2S_INFO packets, which will crash your server, you can find a mod on AlliedModers that will protect it. There isn't much you can do about a DDoS except mitigate it or wait it out. Also, valve wont be able to help me.
  • Avatar of maurits150
  • [QUOTE=Latirom;34100481]Protip: Blacklist CoD4 master server. cod4master.activision.com[/QUOTE] That doesn't work. That just prevents you from looking up CoD4 servers. Stan can still lookup the masterlist and get a list of servers to use against you.
  • Avatar of zzaacckk
  • [QUOTE=maurits150;34103170]That doesn't work. That just prevents you from looking up CoD4 servers. Stan can still lookup the masterlist and get a list of servers to use against you.[/QUOTE] AFAIK what he does is send a packet to the CoD4 master server with your IP spoofed and it sends you the full server list consistently. [editline] I guess I am wrong.
  • Avatar of Chewgum
  • A server i'm helping with has been getting hit by cod4, 'statusRespone', attacks at 580mbit/s. Then there's the generic 22mbit source engine query attack which removes the server from the master list.
  • Avatar of DylanWilson
  • [QUOTE=zzaacckk;34104633]AFAIK what he does is send a packet to the CoD4 master server with your IP spoofed and it sends you the full server list consistently.[/QUOTE] no, he gets the master serverlist for himself, and then uses this list to get every single COD4 server to send their status info to your server constantly, which allows him to multiply his amount of data sent to you Example: his server sends a relatively short phrase that looks like this €€€€200 in a packet that says it's from the target server, and then the server replies to you it it's entire playerlist, pings, frags, map, gamemode, etc. which is quite a big jump in how much data is being sent to you now calculate in the... 900 COD4 servers online right now according to gametracker.com --edit-- oh nvm, it decided to filter out nonUS servers, 6350 servers
  • Avatar of Ruzza
  • Having some sort of automatic system where you get all cod4 and quake3 servers and block all the ips would be pretty sweet
  • Avatar of DylanWilson
  • [QUOTE=Ruzza;34129457]Having some sort of automatic system where you get all cod4 and quake3 servers and block all the ips would be pretty sweet[/QUOTE] the problem isn't ignoring the requests as much as it is that the sheer amount of data makes it impossible to process everything to ignore it in the first place
  • [QUOTE=I am God.;34132218]Why doesn't Activision filter out this problem, then?[/QUOTE] Because if they fixed it they wouldn't make any more money than if they left it
  • Avatar of pennerlord
  • [QUOTE=Banana Lord.;34133823]I think the better question is why wouldn't they add some sort of anti spam to begin with[/QUOTE] As long as they make money they won't care about that problem. Or they are too busy with releasing the next 20 CoD games.
  • Avatar of JustSoFaded
  • [QUOTE=DylanWilson;34132201]the problem isn't ignoring the requests as much as it is that the sheer amount of data makes it impossible to process everything to ignore it in the first place[/QUOTE] That's wrong, if you block the servers in your firewall or iptables or however you do it, it can't send you the data. it's not like the server takes in all your data and then goes "Ohhh....nvm, hes blocked delete that !".
  • [QUOTE=JustSoFaded;34138766]That's wrong, if you block the servers in your firewall or iptables or however you do it, it can't send you the data. it's not like the server takes in all your data and then goes "Ohhh....nvm, hes blocked delete that !".[/QUOTE] No matter if you have a firewall, iptables, etc., the only thing it can do is prevent traffic from reaching the applications. The packets are still present, and they are still saturating your line. In some cases, those CoD status packets are enough to knock a normal server offline just by purely over-saturating the line.
  • Avatar of DylanWilson
  • [QUOTE=Revenge282;34139773]No matter if you have a firewall, iptables, etc., the only thing it can do is prevent traffic from reaching the applications. The packets are still present, and they are still saturating your line. In some cases, those CoD status packets are enough to knock a normal server offline just by purely over-saturating the line.[/QUOTE] This is what I meant, I was just simplifying it because he probably doesn't know what saturating the line means and JustSoFaded, if you don't think your computer takes these packets in when it tries to filter them, how do you think iptables works? at some point in time it has to process the header information of the packet to decide whether to allow, drop, or deny it.
  • Ugh, how I hate cod :( With a 1GB line (and a decent host, one who will actually give you 1gb) then you could probably eat a cod4 drdos. I'd still expect some decent lag though. I'm playing with linux atm to swap my UK host over to it, but alas gmod with linux :(
  • If isps were smart enough to help block (d)doses, their solution is to just shut the client off the network
  • [QUOTE=Map in a box;34151595]If isps were smart enough to help block (d)doses, their solution is to just shut the client off the network[/QUOTE] Same rule applies for them as it does for Activision that was stated earlier: [QUOTE=Dame Flawless;34132283]Because if they fixed it they wouldn't make any more money than if they left it[/QUOTE]
  • Avatar of Shepsie
  • If ISP blocked spoofed UDP packets at the network level it would stop this method altogether. Or take stan to court but unsure how would you turn chinese whispers into something that would hold in court.
  • Avatar of Jetsurf
  • Welcome to the club! Sethhack skiddies hit our server almost daily for 2 weeks over the holidays. Our solution? Get LSN to put up a filter :P. They even said some of them got up to 200+ MBPS. Even WITHOUT LSN's filters, they failed to fully take down a single one of our servers :V [IMG]http://gyazo.breakpointservers.com/fe3efe4f7a298efea121379ea56dfe15.png[/IMG]
  • Avatar of lorde banana
  • [QUOTE=Jetsurf;34154078]Welcome to the club! Sethhack skiddies hit our server almost daily for 2 weeks over the holidays. Our solution? Get LSN to put up a filter :P. They even said some of them got up to 200+ MBPS. Even WITHOUT LSN's filters, they failed to fully take down a single one of our servers :V [IMG]http://gyazo.breakpointservers.com/fe3efe4f7a298efea121379ea56dfe15.png[/IMG][/QUOTE] They get mad when you get 8Gbit though
  • [QUOTE=Banana Lord.;34154157]They get mad when you get 8Gbit though[/QUOTE] This... Very much this...
  • Avatar of JustSoFaded
  • [QUOTE=DylanWilson;34146579]This is what I meant, I was just simplifying it because he probably doesn't know what saturating the line means and JustSoFaded, if you don't think your computer takes these packets in when it tries to filter them, how do you think iptables works? at some point in time it has to process the header information of the packet to decide whether to allow, drop, or deny it.[/QUOTE] Listen bud, if you have a good firewall, raw socket bull shit isn't going to effect you (except for the first couple of seconds for the exact reason you just stated). Obviously is has to look into the packet header, but smart firewalls will look at packet consistencies etc Also, quit being a punk. Looking at your past threads it seems your programming knowledge is pretty..[b][i][u]limited, at best[/u][/i][/b], and you don't seem to know exactly what you are talking about.
  • Avatar of Jetsurf
  • [QUOTE=JustSoFaded;34154398]Listen bud, if you have a good firewall, raw socket bull shit isn't going to effect you (except for the first couple of seconds for the exact reason you just stated). Obviously is has to look into the packet header, but smart firewalls will look at packet consistencies etc Also, quit being a punk. Looking at your past threads it seems your programming knowledge is pretty..[b][i][u]limited, at best[/u][/i][/b], and you don't seem to know exactly what you are talking about.[/QUOTE] Network Security != Programming Knowledge