DDoS: How to defend? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: DDoS: How to defend? (/showthread.php?tid=107872)

---

DDoS: How to defend? - DamiRocK - 11.11.2009

Hi everybody. Russia needs help. The sa-mp server of the most popular ISP (Internet Service Provider) is being ddos'ed sometimes, and it really annoys everybody (approx. 100-150 players online)
_________________________________________________
Now we have their DDOS-tool, but we couldn't detect any logs...
How can we defend our server?
I can send a DDOS'er to somebody, who's going to help us. Just tell me about it in the topic

---

Re: DDoS: How to defend? - d0 - 11.11.2009

what do you mean when you say the word 'DDOS'

---

Re: DDoS: How to defend? - wormy - 11.11.2009

we got server full when server is under attack, but there is no any information about connections is logs,and ping stays in normal values, maybe it's not realy ddos, but looks like that =)

sry for my bad english

---

Re: DDoS: How to defend? - DamiRocK - 11.11.2009

http://en.wikipedia.org/wiki/Ddos_attack

---

Re: DDoS: How to defend? - hipy - 12.11.2009

simple: block their ips

---

Re: DDoS: How to defend? - wormy - 12.11.2009

haha, that's not so easy, those guys have dynamic IP's, we banned whole their subnetwork, but they use proxy

---

Re: DDoS: How to defend? - smoker08 - 13.11.2009

Ban the isp's then

---

Re: DDoS: How to defend? - DamiRocK - 13.11.2009

I can't believe, that samp doesn't have any defence-methods...

---

Re: DDoS: How to defend? - Xander5270 - 13.11.2009

Sadly, theres nothing build in SAMP, to get those.

You will simpley have to find some information about them, and ban their ISP. Or learn making plugins. You might be lucky, and make something usefull!

---

Re: DDoS: How to defend? - dugi - 13.11.2009

It's not a flaw in sa-mp but in the internet.

---

Re: DDoS: How to defend? - hipy - 17.11.2009

Of course you respond with a totally useless respond

YOU-CANT-BLOCK-A-DDOS

Even when the packages are filtert it will still use up your bandwitch.

You can block the packages but they still reach your network cart

A ddos doesnt come from 10 to 20 ips. but it comes from littraly 1000 of pc's that have been invested by a virus.

in other words. even when you can partially block the ddos, you still wont be able to connect to the internet

---

Re: DDoS: How to defend? - laserhel50 - 17.11.2009

Indeed, Blocking a DDos is just... not even possible.
my Forum (when i had a clan) had been DDossed several TImes too...

i Really dont know what to do Against it.

Its a Virus, yes. most Attacks came from a Land.. i forgot where lol.

---

Re: DDoS: How to defend? - Woet - 18.11.2009

serverFFS uses 1 gbit servers with custom kernels together with Cisco Guard and advanced software firewall configurations to block 99% of all DDoS.

The people posting 'you cant block DDoS' don't know what they are talking about.

---

Re: DDoS: How to defend? - hipy - 18.11.2009

Not everdbody has 80 servers with expensive firewalls.

And if im right this is just making the capacity so big that a ddos wont take down the system..

correct me if im wrong

btw how many game servers have such a firewall :P

---

Re: DDoS: How to defend? - Warmonger - 19.11.2009

Regardless to how many pc's are infected and being used to attack with. There is no way a TCP (D)DoS could stand a chance against a firewall. UDP on the other hand is another story. His net doesn't die so it cant be UDP even if it is it aint very strong. Maybe you all should read up a little bit before you act out in a way that only makes yourself look foolish. Incoming connections will have to pass through this firewall, and it will only allow 5 connections per IP address. Figure it out he can limit to 1 connection per address and really there shouldn't be a single problem. If the attacks were "that bad" he could always download PeerGuardian and block them IP's. Ive written a program that automatically IP bans people who (D)DoS attack my server. This stuff aint too hard to deal with people go "oh you need hardware firewall bla bla bla" and "its impossible to stop" hah these are the kids who dont even know what real hacking is. Take it from someone Cisco Certified WIPFW will solve all your problems along with PeerGuardian if its that bad. (D)DoS attacks are a child's way of "hacking" or "exploiting" stack buffers and killing peoples net by flooding the network with packets, its easily stoped and easily prevented. Take it from a bunch of kids who cant spell every other word right.

---

Re: DDoS: How to defend? - Ritchie999 - 19.11.2009

Grab your self a bottle of holy water and a crucifix and hope for the best!

---

Re: DDoS: How to defend? - hipy - 20.11.2009

You say limit 1 connection per ip adress.

So that is your fix? limit 1 connection per ip? well good luck with blocking it then

btw by blocking there ip they still DO go over your network card. since it needs to reach your firewall. So it still uses up bandwith...

Or can you prove me you can block it so the ddos doesnt even touch your server( withouth firewalls from the server house bla bla )

btw you all seem to support this cisco super firewall shit, but tell me, HOW MUCH people that host a server realy have it.

For that 1 time per 2 months that they are ddosed?

---

Re: DDoS: How to defend? - laserhel50 - 20.11.2009

come on...
you can write a Script...
This suggestion is i think still the Best...
Write a script witch will Limit Incomming Connections To 3 Per Source Address.
best Solution... i know it comes from like 1000's of pc's but most of these pc's will send more than 1 DDos attack.

---

Re: DDoS: How to defend? - Warmonger - 20.11.2009

All hail the almighty noob! Dude when your IP baned you can NOT send packets to the server. Maybe you dont understand how routers and computers communicate. WIPFW is actually all you do need. It logs every connection in WINDOWS\Security\Logs which are labeled by date. Not hard to spot a (D)DoS flood in the logs. Create a new rule for WIPFW to denie all connections from that IP. Tada any packets from that network will never reach yours. Thier computer sends a request, server doesnt send a response. Once again dont try and flame me if your not even going to take the time to spell your words right.

---

Re: DDoS: How to defend? - Woet - 20.11.2009

Most DDoSes fill up the 100 mbit uplink, no software or firewall can block that.
If it's less than 100 mbit, you can indeed run tcpdump or the windows equivalent and block those IP's.

---