What kind of attack? - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: What kind of attack? (/showthread.php?tid=448143)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: What kind of attack? (/showthread.php?tid=448143)
What kind of attack? - Ahriman - 03.07.2013
Hi
When the lines are the lines that I wrote down on my server attack. Of articles written by this lag occurs on the server. What kind of attack? (Note: This thread seems all over the world.)
Sorry for bad english. I used ****** translator.
This rope is hundreds of expiry. I just bought some.
Код:
[07:32:44] [query:i] from 37.55.236.151 [07:32:45] [query:p] from 78.170.200.3 [07:32:45] [query:i] from 95.173.231.159 [07:32:45] [query:p] from 95.173.231.159 [07:32:45] [query:c] from 95.173.231.159 [07:32:45] [query:r] from 95.173.231.159 [07:32:45] [query:p] from 95.173.231.159 [07:32:46] [query:i] from 189.48.90.189 [07:32:46] [query:i] from 78.170.200.3 [07:32:46] [query:p] from 78.170.200.3 [07:32:46] [query:c] from 78.170.200.3 [07:32:46] [query:r] from 78.170.200.3 [07:32:46] [query:i] from 46.1.165.124
Re: What kind of attack? - Twizted - 03.07.2013
They must be 'pinging' your server. If you go to command prompt (Windows) and type "ping -t <ip here>", it'll make the server lag. Atleast that happened to my server once. Either it is that or your server is getting DDoSed.
Re: What kind of attack? - Ahriman - 03.07.2013
Quote:
|
Originally Posted by Twizted
 They must be 'pinging' your server. If you go to command prompt (Windows) and type "ping -t <ip here>", it'll make the server lag. Atleast that happened to my server once. Either it is that or your server is getting DDoSed.
|
Re: What kind of attack? - Lightning[SV] - 03.07.2013
Those are just query logs.
You have logqueries set to 1 in server.cfg
Looks fairly normal to me there. Each player will send multiple queries at a time for the rules, playercount etc as shown.
If you think you're getting ddos'd capture packets with tcpdump.
Re: What kind of attack? - linuxthefish - 03.07.2013
Quote:
|
Originally Posted by Twizted
They must be 'pinging' your server. If you go to command prompt (Windows) and type "ping -t <ip here>", it'll make the server lag.
|
Re: What kind of attack? - ColorHost-Kevin - 04.07.2013
Looks normal to me.
Respuesta: Re: What kind of attack? - Gryphus One - 04.07.2013
Quote:
|
Originally Posted by Lightning[SV]
If you think you're getting ddos'd capture packets with tcpdump.
|
Re: What kind of attack? - Lightning[SV] - 05.07.2013
tcpdump is a packet capture tool which can be installed on linux systems and run from the command line.
So in the terminal:
tcpdump -nvx dst 94.242.252.29 -c 500 -w packets.cap
Would capture 500 packets to the destination ip (your server ip), and save them in a file. You can then read out the file with tcpdump or download the file to your computer and use Wireshark on Windows.
You can then see what traffic was heading to your server. Usually it would all be udp to port 7777, but in a ddos you would see significant other traffic depending on the attack type. The attacking ip's can then be reported which will reduce the effectiveness of the attack in future.
During a typical ddos your port speed is probably getting maxed, so you wouldn't actually be able to access the terminal remotely due to packetloss, so you could run tcpdump from a shell script using cron.
On linux you can also sample /sys/class/net/eth0/statistics/rx_packets to get the incoming packet rate on the server.
Respuesta: Re: What kind of attack? - Gryphus One - 05.07.2013
Quote:
|
Originally Posted by Lightning[SV]
tcpdump is a packet capture tool which can be installed on linux systems and run from the command line.
So in the terminal: tcpdump -nvx dst 94.242.252.29 -c 500 -w packets.cap Would capture 500 packets to the destination ip (your server ip), and save them in a file. You can then read out the file with tcpdump or download the file to your computer and use Wireshark on Windows. You can then see what traffic was heading to your server. Usually it would all be udp to port 7777, but in a ddos you would see significant other traffic depending on the attack type. The attacking ip's can then be reported which will reduce the effectiveness of the attack in future. During a typical ddos your port speed is probably getting maxed, so you wouldn't actually be able to access the terminal remotely due to packetloss, so you could run tcpdump from a shell script using cron. On linux you can also sample /sys/class/net/eth0/statistics/rx_packets to get the incoming packet rate on the server. |
Re: What kind of attack? - Lightning[SV] - 05.07.2013
Yes you need root access to install and run tcpdump. Any decent gameserver host will run your server under a separate user so you won't have permission.