What kind of attack?
#1

Hi

When the lines are the lines that I wrote down on my server attack. Of articles written by this lag occurs on the server. What kind of attack? (Note: This thread seems all over the world.)

Sorry for bad english. I used ****** translator.


This rope is hundreds of expiry. I just bought some.

Код:
[07:32:44] [query:i] from 37.55.236.151
[07:32:45] [query:p] from 78.170.200.3
[07:32:45] [query:i] from 95.173.231.159
[07:32:45] [query:p] from 95.173.231.159
[07:32:45] [query:c] from 95.173.231.159
[07:32:45] [query:r] from 95.173.231.159
[07:32:45] [query:p] from 95.173.231.159
[07:32:46] [query:i] from 189.48.90.189
[07:32:46] [query:i] from 78.170.200.3
[07:32:46] [query:p] from 78.170.200.3
[07:32:46] [query:c] from 78.170.200.3
[07:32:46] [query:r] from 78.170.200.3
[07:32:46] [query:i] from 46.1.165.124
Reply
#2

They must be 'pinging' your server. If you go to command prompt (Windows) and type "ping -t <ip here>", it'll make the server lag. Atleast that happened to my server once. Either it is that or your server is getting DDoSed.
Reply
#3

Quote:
Originally Posted by Twizted
Посмотреть сообщение
They must be 'pinging' your server. If you go to command prompt (Windows) and type "ping -t <ip here>", it'll make the server lag. Atleast that happened to my server once. Either it is that or your server is getting DDoSed.
The server is running on CentOS.
Reply
#4

Those are just query logs.

You have logqueries set to 1 in server.cfg

Looks fairly normal to me there. Each player will send multiple queries at a time for the rules, playercount etc as shown.

If you think you're getting ddos'd capture packets with tcpdump.
Reply
#5

Quote:
Originally Posted by Twizted
Посмотреть сообщение
They must be 'pinging' your server. If you go to command prompt (Windows) and type "ping -t <ip here>", it'll make the server lag.
You wish!
Reply
#6

Looks normal to me.
Reply
#7

Quote:
Originally Posted by Lightning[SV]
Посмотреть сообщение
If you think you're getting ddos'd capture packets with tcpdump.
Hey this sounds interesting, can you explain me a bit more about it?
Reply
#8

tcpdump is a packet capture tool which can be installed on linux systems and run from the command line.

So in the terminal:

tcpdump -nvx dst 94.242.252.29 -c 500 -w packets.cap

Would capture 500 packets to the destination ip (your server ip), and save them in a file. You can then read out the file with tcpdump or download the file to your computer and use Wireshark on Windows.

You can then see what traffic was heading to your server. Usually it would all be udp to port 7777, but in a ddos you would see significant other traffic depending on the attack type. The attacking ip's can then be reported which will reduce the effectiveness of the attack in future.

During a typical ddos your port speed is probably getting maxed, so you wouldn't actually be able to access the terminal remotely due to packetloss, so you could run tcpdump from a shell script using cron.

On linux you can also sample /sys/class/net/eth0/statistics/rx_packets to get the incoming packet rate on the server.
Reply
#9

Quote:
Originally Posted by Lightning[SV]
Посмотреть сообщение
tcpdump is a packet capture tool which can be installed on linux systems and run from the command line.

So in the terminal:

tcpdump -nvx dst 94.242.252.29 -c 500 -w packets.cap

Would capture 500 packets to the destination ip (your server ip), and save them in a file. You can then read out the file with tcpdump or download the file to your computer and use Wireshark on Windows.

You can then see what traffic was heading to your server. Usually it would all be udp to port 7777, but in a ddos you would see significant other traffic depending on the attack type. The attacking ip's can then be reported which will reduce the effectiveness of the attack in future.

During a typical ddos your port speed is probably getting maxed, so you wouldn't actually be able to access the terminal remotely due to packetloss, so you could run tcpdump from a shell script using cron.

On linux you can also sample /sys/class/net/eth0/statistics/rx_packets to get the incoming packet rate on the server.
Wow you are a master, but I'm afraid that for this you need to have control over the Linux operating system itself, therefore you can do this in a VPS and not in the typical server hostings (like Volt-Host, Hostspree, SimplyFRAG, etc.) that only let you upload and download server files and manage the server. Am I right?
Reply
#10

Yes you need root access to install and run tcpdump. Any decent gameserver host will run your server under a separate user so you won't have permission.
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)