17.01.2016, 10:58
Quote:
NTP? There, I'll quote this comment from a person (whose method I've implemented and has stopped pretty much 98% of the NTP attacks)
"You can mitigate this attack by adding "restrict default nomodify nopeer noquery notrap" and "restrict -6 default nomodify nopeer noquery notrap" to your ntpd configuration, even if you're not running 4.2.7p26. Even works for public NTP servers. Those restrict lines disable monlist and other exploitable commands, but still allow time-sync traffic. Some OSes, like FreeBSD, have ntpd configured that way by default." Plus, read this page on securing your NTP configuration. Coming to DNS, there are few tips that I can tell you.
|
However, what i have noticed now is something unexplainable:
When i get TCP DUMP from machine DIRECTLY, there is no a SINGLE bad traffic, but when i record with my ethernet capturing, i have noticed some wierd crap.. ( http://prntscr.com/9r6r4w http://prntscr.com/9r6rh4 )
I can't even figure out how's this possible, the spoofed ip addreses don't even reach server but manage somehow to drop people from SA:MP. LOL..
I'd just say maybe some new samp exploit, as server doesnt see any malicious traffic. I have sent even thousand tcp dumps to OVH and still they say no a single problem is there..