[DamiRocK]

Hi everybody. Russia needs help. The sa-mp server of the most popular ISP (Internet Service Provider) is being ddos'ed sometimes, and it really annoys everybody (approx. 100-150 players online)
_________________________________________________
Now we have their DDOS-tool, but we couldn't detect any logs...
How can we defend our server?
I can send a DDOS'er to somebody, who's going to help us. Just tell me about it in the topic

We really need your help!

[d0]

Quote:

Originally Posted by DamiRocK Hi everybody. Russia needs help. The sa-mp server of the most popular ISP (Internet Service Provider) is being ddos'ed sometimes, and it really annoys everybody (approx. 100-150 players online) _________________________________________________ Now we have their DDOS-tool, but we couldn't detect any logs... How can we defend our server? I can send a DDOS'er to somebody, who's going to help us. Just tell me about it in the topic We really need your help!

what do you mean when you say the word 'DDOS'

[wormy]

we got server full when server is under attack, but there is no any information about connections is logs,and ping stays in normal values, maybe it's not realy ddos, but looks like that =)

sry for my bad english

[DamiRocK]

Quote:

Originally Posted by Doerfler Quote: Originally Posted by DamiRocK Hi everybody. Russia needs help. The sa-mp server of the most popular ISP (Internet Service Provider) is being ddos'ed sometimes, and it really annoys everybody (approx. 100-150 players online) _________________________________________________ Now we have their DDOS-tool, but we couldn't detect any logs... How can we defend our server? I can send a DDOS'er to somebody, who's going to help us. Just tell me about it in the topic We really need your help! what do you mean when you say the word 'DDOS'

http://en.wikipedia.org/wiki/Ddos_attack

[hipy]

simple: block their ips

[wormy]

Quote:

Originally Posted by hipy simple: block their ips

haha, that's not so easy, those guys have dynamic IP's, we banned whole their subnetwork, but they use proxy

[smoker08]

Quote:

Originally Posted by wormy Quote: Originally Posted by hipy simple: block their ips haha, that's not so easy, those guys have dynamic IP's, we banned whole their subnetwork, but they use proxy

Ban the isp's then

[DamiRocK]

I can't believe, that samp doesn't have any defence-methods...

[Xander5270]

Sadly, theres nothing build in SAMP, to get those.

You will simpley have to find some information about them, and ban their ISP. Or learn making plugins. You might be lucky, and make something usefull!

[dugi]

Quote:

Originally Posted by DamiRocK I can't believe, that samp doesn't have any defence-methods...

It's not a flaw in sa-mp but in the internet.

[hipy]

Of course you respond with a totally useless respond

YOU-CANT-BLOCK-A-DDOS

Even when the packages are filtert it will still use up your bandwitch.

You can block the packages but they still reach your network cart

Quote:

Write A Simple Ruleset To Limit Incomming Connections To 5 Per Source Address. This Should Stop Most Of The Attacks. (Atlest Cut Them Down Alot So They Dont Effect Your Server/Players)

A ddos doesnt come from 10 to 20 ips. but it comes from littraly 1000 of pc's that have been invested by a virus.

in other words. even when you can partially block the ddos, you still wont be able to connect to the internet

[laserhel50]

Indeed, Blocking a DDos is just... not even possible.
my Forum (when i had a clan) had been DDossed several TImes too...

i Really dont know what to do Against it.

Its a Virus, yes. most Attacks came from a Land.. i forgot where lol.

[Woet]

serverFFS uses 1 gbit servers with custom kernels together with Cisco Guard and advanced software firewall configurations to block 99% of all DDoS.

The people posting 'you cant block DDoS' don't know what they are talking about.

[hipy]

Quote:

Originally Posted by Woet serverFFS uses 1 gbit servers with custom kernels together with Cisco Guard and advanced software firewall configurations to block 99% of all DDoS. The people posting 'you cant block DDoS' don't know what they are talking about.

Not everdbody has 80 servers with expensive firewalls.

And if im right this is just making the capacity so big that a ddos wont take down the system..

correct me if im wrong

btw how many game servers have such a firewall :P

[Warmonger]

Quote:

Originally Posted by hipy Of course you respond with a totally useless respond YOU-CANT-BLOCK-A-DDOS = Not True Even when the packages are filtert it will still use up your bandwitch. = Automatic IP Bans Will Kill Every Connection Right After First Few Packets Are Read You can block the packages but they still reach your network cart = Not True Quote: Write A Simple Ruleset To Limit Incomming Connections To 5 Per Source Address. This Should Stop Most Of The Attacks. (Atlest Cut Them Down Alot So They Dont Effect Your Server/Players) A ddos doesnt come from 10 to 20 ips. but it comes from littraly 1000 of pc's that have been invested by a virus. = Did You Finally Learn That On Your Own? in other words. even when you can partially block the ddos, you still wont be able to connect to the internet = Not True

Regardless to how many pc's are infected and being used to attack with. There is no way a TCP (D)DoS could stand a chance against a firewall. UDP on the other hand is another story. His net doesn't die so it cant be UDP even if it is it aint very strong. Maybe you all should read up a little bit before you act out in a way that only makes yourself look foolish. Incoming connections will have to pass through this firewall, and it will only allow 5 connections per IP address. Figure it out he can limit to 1 connection per address and really there shouldn't be a single problem. If the attacks were "that bad" he could always download PeerGuardian and block them IP's. Ive written a program that automatically IP bans people who (D)DoS attack my server. This stuff aint too hard to deal with people go "oh you need hardware firewall bla bla bla" and "its impossible to stop" hah these are the kids who dont even know what real hacking is. Take it from someone Cisco Certified WIPFW will solve all your problems along with PeerGuardian if its that bad. (D)DoS attacks are a child's way of "hacking" or "exploiting" stack buffers and killing peoples net by flooding the network with packets, its easily stoped and easily prevented. Take it from a bunch of kids who cant spell every other word right.

[Ritchie999]

Grab your self a bottle of holy water and a crucifix and hope for the best!

[hipy]

Quote:

Originally Posted by Warmonger

You say limit 1 connection per ip adress.

So that is your fix? limit 1 connection per ip? well good luck with blocking it then

btw by blocking there ip they still DO go over your network card. since it needs to reach your firewall. So it still uses up bandwith...

Or can you prove me you can block it so the ddos doesnt even touch your server( withouth firewalls from the server house bla bla )

btw you all seem to support this cisco super firewall shit, but tell me, HOW MUCH people that host a server realy have it.

For that 1 time per 2 months that they are ddosed?

[laserhel50]

come on...
you can write a Script...

Quote:

Originally Posted by Warmonger There's Also A GUI Front End For It Aswell. Write A Simple Ruleset To Limit Incomming Connections To 5 Per Source Address. This Should Stop Most Of The Attacks.

This suggestion is i think still the Best...
Write a script witch will Limit Incomming Connections To 3 Per Source Address.
best Solution... i know it comes from like 1000's of pc's but most of these pc's will send more than 1 DDos attack.

[Warmonger]

Quote:

Originally Posted by hipy Quote: Originally Posted by Warmonger You say limit 1 connection per ip adress. So that is your fix? limit 1 connection per ip? well good luck with blocking it then btw by blocking there ip they still DO go over your network card. since it needs to reach your firewall. So it still uses up bandwith... Or can you prove me you can block it so the ddos doesnt even touch your server( withouth firewalls from the server house bla bla ) btw you all seem to support this cisco super firewall shit, but tell me, HOW MUCH people that host a server realy have it. For that 1 time per 2 months that they are ddosed?

All hail the almighty noob! Dude when your IP baned you can NOT send packets to the server. Maybe you dont understand how routers and computers communicate. WIPFW is actually all you do need. It logs every connection in WINDOWS\Security\Logs which are labeled by date. Not hard to spot a (D)DoS flood in the logs. Create a new rule for WIPFW to denie all connections from that IP. Tada any packets from that network will never reach yours. Thier computer sends a request, server doesnt send a response. Once again dont try and flame me if your not even going to take the time to spell your words right.

[Woet]

Most DDoSes fill up the 100 mbit uplink, no software or firewall can block that.
If it's less than 100 mbit, you can indeed run tcpdump or the windows equivalent and block those IP's.