[THE_KNOWN]

erm.. i've heard of some servers being attacked by ddos or smthing. can anyone explain what they and what they do and also how to protect it? i have a homehosted server and i dont want it to be attacked

[alpha500delta]

ddos attacks can be various things, like spamming your server witch packages. But homehosted servers don't get attacked much... I believe

[Agent Smith]

Quote:

Originally Posted by alpha500delta ddos attacks can be various things, like spamming your server witch packages. But homehosted servers don't get attacked much... I believe

Well it does depend. Many home hosted servers might be copying other servers or trying to steal other members from different communities. These home hosted servers are the liable for a DDoS attack.

On Topic: There isn't really a lot you can do unless you are willing to spend some money. Depending on what operating system you are using. If you are using Linux then you could probably null route the IP address that is DDoS'ing you but that is quite hard work. You could buy a Cisco Firewall and set it up so that if you get large ammounts of traffic from one IP address it blocks in.

My advice is just to host your server and then if you get a problem then move it to a profesional hosting company that would be able to deal with DDoS attacks more easily.

Read this for more information on how to protect yourself from DDoS attacks: http://www.cisco.com/en/US/prod/coll...d8011e927.html

[THE_KNOWN]

hm... by what do you mean by spamming? today i just check my console and i had a BAD Rcon login form ip spam

[JaTochNietDan]

Quote:

Originally Posted by THE_KNOWN hm... by what do you mean by spamming? today i just check my console and i had a BAD Rcon login form ip spam

DDoS stands for Distributed Denial of Service. It's the same as Denial of Service (DoS), except you have multiple computers comitting the attack, generally these computers are part of a botnet, which is a network of infected computers that are being given commands remotely. Denial of Service is exactly what it says, it's the denial of your service, so you're paying to rent a gameserver, and someone is comitting a Denial of Service attack on your server, hence denying your service. Usually, these attacks are comitted in the distributed form, where they have many computers flooding the service at once, the combined bandwidth is too much for the server connection to handle. There are also cases where exploited websites are used to attack, which means far more bandwidth in general.

"Bad RCON Login" is not a Denial of Service attack, since they are not denying your service. It may be a dictionary or bruteforce attack though, which is another different type of attack. You can read more about this yourself on the Wikipedia. The best way to protect yourself against these kind of attacks is to either disable RCON using "RCON 0" in the server.cfg, or else by making your RCON password long and unique.

[THE_KNOWN]

thanks

[Biesmen]

@JaTochNietDan

I've heard sometimes you can crash a server by pinging that server IP all the time. If you have made a loop to ping the server, it can't startup until you close the batch or turn off your comp. Is this also a DDoS attack? This attack denies services(the server) to start up.

PS: I'm not sure if it works for SAMP Servers.

[JaTochNietDan]

Quote:

Originally Posted by Biesmen @JaTochNietDan I've heard sometimes you can crash a server by pinging that server IP all the time. If you have made a loop to ping the server, it can't startup until you close the batch or turn off your comp. Is this also a DDoS attack? This attack denies services(the server) to start up. PS: I'm not sure if it works for SAMP Servers.

Well what you've described is pretty much what a general denial of service flood is, although just one connection is never really going to be enough to do this, unless you have a lot of bandwidth at your disposal. This is why people go around infecting a lot of PC's, so they have hundreds of 1Mb/s and 3Mb/s connections and so on, that they can take full advantage of at any time and flood a server. So lets say just a random example, some guy has 100 infected computers that are able to dish out 1Mb/s. This is probably enough to perform a fairly reasonable attack on most dedicated servers, as most of them have a 100Mb/s connection.

The point of this type of attack is to take up all of the available bandwidth of the server, so that the legitimate clients who are trying to connect to the SA-MP servers hosted on the box are not able to get their traffic through, simply because all of the traffic is being taken up by the attacking networks. It doesn't actually cause the server software to crash or anything like that, it's just that you cannot access the server due to all of the available bandwidth being consumed.

There are other types of floods too, like syn floods, which attempt to take up all of the available ports on the system so that legitimate users cannot get a port allocated to them for transferring of data. This type of attack takes advantage of the SYN/ACK system the TCP protocol has in place.

There are also what I would call "DoS Exploits", which are basically denial of service attacks on a certain type of software that may be super effective because of a piece of bad coding or something. This means that more problems can be caused by less attackers and less bandwidth, in some cases a single client would be able to cause servers to crash. These however, are software related exploits, and are generally not the target of DDoS attacks.

I hope this information helps

[Biesmen]

Quote:

Originally Posted by JaTochNietDan I hope this information helps

Yes it did. Thank you for clearing it up.