[guesto]

Hi,

Since some days my gameserver lag. I check my Network Traffic .



you can see an abnormal amount ( + 8mbps ) result In the game= lag/lost connection. I ask my host to check the logs / minotoring but he say "I don't found anything in the logs/minotoring you need to contact the editors of the game if they can give you the reasons, if it can there have logs activated by all the connections?"

- it is possible of allowed simultaneous connections to connect in the game
- it is possible to know all the possible connexions by IP
- If it is possible to log all the connections for the game.

It's possible he don't find anything in the logs? 8mbps it's only a DoS? This is little why it's lags/lost connection my server?

Thank.

[Lightning[SV]]

If its a linux server use tcpdump to capture some packets, you will need to run it continuously or setup a cron job so you get packet samples throughout the day. Then you can look at your graph, find the corresponding packet samples and see what the traffic spikes are.

[kaisersouse]

I sustained the same sort of "attack" last week when a couple of players got mad that someone kept using super-nos to ram them. Exact same looking spike, less than 10mbit, would cause people to lag out of the game.

It lasted all of 15 minutes, and stopped the instant I added their IP ranges to the firewall.

A "safer" alternative to tcpdump (which will FILL your hard drive w/ a huge log if you dont use it right) is 'iptraf'. On most RHEL distros you can just run 'yum install iptraf' and it will install. Gives better real-time monitoring, with more options regarding what to look for, etc.

[ombre]

A attack of 10mbit can to downtime a server?

[guesto]

You ban their ips with iptable? What is the attack type? udp flooding? on the port of the game?

[guesto]

nobody can to help? the server lag or lost conection during 2-3 mn.

I test it: but don't work's: iptables -A INPUT -p udp --dport 7777 -m limit --limit 10/s --limit-burst 20 -j Drop

[Lightning[SV]]

Well you need to re-read the iptables manual. That rule will drop 10 packets every second to the samp server. Remember each player will be sending a lot of packets to the server per second.

For rate limiting you are better off looking at the ipt_recent module as this can be used to rate limit per ip address. You can also match specific packets with the u32 module.

I noticed an up spike on my server recently caused by a player list query flood. I solved it with rules matching the attack.

You really need to capture some of the packets first, then you can write appropriate rate limiting rules, or even a simple ip block if its only caused by a single ip.

[guesto]

Quote:

Originally Posted by Lightning[SV] Well you need to re-read the iptables manual. That rule will drop 10 packets every second to the samp server.

It's too much? You have a idea for to limit the great part of attack? because everybody say use iptable, you need to read...but nobody help with a good rules...