Login

mcreed · 14.07.2018, 03:58

Hi.

I have 3 server's on a VPS a long time ago that had no problems, but in the last few days they have started attacking me by sending UDP packets.
Also these UDP packets are very similar to those of SA-MP so I can not find how to avoid them.
Nor can I block the IP because it comes from several.
The attack sends as 4 UDP packets per second, and after these, changes IP and sends another 4 packets, and so on.
Would you have any idea?
My VPS is from nfo.
Here are the attacker's packages:

Quote:

12:56:37.676903 IP (tos 0x0, ttl 114, id 43000, offset 0, flags [none], proto UDP (17), length 43)
190.164.107.140.38638 > x.x.x.x.9010: UDP, payload 15
0x0000: 4500 002b a7f8 0000 7211 bbc4 bea4 6b8c E..+....r.....k.
0x0010: 4a5b 7079 96ee 2332 0017 3b6e 5341 4d50 J[py..#2..;nSAMP
0x0020: 4a5b 7079 b3cd 7070 3887 6d J[py..pp8.m
12:56:37.676907 IP (tos 0x0, ttl 114, id 43001, offset 0, flags [none], proto UDP (17), length 39)
190.164.107.140.38638 > x.x.x.x.9010: UDP, payload 11
0x0000: 4500 0027 a7f9 0000 7211 bbc7 bea4 6b8c E..'....r.....k.
0x0010: 4a5b 7079 96ee 2332 0013 ee6d 5341 4d50 J[py..#2...mSAMP
0x0020: 4a5b 7079 b3cd 63 J[py..c
12:56:37.676912 IP (tos 0x0, ttl 114, id 43002, offset 0, flags [none], proto UDP (17), length 39)
190.164.107.140.38638 > x.x.x.x.9010: UDP, payload 11
0x0000: 4500 0027 a7fa 0000 7211 bbc6 bea4 6b8c E..'....r.....k.
0x0010: 4a5b 7079 96ee 2332 0013 df6d 5341 4d50 J[py..#2...mSAMP
0x0020: 4a5b 7079 b3cd 72 J[py..r
12:56:37.676916 IP (tos 0x0, ttl 114, id 43003, offset 0, flags [none], proto UDP (17), length 43)
190.164.107.140.38638 > x.x.x.x.9010: UDP, payload 15
0x0000: 4500 002b a7fb 0000 7211 bbc1 bea4 6b8c E..+....r.....k.
0x0010: 4a5b 7079 96ee 2332 0017 53f2 5341 4d50 J[py..#2..S.SAMP
0x0020: 4a5b 7079 b3cd 701d b055 dd J[py..p..U.
12:56:37.676920 IP (tos 0x0, ttl 114, id 43004, offset 0, flags [none], proto UDP (17), length 32)
190.164.107.140.38638 > x.x.x.x.9010: UDP, payload 4
0x0000: 4500 0020 a7fc 0000 7211 bbcb bea4 6b8c E.......r.....k.
0x0010: 4a5b 7079 96ee 2332 000c 33b8 081e 24da J[py..#2..3...$.
12:56:37.677247 IP (tos 0x0, ttl 81, id 47028, offset 0, flags [none], proto UDP (17), length 39)
181.193.148.91.23247 > x.x.x.x.9010: UDP, payload 11
0x0000: 4500 0027 b7b4 0000 5111 ad20 b5c1 945b E..'....Q......[
0x0010: 4a5b 7079 5acf 2332 0013 089a 5341 4d50 J[pyZ.#2....SAMP
0x0020: 4a5b 7079 afd4 69 J[py..i

~~CodeStyle175~~ · 16.07.2018, 22:37

what cheap shit are you using for hosting?

GTLS · 18.07.2018, 05:54

Get a real host with firewall and all.

ColorHost-Kevin · 29.07.2018, 17:48

I would get host that specializes in UDP DDOS protection. Most services nowadays offer this.

Also contacting your host to see what they can offer helps as well.

Oriovo · 08.08.2018, 21:09

Quote:

Originally Posted by Y_Less

I'm sorry, 4 packets per second is considered a flood?

Sorry my bad english

Hi, I'm this user, I just lost my account.

Explaining myself better:
The attack uses different IP's, each IP sends a packet of 31, 32, 39 and 43 in general, after this the IP changes and repeats the process.
Repeat this process a huge number of times in less than 1 second, which causes the server to stop responding.
I could say that for every second it sends more than 200 packages.

The example I put above are only a few packets of many that it sends.

I use an NFO VPS.

iLearner · 09.08.2018, 07:39

200 packets per second is a lot?

Login
Username:
Password:	Lost Password?
	Remember me