ihih, nice :) the most important thing while being ddosed is to report to the relevant abuse desks so they can clean up their networks ;)
Il 27/11/2012 14.26, Michael Johansen ha scritto: > I am indeed. Thank you for all your help :) >> Date: Tue, 27 Nov 2012 14:25:24 +0100 >> From: e...@evcz.tk >> To: hlds_linux@list.valvesoftware.com >> Subject: Re: [hlds_linux] Incoming DoS attack >> >> Hi, >> >> are you the Mike on WHT? >> >> I was the one replying in there :D >> >> Il 27/11/2012 13.54, Michael Johansen ha scritto: >>> My face when, I just analyzed my own tcpdump and I had over ~150 Mbit/s >>> traffic on UDP, where as my SYN stood for about 50k pps. >>>> From: sai...@specialattack.net >>>> To: hlds_linux@list.valvesoftware.com >>>> Date: Tue, 27 Nov 2012 11:29:01 +0100 >>>> Subject: Re: [hlds_linux] Incoming DoS attack >>>> >>>> We have no control over the upstream network. All I can do is filter the >>>> packets at the machine, but that wouldn't prevent the link from still >>>> being overloaded. >>>> >>>> Currently a null-route is in place to stop the attack at the network >>>> boarder. >>>> >>>> Saint K. >>>> ________________________________________ >>>> From: hlds_linux-boun...@list.valvesoftware.com >>>> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen >>>> [michs...@live.no] >>>> Sent: 27 November 2012 11:26 >>>> To: hlds_linux@list.valvesoftware.com >>>> Subject: Re: [hlds_linux] Incoming DoS attack >>>> >>>> Just took a look at the tcpdump, doesn't look like the attacks I'm having. >>>> I may be stupid now, but wouldn't it work just by blocking packets with >>>> the size of 50? >>>> >>>>> From: sai...@specialattack.net >>>>> To: hlds_linux@list.valvesoftware.com >>>>> Date: Tue, 27 Nov 2012 11:19:08 +0100 >>>>> Subject: Re: [hlds_linux] Incoming DoS attack >>>>> >>>>> The IP's in the dump originate from China, but as it's UDP it could very >>>>> well be spoofed. >>>>> >>>>> Looking at the payload in the packets, each new packet only has 1 >>>>> character change from the previous packet. >>>>> >>>>> Bruteforce, or perhaps signature scanning evasion? >>>>> >>>>> Saint K. >>>>> ________________________________________ >>>>> From: hlds_linux-boun...@list.valvesoftware.com >>>>> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Michael Johansen >>>>> [michs...@live.no] >>>>> Sent: 27 November 2012 11:15 >>>>> To: hlds_linux@list.valvesoftware.com >>>>> Subject: Re: [hlds_linux] Incoming DoS attack >>>>> >>>>> I haven't looked at the tcpdump, but I have been getting attacks too, >>>>> they're SYN floods, 300 - 400 mbps in size and always coming from >>>>> local/reserved (0.x) ip's. All started soem time after we set up our mvm >>>>> serves. >>>>>> From: sai...@specialattack.net >>>>>> To: hlds_linux@list.valvesoftware.com >>>>>> Date: Tue, 27 Nov 2012 10:56:28 +0100 >>>>>> Subject: [hlds_linux] Incoming DoS attack >>>>>> >>>>>> Hi, >>>>>> >>>>>> We've been having DoS attacks aimed at one of our MvM servers. >>>>>> >>>>>> Anyone have any idea what they're attempting to do here? It is just to >>>>>> make the server unreachable, or are the actually trying to exploit srcds >>>>>> somehow? >>>>>> >>>>>> Here's a tcpdump made for about 30 seconds during the attack (which is >>>>>> still ongoing); >>>>>> >>>>>> http://www.specialattack.net/downloads/dump.rar >>>>>> >>>>>> Saint K. >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> please visit: >>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
