So there is a firewall in between. But it shouldn't slow traffic down because if there is incoming DDOS, it will Blackhole/null route the ip. Basically it won't reach my server. Therefore it is still a bandwidth issue.
I want to know what is restricting the bandwidth. I can download upload files at a high speed. 1 gig download 100mbps upload. But srcds can only use 13.5mbps. Basically everyone has the same amount lag no matter they are overseas or locally. Sent from my iPhone > On 26 Nov, 2013, at 6:19 am, "ritual" <[email protected]> wrote: > > To be honest it's a bit of a cop-out answer as most script-kiddie DDOS > attacks are from UDP SYN Flooding which are can be stopped by hardware > firewalls. If it was a firewall issue, there would be more than one system > affected and therefore more people complaining. I think we've narrowed down > the problem here to limited bandwidth and that it is now up to his vendor to > see if it is possible for them to provide more. Lowering tick and limiting > players are all temporary fixes to the over-arching problem. > > Good luck with the vendor. > > > > > >> On Mon, Nov 25, 2013 at 12:01 PM, Marco Padovan <[email protected]> wrote: >> Maybe then the issue relies on the hardware firewall. >> >> Post the specs and rulesets in use >> >> Marco Padovan >> Chief Technical Officer >> http://www.hiperz.com >> >> >>> On Mon, Nov 25, 2013 at 4:29 PM, arnold lam <[email protected]> wrote: >>> It has hardware firewall, that's why ip tables is not needed. Btw basically >>> I'm the system administrator, they can't do much. >>> >>> Sent from my iPhone >>> >>>> On 25 Nov, 2013, at 11:17 pm, "Marco Padovan" <[email protected]> wrote: >>>> >>>> You are running without any firewall rule?!? O.o >>>> >>>> To me that is not good, nor normal. >>>> >>>> Ask your system administrator to setup a proper firewall ruleset and then >>>> to debug your performance issues, probably it's just something not >>>> setup/properly setup >>>> >>>> Marco Padovan >>>> Chief Technical Officer >>>> http://www.hiperz.com >>>> >>>> >>>>> On Mon, Nov 25, 2013 at 2:33 PM, arnold lam <[email protected]> >>>>> wrote: >>>>> iptables: >>>>> root@arnold:~# iptables -L >>>>> Chain INPUT (policy ACCEPT) >>>>> target prot opt source destination >>>>> >>>>> Chain FORWARD (policy ACCEPT) >>>>> target prot opt source destination >>>>> >>>>> Chain OUTPUT (policy ACCEPT) >>>>> target prot opt source destination >>>>> >>>>> cat /proc/net/udp >>>>> >>>>> >>>>> sl local_address rem_address st tx_queue rx_queue tr tm->when >>>>> retrnsmt uid timeout inode ref pointer drops >>>>> 816: 00000000:6915 00000000:0000 07 00000000:00000000 00:00000000 >>>>> 00000000 1000 0 27068500 2 ffff880213985080 0 >>>>> 920: 00000000:697D 00000000:0000 07 00000000:00000000 00:00000000 >>>>> 00000000 1000 0 27068478 2 ffff880213982300 0 >>>>> 930: 00000000:6987 00000000:0000 07 00000000:00001680 00:00000000 >>>>> 00000000 1000 0 27068477 2 ffff880213980380 615 >>>>> 951: 00000000:699C 00000000:0000 07 00000000:00000000 00:00000000 >>>>> 00000000 1000 0 27068499 2 ffff880213983100 0 >>>>> 2640: 0100007F:0035 00000000:0000 07 00000000:00000000 00:00000000 >>>>> 00000000 0 0 13057 2 ffff880212031180 0 >>>>> >>>>> >>>>> >>>>> >>>>> Is this normal? >>>>> >>>>> >>>>> >>>>> >>>>> Date: Mon, 25 Nov 2013 10:19:03 -0200 >>>>> From: [email protected] >>>>> >>>>> To: [email protected] >>>>> Subject: Re: [Csgo_servers] Huge loss problem >>>>> >>>>> Maybe it's just a firewall limiting the number of packages per seconds, >>>>> very common solution to block DDOS. >>>>> >>>>> You can check the status of udp sockets throgth this command: cat >>>>> /proc/net/udp >>>>> >>>>> Then convert the local_address column to int(hex->int) match your server >>>>> port, if you are using the default config(port 27015), will be something >>>>> like this: XXXXXXXXX:6987. Then check the drops column in the same line. >>>>> >>>>> If is low(less than 2000 running at least 1 hour, with players), probably >>>>> isn't a server problem, maybe a firewall, ddos protecion false positive, >>>>> etc. If is too high, you have a problem in your dedicated server >>>>> configuration. Check your firewall rules( sudo iptables -L). >>>>> >>>>> >>>>> _______________________________________________ Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
