fail2ban uses iptables for banning...
On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]>
wrote:
> Hi
>
> before it i just block 0:32 byte packages ("connect" flood bug)
> but someone dropdown my servers by make them do a lot of IO operations
> I used this guide
>
> https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh
> it helps, but not good enough
>
>
> /Srcds Hardening guide on Alliedmodders
>
> It`s outdated for today ddos bugs
>
>
> Run a tcpdump and post that here.
>
> have one, a lot of packages from one IP with different length, drop link
> to dump later
>
>
>
> tcpdump -i any -c 30000 -w dump1.pcap
>
> better
> tcpdump -i any -C 100 -W 50 -w dump1.pcap
>
> it will rollover dump in 50 files by 100mb
>
> does someone use iptables & fail2ban combination?
>
> 04.10.2015, 21:31, "Calvin J" <[email protected]>:
>
> Hi,
>
> Nobody can help you with the information you have provided. Run a tcpdump
> and post that here. Though, chances are unlikely that you're going to be
> able to block this with IPTables unless it's small. (If the attack is
> exceeding the line speed, run the tcpdump over IPMI.)
>
> Also, you should dump those firewall rules in the meantime as they're
> likely causing you more harm than good. I assume you followed that
> IPTables/Srcds Hardening guide on Alliedmodders. And while some of those
> rules may be useful, it's extremely unlikely that you needed to copy and
> paste everything in that thread.
>
> Example usage of tcpdump.
>
> tcpdump -i any -c 30000 -w dump1.pcap
>
> On 10/4/2015 5:12 AM, Левинчук Федор wrote:
>
> Hi everyone
>
> need your help
> i have this in iptables
> http://pastebin.com/RX955Vjq
> i have 128 tik servers
> maybe some params in iptable are wrong or missing
> but somehow attacker ddos my MM servers
> can someone give advice?
> thx in advance
>
>
>
> _______________________________________________
> Csgo_servers mailing
> [email protected]https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
>
> --
> Calvin Judy
> Founder & CEO
> PH#: (843) 410-8486
> Mail: [email protected]
> ,
>
> _______________________________________________
> Csgo_servers mailing list
> [email protected]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
>
> _______________________________________________
> Csgo_servers mailing list
> [email protected]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
>
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
