yep I think better way it to ban IP that have more trafic to server than it should but i don`t know what params i need for example at one server i have 4 128 tick public servers with 20 slots each at second server i have 4 128 tick public compatitive with 11 slots and gotv(128 snapshot_rate) each
how to calculate rate rules in iptables and then ban ddos-ers at fail2ban? 05.10.2015, 16:30, "Bruno Garcia" <[email protected]>: > fail2ban uses iptables for banning... > > On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]> wrote: >> Hi >> >> before it i just block 0:32 byte packages ("connect" flood bug) >> but someone dropdown my servers by make them do a lot of IO operations >> I used this guide >> https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh >> it helps, but not good enough >> >>> /Srcds Hardening guide on Alliedmodders >> It`s outdated for today ddos bugs >> >>> Run a tcpdump and post that here. >> have one, a lot of packages from one IP with different length, drop link to >> dump later >> >>> tcpdump -i any -c 30000 -w dump1.pcap >> better >> tcpdump -i any -C 100 -W 50 -w dump1.pcap >> >> it will rollover dump in 50 files by 100mb >> >> does someone use iptables & fail2ban combination? >> >> 04.10.2015, 21:31, "Calvin J" <[email protected]>: >>> Hi, >>> >>> Nobody can help you with the information you have provided. Run a tcpdump >>> and post that here. Though, chances are unlikely that you're going to be >>> able to block this with IPTables unless it's small. (If the attack is >>> exceeding the line speed, run the tcpdump over IPMI.) >>> >>> Also, you should dump those firewall rules in the meantime as they're >>> likely causing you more harm than good. I assume you followed that >>> IPTables/Srcds Hardening guide on Alliedmodders. And while some of those >>> rules may be useful, it's extremely unlikely that you needed to copy and >>> paste everything in that thread. >>> >>> Example usage of tcpdump. >>> >>> tcpdump -i any -c 30000 -w dump1.pcap >>> >>> On 10/4/2015 5:12 AM, Левинчук Федор wrote: >>>> Hi everyone >>>> >>>> need your help >>>> i have this in iptables >>>> http://pastebin.com/RX955Vjq >>>> i have 128 tik servers >>>> maybe some params in iptable are wrong or missing >>>> but somehow attacker ddos my MM servers >>>> can someone give advice? >>>> thx in advance >>>> >>>> _______________________________________________ Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> -- >>> Calvin Judy >>> Founder & CEO >>> PH#: (843) 410-8486 >>> Mail: [email protected] >>> >>> , >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > , > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
