Banning the ip through the server firewall still has the traffic coming to your server therefore using your bandwidth (since its server side deciding if it wants to drop the traffic).
For example, in a very simple terms, if your server has 100 mbit uplink and you block via iptables an IP thats DoSing you at 50 mbit, your resources are still being used up since it still hits the server and the server decided if it wants to pass it to the application or not. That is a little bit of mitigation but won't stop the problem. Same thing can be applied to the datacenter level. Iptables are helpful for the smaller DoS and DDoS, but in the end I don't think it solves the actual core issue. We're going to need more detail, like the tcpdump information or something since all we have to go off of are nonessential information and vague descriptions. Also there's no detail as to what kind of DoS it is (e.g. layer 7 or 3) and if it really is distributed or not. On Oct 5, 2015 3:49 PM, "Левинчук Федор" <[email protected]> wrote: > yep > I think better way it to ban IP that have more trafic to server than it > should > but i don`t know what params i need > for example > at one server i have 4 128 tick public servers with 20 slots each > at second server i have 4 128 tick public compatitive with 11 slots and > gotv(128 snapshot_rate) each > > how to calculate rate rules in iptables and then ban ddos-ers at fail2ban? > > 05.10.2015, 16:30, "Bruno Garcia" <[email protected]>: > > fail2ban uses iptables for banning... > > > > On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]> > wrote: > >> Hi > >> > >> before it i just block 0:32 byte packages ("connect" flood bug) > >> but someone dropdown my servers by make them do a lot of IO operations > >> I used this guide > >> > https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh > >> it helps, but not good enough > >> > >>> /Srcds Hardening guide on Alliedmodders > >> It`s outdated for today ddos bugs > >> > >>> Run a tcpdump and post that here. > >> have one, a lot of packages from one IP with different length, drop > link to dump later > >> > >>> tcpdump -i any -c 30000 -w dump1.pcap > >> better > >> tcpdump -i any -C 100 -W 50 -w dump1.pcap > >> > >> it will rollover dump in 50 files by 100mb > >> > >> does someone use iptables & fail2ban combination? > >> > >> 04.10.2015, 21:31, "Calvin J" <[email protected]>: > >>> Hi, > >>> > >>> Nobody can help you with the information you have provided. Run a > tcpdump and post that here. Though, chances are unlikely that you're going > to be able to block this with IPTables unless it's small. (If the attack is > exceeding the line speed, run the tcpdump over IPMI.) > >>> > >>> Also, you should dump those firewall rules in the meantime as they're > likely causing you more harm than good. I assume you followed that > IPTables/Srcds Hardening guide on Alliedmodders. And while some of those > rules may be useful, it's extremely unlikely that you needed to copy and > paste everything in that thread. > >>> > >>> Example usage of tcpdump. > >>> > >>> tcpdump -i any -c 30000 -w dump1.pcap > >>> > >>> On 10/4/2015 5:12 AM, Левинчук Федор wrote: > >>>> Hi everyone > >>>> > >>>> need your help > >>>> i have this in iptables > >>>> http://pastebin.com/RX955Vjq > >>>> i have 128 tik servers > >>>> maybe some params in iptable are wrong or missing > >>>> but somehow attacker ddos my MM servers > >>>> can someone give advice? > >>>> thx in advance > >>>> > >>>> _______________________________________________ Csgo_servers mailing > list [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > >>> > >>> -- > >>> Calvin Judy > >>> Founder & CEO > >>> PH#: (843) 410-8486 > >>> Mail: [email protected] > >>> > >>> , > >>> > >>> _______________________________________________ > >>> Csgo_servers mailing list > >>> [email protected] > >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > >> > >> _______________________________________________ > >> Csgo_servers mailing list > >> [email protected] > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > , > > > > _______________________________________________ > > Csgo_servers mailing list > > [email protected] > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
