Oh also. This is probably something you want for your iptables configuration if you do go that route.
https://steamcommunity.com/linkfilter/?url=http://whisper.ausgamers.com/wiki/index.php/Tickrate#Server_Bandwidth_Calculation_for_Dummies On Oct 5, 2015 4:06 PM, "Don Park" <[email protected]> wrote: > Banning the ip through the server firewall still has the traffic coming to > your server therefore using your bandwidth (since its server side deciding > if it wants to drop the traffic). > > For example, in a very simple terms, if your server has 100 mbit uplink > and you block via iptables an IP thats DoSing you at 50 mbit, your > resources are still being used up since it still hits the server and the > server decided if it wants to pass it to the application or not. That is a > little bit of mitigation but won't stop the problem. > > Same thing can be applied to the datacenter level. Iptables are helpful > for the smaller DoS and DDoS, but in the end I don't think it solves the > actual core issue. > > We're going to need more detail, like the tcpdump information or something > since all we have to go off of are nonessential information and vague > descriptions. Also there's no detail as to what kind of DoS it is (e.g. > layer 7 or 3) and if it really is distributed or not. > On Oct 5, 2015 3:49 PM, "Левинчук Федор" <[email protected]> > wrote: > >> yep >> I think better way it to ban IP that have more trafic to server than it >> should >> but i don`t know what params i need >> for example >> at one server i have 4 128 tick public servers with 20 slots each >> at second server i have 4 128 tick public compatitive with 11 slots and >> gotv(128 snapshot_rate) each >> >> how to calculate rate rules in iptables and then ban ddos-ers at fail2ban? >> >> 05.10.2015, 16:30, "Bruno Garcia" <[email protected]>: >> > fail2ban uses iptables for banning... >> > >> > On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]> >> wrote: >> >> Hi >> >> >> >> before it i just block 0:32 byte packages ("connect" flood bug) >> >> but someone dropdown my servers by make them do a lot of IO operations >> >> I used this guide >> >> >> https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh >> >> it helps, but not good enough >> >> >> >>> /Srcds Hardening guide on Alliedmodders >> >> It`s outdated for today ddos bugs >> >> >> >>> Run a tcpdump and post that here. >> >> have one, a lot of packages from one IP with different length, drop >> link to dump later >> >> >> >>> tcpdump -i any -c 30000 -w dump1.pcap >> >> better >> >> tcpdump -i any -C 100 -W 50 -w dump1.pcap >> >> >> >> it will rollover dump in 50 files by 100mb >> >> >> >> does someone use iptables & fail2ban combination? >> >> >> >> 04.10.2015, 21:31, "Calvin J" <[email protected]>: >> >>> Hi, >> >>> >> >>> Nobody can help you with the information you have provided. Run a >> tcpdump and post that here. Though, chances are unlikely that you're going >> to be able to block this with IPTables unless it's small. (If the attack is >> exceeding the line speed, run the tcpdump over IPMI.) >> >>> >> >>> Also, you should dump those firewall rules in the meantime as they're >> likely causing you more harm than good. I assume you followed that >> IPTables/Srcds Hardening guide on Alliedmodders. And while some of those >> rules may be useful, it's extremely unlikely that you needed to copy and >> paste everything in that thread. >> >>> >> >>> Example usage of tcpdump. >> >>> >> >>> tcpdump -i any -c 30000 -w dump1.pcap >> >>> >> >>> On 10/4/2015 5:12 AM, Левинчук Федор wrote: >> >>>> Hi everyone >> >>>> >> >>>> need your help >> >>>> i have this in iptables >> >>>> http://pastebin.com/RX955Vjq >> >>>> i have 128 tik servers >> >>>> maybe some params in iptable are wrong or missing >> >>>> but somehow attacker ddos my MM servers >> >>>> can someone give advice? >> >>>> thx in advance >> >>>> >> >>>> _______________________________________________ Csgo_servers mailing >> list [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >>> >> >>> -- >> >>> Calvin Judy >> >>> Founder & CEO >> >>> PH#: (843) 410-8486 >> >>> Mail: [email protected] >> >>> >> >>> , >> >>> >> >>> _______________________________________________ >> >>> Csgo_servers mailing list >> >>> [email protected] >> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> _______________________________________________ >> >> Csgo_servers mailing list >> >> [email protected] >> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > >> > , >> > >> > _______________________________________________ >> > Csgo_servers mailing list >> > [email protected] >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
