Ddos will still eat up your bandwidth even if blocked at your OS machine level. On 5 Oct 2015 12:17, "Nomaan Ahmad" <[email protected]> wrote:
> That wiki is really old and isn't for CS:GO. > > On 5 October 2015 at 08:09, Don Park <[email protected]> wrote: > >> Oh also. This is probably something you want for your iptables >> configuration if you do go that route. >> >> >> https://steamcommunity.com/linkfilter/?url=http://whisper.ausgamers.com/wiki/index.php/Tickrate#Server_Bandwidth_Calculation_for_Dummies >> On Oct 5, 2015 4:06 PM, "Don Park" <[email protected]> wrote: >> >>> Banning the ip through the server firewall still has the traffic coming >>> to your server therefore using your bandwidth (since its server side >>> deciding if it wants to drop the traffic). >>> >>> For example, in a very simple terms, if your server has 100 mbit uplink >>> and you block via iptables an IP thats DoSing you at 50 mbit, your >>> resources are still being used up since it still hits the server and the >>> server decided if it wants to pass it to the application or not. That is a >>> little bit of mitigation but won't stop the problem. >>> >>> Same thing can be applied to the datacenter level. Iptables are helpful >>> for the smaller DoS and DDoS, but in the end I don't think it solves the >>> actual core issue. >>> >>> We're going to need more detail, like the tcpdump information or >>> something since all we have to go off of are nonessential information and >>> vague descriptions. Also there's no detail as to what kind of DoS it is >>> (e.g. layer 7 or 3) and if it really is distributed or not. >>> On Oct 5, 2015 3:49 PM, "Левинчук Федор" <[email protected]> >>> wrote: >>> >>>> yep >>>> I think better way it to ban IP that have more trafic to server than it >>>> should >>>> but i don`t know what params i need >>>> for example >>>> at one server i have 4 128 tick public servers with 20 slots each >>>> at second server i have 4 128 tick public compatitive with 11 slots and >>>> gotv(128 snapshot_rate) each >>>> >>>> how to calculate rate rules in iptables and then ban ddos-ers at >>>> fail2ban? >>>> >>>> 05.10.2015, 16:30, "Bruno Garcia" <[email protected]>: >>>> > fail2ban uses iptables for banning... >>>> > >>>> > On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]> >>>> wrote: >>>> >> Hi >>>> >> >>>> >> before it i just block 0:32 byte packages ("connect" flood bug) >>>> >> but someone dropdown my servers by make them do a lot of IO >>>> operations >>>> >> I used this guide >>>> >> >>>> https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh >>>> >> it helps, but not good enough >>>> >> >>>> >>> /Srcds Hardening guide on Alliedmodders >>>> >> It`s outdated for today ddos bugs >>>> >> >>>> >>> Run a tcpdump and post that here. >>>> >> have one, a lot of packages from one IP with different length, drop >>>> link to dump later >>>> >> >>>> >>> tcpdump -i any -c 30000 -w dump1.pcap >>>> >> better >>>> >> tcpdump -i any -C 100 -W 50 -w dump1.pcap >>>> >> >>>> >> it will rollover dump in 50 files by 100mb >>>> >> >>>> >> does someone use iptables & fail2ban combination? >>>> >> >>>> >> 04.10.2015, 21:31, "Calvin J" <[email protected]>: >>>> >>> Hi, >>>> >>> >>>> >>> Nobody can help you with the information you have provided. Run a >>>> tcpdump and post that here. Though, chances are unlikely that you're going >>>> to be able to block this with IPTables unless it's small. (If the attack is >>>> exceeding the line speed, run the tcpdump over IPMI.) >>>> >>> >>>> >>> Also, you should dump those firewall rules in the meantime as >>>> they're likely causing you more harm than good. I assume you followed that >>>> IPTables/Srcds Hardening guide on Alliedmodders. And while some of those >>>> rules may be useful, it's extremely unlikely that you needed to copy and >>>> paste everything in that thread. >>>> >>> >>>> >>> Example usage of tcpdump. >>>> >>> >>>> >>> tcpdump -i any -c 30000 -w dump1.pcap >>>> >>> >>>> >>> On 10/4/2015 5:12 AM, Левинчук Федор wrote: >>>> >>>> Hi everyone >>>> >>>> >>>> >>>> need your help >>>> >>>> i have this in iptables >>>> >>>> http://pastebin.com/RX955Vjq >>>> >>>> i have 128 tik servers >>>> >>>> maybe some params in iptable are wrong or missing >>>> >>>> but somehow attacker ddos my MM servers >>>> >>>> can someone give advice? >>>> >>>> thx in advance >>>> >>>> >>>> >>>> _______________________________________________ Csgo_servers >>>> mailing list [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>> >>>> >>> -- >>>> >>> Calvin Judy >>>> >>> Founder & CEO >>>> >>> PH#: (843) 410-8486 >>>> >>> Mail: [email protected] >>>> >>> >>>> >>> , >>>> >>> >>>> >>> _______________________________________________ >>>> >>> Csgo_servers mailing list >>>> >>> [email protected] >>>> >>> >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >> >>>> >> _______________________________________________ >>>> >> Csgo_servers mailing list >>>> >> [email protected] >>>> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> > >>>> > , >>>> > >>>> > _______________________________________________ >>>> > Csgo_servers mailing list >>>> > [email protected] >>>> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
