this is tcpdump during ddos https://drive.google.com/open?id=0B9GQJednE4hjYnRrN2p0Tk44bmM
05.10.2015, 17:46, "Roland Mondek" <[email protected]>: > It is and it will be always possible to DDOS any csgo server if it does not > use some kind of two-way ddos protection. You can drop packets with specific > length / not contain specific string...but is is very easy to copy legit > srcds packet with legit length and flood any srcds server in the world with > the legit packets....Those packts are for example qconnect or ...U.. > packet...This is a common issue of SRCDS. > > On Mon, Oct 5, 2015 at 9:22 AM, Don Park <[email protected]> wrote: >> Could you please explain how its outdated then? Because it addresses the >> theoretical maximum bandwidth use within actual physical limitations of >> networking. The math is still the same. Its still used for insurgency >> game servers and they share a fair amount of networking code. >> >> On Oct 5, 2015 4:17 PM, "Nomaan Ahmad" <[email protected]> wrote: >>> That wiki is really old and isn't for CS:GO. >>> >>> On 5 October 2015 at 08:09, Don Park <[email protected]> wrote: >>>> Oh also. This is probably something you want for your iptables >>>> configuration if you do go that route. >>>> >>>> https://steamcommunity.com/linkfilter/?url=http://whisper.ausgamers.com/wiki/index.php/Tickrate#Server_Bandwidth_Calculation_for_Dummies >>>> >>>> On Oct 5, 2015 4:06 PM, "Don Park" <[email protected]> wrote: >>>>> Banning the ip through the server firewall still has the traffic coming >>>>> to your server therefore using your bandwidth (since its server side >>>>> deciding if it wants to drop the traffic). >>>>> >>>>> For example, in a very simple terms, if your server has 100 mbit uplink >>>>> and you block via iptables an IP thats DoSing you at 50 mbit, your >>>>> resources are still being used up since it still hits the server and the >>>>> server decided if it wants to pass it to the application or not. That is >>>>> a little bit of mitigation but won't stop the problem. >>>>> >>>>> Same thing can be applied to the datacenter level. Iptables are helpful >>>>> for the smaller DoS and DDoS, but in the end I don't think it solves the >>>>> actual core issue. >>>>> >>>>> We're going to need more detail, like the tcpdump information or >>>>> something since all we have to go off of are nonessential information and >>>>> vague descriptions. Also there's no detail as to what kind of DoS it is >>>>> (e.g. layer 7 or 3) and if it really is distributed or not. >>>>> >>>>> On Oct 5, 2015 3:49 PM, "Левинчук Федор" <[email protected]> >>>>> wrote: >>>>>> yep >>>>>> I think better way it to ban IP that have more trafic to server than it >>>>>> should >>>>>> but i don`t know what params i need >>>>>> for example >>>>>> at one server i have 4 128 tick public servers with 20 slots each >>>>>> at second server i have 4 128 tick public compatitive with 11 slots and >>>>>> gotv(128 snapshot_rate) each >>>>>> >>>>>> how to calculate rate rules in iptables and then ban ddos-ers at >>>>>> fail2ban? >>>>>> >>>>>> 05.10.2015, 16:30, "Bruno Garcia" <[email protected]>: >>>>>>> fail2ban uses iptables for banning... >>>>>>> >>>>>>> On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]> >>>>>>> wrote: >>>>>>>> Hi >>>>>>>> >>>>>>>> before it i just block 0:32 byte packages ("connect" flood bug) >>>>>>>> but someone dropdown my servers by make them do a lot of IO operations >>>>>>>> I used this guide >>>>>>>> https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh >>>>>>>> it helps, but not good enough >>>>>>>> >>>>>>>>> /Srcds Hardening guide on Alliedmodders >>>>>>>> It`s outdated for today ddos bugs >>>>>>>> >>>>>>>>> Run a tcpdump and post that here. >>>>>>>> have one, a lot of packages from one IP with different length, drop >>>>>>>> link to dump later >>>>>>>> >>>>>>>>> tcpdump -i any -c 30000 -w dump1.pcap >>>>>>>> better >>>>>>>> tcpdump -i any -C 100 -W 50 -w dump1.pcap >>>>>>>> >>>>>>>> it will rollover dump in 50 files by 100mb >>>>>>>> >>>>>>>> does someone use iptables & fail2ban combination? >>>>>>>> >>>>>>>> 04.10.2015, 21:31, "Calvin J" <[email protected]>: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Nobody can help you with the information you have provided. Run a >>>>>>>>> tcpdump and post that here. Though, chances are unlikely that you're >>>>>>>>> going to be able to block this with IPTables unless it's small. (If >>>>>>>>> the attack is exceeding the line speed, run the tcpdump over IPMI.) >>>>>>>>> >>>>>>>>> Also, you should dump those firewall rules in the meantime as they're >>>>>>>>> likely causing you more harm than good. I assume you followed that >>>>>>>>> IPTables/Srcds Hardening guide on Alliedmodders. And while some of >>>>>>>>> those rules may be useful, it's extremely unlikely that you needed to >>>>>>>>> copy and paste everything in that thread. >>>>>>>>> >>>>>>>>> Example usage of tcpdump. >>>>>>>>> >>>>>>>>> tcpdump -i any -c 30000 -w dump1.pcap >>>>>>>>> >>>>>>>>> On 10/4/2015 5:12 AM, Левинчук Федор wrote: >>>>>>>>>> Hi everyone >>>>>>>>>> >>>>>>>>>> need your help >>>>>>>>>> i have this in iptables >>>>>>>>>> http://pastebin.com/RX955Vjq >>>>>>>>>> i have 128 tik servers >>>>>>>>>> maybe some params in iptable are wrong or missing >>>>>>>>>> but somehow attacker ddos my MM servers >>>>>>>>>> can someone give advice? >>>>>>>>>> thx in advance >>>>>>>>>> >>>>>>>>>> _______________________________________________ Csgo_servers mailing >>>>>>>>>> list [email protected] >>>>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Calvin Judy >>>>>>>>> Founder & CEO >>>>>>>>> PH#: (843) 410-8486 >>>>>>>>> Mail: [email protected] >>>>>>>>> >>>>>>>>> , >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Csgo_servers mailing list >>>>>>>>> [email protected] >>>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Csgo_servers mailing list >>>>>>>> [email protected] >>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>> >>>>>>> , >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Csgo_servers mailing list >>>>>>> [email protected] >>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>> >>>>>> _______________________________________________ >>>>>> Csgo_servers mailing list >>>>>> [email protected] >>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > -- > S pozdravom / Sincerely, > Roland Mondek > > , > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers _______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
