that's a private file On Mon, Oct 5, 2015 at 10:01 AM, Левинчук Федор <[email protected]> wrote: > this is tcpdump during ddos > https://drive.google.com/open?id=0B9GQJednE4hjYnRrN2p0Tk44bmM > > > 05.10.2015, 17:46, "Roland Mondek" <[email protected]>: >> It is and it will be always possible to DDOS any csgo server if it does not >> use some kind of two-way ddos protection. You can drop packets with specific >> length / not contain specific string...but is is very easy to copy legit >> srcds packet with legit length and flood any srcds server in the world with >> the legit packets....Those packts are for example qconnect or ...U.. >> packet...This is a common issue of SRCDS. >> >> On Mon, Oct 5, 2015 at 9:22 AM, Don Park <[email protected]> wrote: >>> Could you please explain how its outdated then? Because it addresses the >>> theoretical maximum bandwidth use within actual physical limitations of >>> networking. The math is still the same. Its still used for insurgency >>> game servers and they share a fair amount of networking code. >>> >>> On Oct 5, 2015 4:17 PM, "Nomaan Ahmad" <[email protected]> wrote: >>>> That wiki is really old and isn't for CS:GO. >>>> >>>> On 5 October 2015 at 08:09, Don Park <[email protected]> wrote: >>>>> Oh also. This is probably something you want for your iptables >>>>> configuration if you do go that route. >>>>> >>>>> https://steamcommunity.com/linkfilter/?url=http://whisper.ausgamers.com/wiki/index.php/Tickrate#Server_Bandwidth_Calculation_for_Dummies >>>>> >>>>> On Oct 5, 2015 4:06 PM, "Don Park" <[email protected]> wrote: >>>>>> Banning the ip through the server firewall still has the traffic coming >>>>>> to your server therefore using your bandwidth (since its server side >>>>>> deciding if it wants to drop the traffic). >>>>>> >>>>>> For example, in a very simple terms, if your server has 100 mbit uplink >>>>>> and you block via iptables an IP thats DoSing you at 50 mbit, your >>>>>> resources are still being used up since it still hits the server and the >>>>>> server decided if it wants to pass it to the application or not. That >>>>>> is a little bit of mitigation but won't stop the problem. >>>>>> >>>>>> Same thing can be applied to the datacenter level. Iptables are helpful >>>>>> for the smaller DoS and DDoS, but in the end I don't think it solves the >>>>>> actual core issue. >>>>>> >>>>>> We're going to need more detail, like the tcpdump information or >>>>>> something since all we have to go off of are nonessential information >>>>>> and vague descriptions. Also there's no detail as to what kind of DoS >>>>>> it is (e.g. layer 7 or 3) and if it really is distributed or not. >>>>>> >>>>>> On Oct 5, 2015 3:49 PM, "Левинчук Федор" <[email protected]> >>>>>> wrote: >>>>>>> yep >>>>>>> I think better way it to ban IP that have more trafic to server than it >>>>>>> should >>>>>>> but i don`t know what params i need >>>>>>> for example >>>>>>> at one server i have 4 128 tick public servers with 20 slots each >>>>>>> at second server i have 4 128 tick public compatitive with 11 slots and >>>>>>> gotv(128 snapshot_rate) each >>>>>>> >>>>>>> how to calculate rate rules in iptables and then ban ddos-ers at >>>>>>> fail2ban? >>>>>>> >>>>>>> 05.10.2015, 16:30, "Bruno Garcia" <[email protected]>: >>>>>>>> fail2ban uses iptables for banning... >>>>>>>> >>>>>>>> On Mon, Oct 5, 2015 at 2:42 AM, Левинчук Федор <[email protected]> >>>>>>>> wrote: >>>>>>>>> Hi >>>>>>>>> >>>>>>>>> before it i just block 0:32 byte packages ("connect" flood bug) >>>>>>>>> but someone dropdown my servers by make them do a lot of IO operations >>>>>>>>> I used this guide >>>>>>>>> https://github.com/ulrichblock/bash-scripts-gameserver/blob/master/iptables.sh >>>>>>>>> it helps, but not good enough >>>>>>>>> >>>>>>>>>> /Srcds Hardening guide on Alliedmodders >>>>>>>>> It`s outdated for today ddos bugs >>>>>>>>> >>>>>>>>>> Run a tcpdump and post that here. >>>>>>>>> have one, a lot of packages from one IP with different length, drop >>>>>>>>> link to dump later >>>>>>>>> >>>>>>>>>> tcpdump -i any -c 30000 -w dump1.pcap >>>>>>>>> better >>>>>>>>> tcpdump -i any -C 100 -W 50 -w dump1.pcap >>>>>>>>> >>>>>>>>> it will rollover dump in 50 files by 100mb >>>>>>>>> >>>>>>>>> does someone use iptables & fail2ban combination? >>>>>>>>> >>>>>>>>> 04.10.2015, 21:31, "Calvin J" <[email protected]>: >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> Nobody can help you with the information you have provided. Run a >>>>>>>>>> tcpdump and post that here. Though, chances are unlikely that you're >>>>>>>>>> going to be able to block this with IPTables unless it's small. (If >>>>>>>>>> the attack is exceeding the line speed, run the tcpdump over IPMI.) >>>>>>>>>> >>>>>>>>>> Also, you should dump those firewall rules in the meantime as >>>>>>>>>> they're likely causing you more harm than good. I assume you >>>>>>>>>> followed that IPTables/Srcds Hardening guide on Alliedmodders. And >>>>>>>>>> while some of those rules may be useful, it's extremely unlikely >>>>>>>>>> that you needed to copy and paste everything in that thread. >>>>>>>>>> >>>>>>>>>> Example usage of tcpdump. >>>>>>>>>> >>>>>>>>>> tcpdump -i any -c 30000 -w dump1.pcap >>>>>>>>>> >>>>>>>>>> On 10/4/2015 5:12 AM, Левинчук Федор wrote: >>>>>>>>>>> Hi everyone >>>>>>>>>>> >>>>>>>>>>> need your help >>>>>>>>>>> i have this in iptables >>>>>>>>>>> http://pastebin.com/RX955Vjq >>>>>>>>>>> i have 128 tik servers >>>>>>>>>>> maybe some params in iptable are wrong or missing >>>>>>>>>>> but somehow attacker ddos my MM servers >>>>>>>>>>> can someone give advice? >>>>>>>>>>> thx in advance >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ Csgo_servers >>>>>>>>>>> mailing list [email protected] >>>>>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Calvin Judy >>>>>>>>>> Founder & CEO >>>>>>>>>> PH#: (843) 410-8486 >>>>>>>>>> Mail: [email protected] >>>>>>>>>> >>>>>>>>>> , >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Csgo_servers mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Csgo_servers mailing list >>>>>>>>> [email protected] >>>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>>> >>>>>>>> , >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Csgo_servers mailing list >>>>>>>> [email protected] >>>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Csgo_servers mailing list >>>>>>> [email protected] >>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> -- >> S pozdravom / Sincerely, >> Roland Mondek >> >> , >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
