Re: [hlds] Under attack again

[Mike Olsen]

well i would ban his ip in the game but also on your router or firewalls,
unfortunately if he knows what he is doing he will change out his ip so
definitely ban the steam id, also what i have been doing lately is banning
steam ids of their friends in the steam community

On Mon, Apr 21, 2008 at 4:36 PM, Tony Paloma <[EMAIL PROTECTED]>
wrote:

> It looks like the attacker is just spamming connect/disconnect to any port
> he can get his hands on
>
>  TCP    C18492-111562:epmap
> pool-96-250-36-94.nycmny.fios.verizon.net:44654
>  ESTABLISHED
>  TCP    C18492-111562:1035
> pool-96-250-36-94.nycmny.fios.verizon.net:44649
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:44992
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:45231
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43844
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43845
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43847
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43852
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43853
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43860
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43863
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43866
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43868
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:43871
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:44992
>  ESTABLISHED
>  TCP    C18492-111562:27015
> pool-96-250-36-94.nycmny.fios.verizon.net:45231
>  ESTABLISHED
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tony Paloma
> Sent: Monday, April 21, 2008 4:29 PM
> To: 'Half-Life dedicated Win32 server mailing list'
> Subject: [hlds] Under attack again
>
> I'm under attack again. The people attacking are now trying to attack my
> FTP
> server as well (so I have some IPs). I've also got some .cap files from
> Microsoft Network Monitor. I'm looking for other monitor tools right now.
>
> (003205) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003205) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003205) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003206) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003206) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003206) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003207) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003207) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003207) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003208) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003208) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003208) 4/21/2008 6:26:26 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003209) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003209) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003209) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003210) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003210) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003210) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003211) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003211) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003211) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003212) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003212) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003212) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003213) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003213) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003213) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003214) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003214) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003214) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003215) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003215) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003215) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003216) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003216) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003216) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003217) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003217) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003217) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
> (003218) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) > connected
> to ip : 74.54.24.200
> (003218) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> connection
> failed : IP is blocked for 3600 second(s).
> (003218) 4/21/2008 6:26:27 PM - (not logged in) (96.250.36.94) >
> disconnected.
>
> Name:    pool-96-250-36-94.nycmny.fios.verizon.net
> Address:  96.250.36.94
>
> Here's the fun part. It turns out that same IP has been used on my game
> server.
>
> SELECT * FROM `connectlog` WHERE `ip` '96.250.36.94'
> Turns up results:
> N3m3sis STEAM_0:1:2002203
> He was a player on my 24/7 2fort server.
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds
>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds