Urban Terror Forums: DRDoS - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
  • (27 Pages)
  • +
  • « First
  • 25
  • 26
  • 27
  • You cannot start a new topic
  • This topic is locked

DRDoS Rate Topic: ***** 1 Votes

Server used as reflector fro DRDoS

#261 User is offline   tomparis Icon

  • Account: tomparis
  • Main tag: oK|
  • Joined: 13-March 10
  • Posts: 14

Posted 09 June 2012 - 11:01 PM

My limit is 2000GB but has no cap. I just incur extra charges. When full with around 64 people, server uses 700K a second upload. They were using three of my servers, each one pushing around 1MB a second. I dont have it set up for alerts as I usually use about 1300GB a month which has been my average over two years, never once exceeded normally. I didn't know this was happening until after the fact when I got messages from my host saying they say DDOS attacks originating from my server and to take action by then it was too late. Meh, I wasn't going to bounce on my bill as my host has been wonderful over the years, so I just paid it and patched and moved on.

#262 User is offline   IceLogic Icon

  • Account: icelogic
  • Main tag: [Ice]
  • Country:
  • Joined: 01-March 10
  • Posts: 6

Posted 11 August 2012 - 09:03 PM

http://www.urbanterr...new-dos-dmrdos/

the link above is to a new unpatched exploit in 4.2 for anyone looking for help and the status.

This post has been edited by IceLogic: 11 August 2012 - 09:07 PM

Join the IceLogic Clan icelogic.org

#263 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 23 November 2012 - 12:59 AM

Hello Thread,

I'd like to start by extending my thanks to all who contributed to fix the outgoing spoofed IP attack traffic. I've not had any abuse complaints since updating the server from the svn and the outgoing bandwidth matches up with the number of players on the servers.

I have however noticed that over the past couple of months a flood of incoming traffic from a single IP to all of my server ports that continues even if I shut the servers down.

I understand, from reading this thread, that we cant stop the incoming traffic, but we can drop it at out machine. My question is, how am I best dropping all the traffic from this IP as I'm pretty sure, this flood of incoming traffic is affecting the game servers.

I've added
-A INPUT -s 178.33.114.105 -j DROP
to my iptables, is this enough? is there anything else I can do?

I've just noticed, another IP has got into the act..How am I best dealing with this incoming flood of UDP packets?

Thank you,
Regards,
>>zB

This post has been edited by zombiebob: 23 November 2012 - 01:10 AM


#264 User is offline   Nitro Icon

  •   former FS member   
  • Account: nitro
  • Main tag: |PWNY|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,130

Posted 01 December 2012 - 12:21 PM

Hi zombiebob,

blocking the IP in your iptables would be enough to prevent the UDP packet reaching your game server, there are other ways in which you could handle the problem still. You could contact the owner of the IP address range and notify them of the misuse if it is a commercial range the internet provider of the ip address may prevent that user from reaching you in the future.
Corsair 230T Orange | Intel 6600K @ 4.8GHz | 16GB DDR4 2133MHz | 512GB Samsung 950pro NVMe SSD | 8GB AMD Radeon RX-480

#265 User is offline   thelionroars Icon

  •   verified user   
  • Account: thelionroars
  • Country:
  • Joined: 21-September 11
  • Posts: 851

Posted 01 December 2012 - 03:00 PM

View PostNitro, on 01 December 2012 - 12:21 PM, said:

You could contact the owner of the IP address range and notify them of the misuse if it is a commercial range the internet provider of the ip address may prevent that user from reaching you in the future.


Unfortunately that won't help, as the source address is the intended victim's address that the attacker has spoofed. Attacker sends out request for server info pretending to be victim, victim receives multiple packets back of unsolicited traffic. Multiply this by 1000 Urban Terror servers (and probably other games) * many, many requests/s = DRDOS

bullet_loaderAdvertisement

#266 User is offline   Nitro Icon

  •   former FS member   
  • Account: nitro
  • Main tag: |PWNY|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,130

Posted 02 December 2012 - 03:45 AM

View Postthelionroars, on 01 December 2012 - 03:00 PM, said:

Unfortunately that won't help, as the source address is the intended victim's address that the attacker has spoofed. Attacker sends out request for server info pretending to be victim, victim receives multiple packets back of unsolicited traffic. Multiply this by 1000 Urban Terror servers (and probably other games) * many, many requests/s = DRDOS


yeah this is true, but zombiebob mentioned a single IP address being the attacker, even if that ip is a victim IP, getting the message over to the victim helps resolve the issue. This is obviously not practical when a full scale DRDoS attack is happening, but from the sounds of it zombiebob is experiencing a disgruntled player trying to exact revenge rather than a DRDoS attack.
Corsair 230T Orange | Intel 6600K @ 4.8GHz | 16GB DDR4 2133MHz | 512GB Samsung 950pro NVMe SSD | 8GB AMD Radeon RX-480

  • (27 Pages)
  • +
  • « First
  • 25
  • 26
  • 27
  • You cannot start a new topic
  • This topic is locked

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users

Advertisement


Copyright © 1999-2019 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942