Urban Terror Forums: DRDoS - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
  • (27 Pages)
  • +
  • « First
  • 24
  • 25
  • 26
  • 27
  • You cannot start a new topic
  • This topic is locked

DRDoS Rate Topic: ***** 1 Votes

Server used as reflector fro DRDoS

#251 User is offline   LammeSnail Icon

  • Account: lammesnail
  • Main tag: =KRH=
  • Country:
  • Joined: 17-March 10
  • Posts: 61

Posted 10 April 2012 - 12:06 PM

View PostNITRO, on 08 April 2012 - 11:53 PM, said:

If your CPU is hitting 20% at the server level then i'd hate to see what the routers cpu is at..
even with fibre your consumer router will probably have a limit to how many connections/sessions it can handle.
it will beable to handle the bandwidth but the connections/sessions are a different story.

for example, my home ADSL router has a 533MHz cpu that the manufacturer rates at 300,000 connections/session. (thats probably them being either optimistic or what the cpu takes before its reaches 100%)

even then I still impose a limit on the router at 16834 connections that way the routers cpu has plenty of overhead.

so first of all check that the router isn't being bottlenecked. if you think it is then it might be a good idea to play about with UDP timeout settings to strike a better balance at when the router drops expired UDP connections.

secondly are you hosting the servers from a client OS such as windows XP/vista or 7? or a server os such as windows server, osx server, or linux?

Is the pc dedicated to only hosting the games or are you also gaming from the same pc?

whats the specs of the PC hosting the server?


Its hard to help since I havent experienced this myself, my regular ping to my own server from my crappy 4meg adsl is 48ms in game, and even during drdos attacks it remains at 48ms.

infact the only way i know my server is even involved is when I see my servers bandwidth stats are slightly higher than usual lol.


Hey Nitro,

When I experienced the high pings on my system, (by the state of the investigation) the attack was so intensive, that it total burned the CPU of my firewall.
I will replace my current firewall to one other, although its software remains the same: PF Sense. Currently it runs on a virtual PC but the new will be a dual core s1155.
So yes you are right, my firewall was too weak to handle the attack.

My question was why am I attacked and meanwhile other server owners not complaining on lags, invalid UDP attacks, huge traffic, etc?

So the high pings of my players was because of the massive network traffic, and not the weakness of the urt hoster computer. BTW you asked about my hoster: I have Ubuntu server version 10.04 LTS (virtual on ESXi).
On this I didn't experence high CPU usage, or run out of resources.

Thanks BB:

Snail

#252 User is offline   LammeSnail Icon

  • Account: lammesnail
  • Main tag: =KRH=
  • Country:
  • Joined: 17-March 10
  • Posts: 61

Posted 11 April 2012 - 01:46 PM

FYI here is a sample screenshot from my firewall. With lighter red is marked the traffic of dropped packets, darker is the useful traffic (players).

Posted Image

Some conclusions from this picture:
- between 6am and 10am not much players were online
- between 6am and 10am there are almost dropped packets, sometimes no attack
- some attack lasts for 10 minutes and with 1,000 packets/sec
- from about 10:30 we have more players online
- between 10:30 and 12:54 we had not much attack
- from 12:54 we are under continuous attack (please note that the amount of dropped packets is 3x-6x more then the useful packets).

An the next picture FYI:

Posted Image

BTW my Snort rate limit rule has the advantage compared to the iptables solution, that if in Snort an IP exceeds the limit, the IP is moved to a blacklist and for the next hourt the firewall doesn't cares about this traffic.

BB

Snail

#253 User is offline   Nitro Icon

  •   QA member   
  • Account: nitro
  • Main tag: |P|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,133

Posted 11 April 2012 - 08:39 PM

you can't stop inbound traffic, other than null routing the IP or changing it. just like you cant stop someone posting a letter to you. but your outbound traffic seems fine in relation to the number of requests inbound.
Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled

#254 User is offline   LammeSnail Icon

  • Account: lammesnail
  • Main tag: =KRH=
  • Country:
  • Joined: 17-March 10
  • Posts: 61

Posted 16 April 2012 - 02:43 PM

View PostNITRO, on 11 April 2012 - 08:39 PM, said:

you can't stop inbound traffic, other than null routing the IP or changing it. just like you cant stop someone posting a letter to you. but your outbound traffic seems fine in relation to the number of requests inbound.


Well thanks. It seems we are so far. I replaced the virtual firewall to a phisical and this flood is OK now, I have a different issue with my ISP but this isn't a drdos story.

Offtopic:
I heard from a friend you closed Nitroserver and moved to Australia.

Have a nice day:

Snail

#255 User is offline   Nitro Icon

  •   QA member   
  • Account: nitro
  • Main tag: |P|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,133

Posted 16 April 2012 - 04:15 PM

View PostLammeSnail, on 16 April 2012 - 02:43 PM, said:

Well thanks. It seems we are so far. I replaced the virtual firewall to a phisical and this flood is OK now, I have a different issue with my ISP but this isn't a drdos story.

Offtopic:
I heard from a friend you closed Nitroserver and moved to Australia.

Have a nice day:

Snail


I went on a trip to Australia for 6 months but that was a few years ago, as for the server it's still running under a new name: lil pwny club
Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled

bullet_loaderAdvertisement

#256 User is offline   ipwnn00bs Icon

  • Account: ipwnn00bs
  • Joined: 06-June 10
  • Posts: 23

Posted 29 April 2012 - 05:06 PM

Hey, I haven't read this thread in one month xD

@Rambetter
The disconnect thing that you are talking about, is what happens to me. I sent you a message one month ago about that.

I fixed it removing the corresponding line in the code, as a measure to avoid getting suspended again by the hosting company. Apparently everything is working fine. I don't know if that may affect servers with 3rd party maps because at this moment I don't have one... but doesn't seems to be related.

This post has been edited by ipwnn00bs: 29 April 2012 - 05:07 PM


#257 User is offline   RYRY46d9 Icon

  • Account: ryry46d9
  • Main tag: Pb|
  • Country:
  • Joined: 01-March 10
  • Posts: 120

Posted 30 April 2012 - 03:07 PM

So I haven't been around here since page 3ish, and thought I best take a peek at my qconsole.log and it was full of ips.
The patch from back then worked no lag no funkyness, no one has reported any problems on the server, so I forgot about it.
Opening up the screen sesion tonight I could see a few passing by so I shut her down and applied tonights build of RamBetter's special magic
Been 30 minutes so far got two IP on startup and one more after about 25 minutes.

Just wanted to say big big thanks to "Daffy" for hosting the files, if it wasn't for you I don't know what I would do :)

Thank's Ram

#258 User is offline   Nitro Icon

  •   QA member   
  • Account: nitro
  • Main tag: |P|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,133

Posted 01 May 2012 - 05:06 PM

View Postipwnn00bs, on 29 April 2012 - 05:06 PM, said:

Hey, I haven't read this thread in one month xD

@Rambetter
The disconnect thing that you are talking about, is what happens to me. I sent you a message one month ago about that.

I fixed it removing the corresponding line in the code, as a measure to avoid getting suspended again by the hosting company. Apparently everything is working fine. I don't know if that may affect servers with 3rd party maps because at this moment I don't have one... but doesn't seems to be related.



Hi, did I miss a post or something? what did you remove? and what did it fix? thanks ^_^
Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled

#259 User is offline   tomparis Icon

  • Account: tomparis
  • Main tag: oK|
  • Joined: 13-March 10
  • Posts: 14

Posted 09 June 2012 - 07:28 AM

Oh god this cost me around 800 dollars in bandwidth overages. On a 1gigabit pipe with 4 servers, each funneling around 800k extra each month for 2 months. :(

#260 User is offline   Nitro Icon

  •   QA member   
  • Account: nitro
  • Main tag: |P|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,133

Posted 09 June 2012 - 04:48 PM

around 800k of what per month?


and how did you managed to go over your cap? your 64 player server(+ your 3 other servers) is an attractive host to attack since all the bandwidth your server could easily push (specially being able to hit 1gbps) its no wonder you were probably targeted but still you should be able to moniter your servers bandwidth pretty easily.

I have a max of 3000GB per server, once my servers bandwidth hits 2500GB (which it never has) I get an email and text message warnings at 2750GB the connection gets throttled and if my server reaches 2900 I would start firewalling connections if by 2950GB i felt i couldnt stop it I would have my connection nulled not worth the hassle or expenses, I certainly wouldn't take an $800 hit just to stay online to provide a free service, screw that.

this is why these attacks are a serious matter (as to why i get frustated with hosts like gameservers.com refusing to patch up) there are serious consequences involved specially to dedicated server owners, colocated servers and vps users.

my bandwidth prediction for this month are looking to be around the 110-150GB mark so I dont think I have much worrying to do :P

This post has been edited by NITRO: 09 June 2012 - 04:51 PM

Lian Li pc-o11dw Der 8auer Edition · Gigabyte x570 Aorus Xtreme · AMD Ryzen 9 5950x 16-Core
32GB DDR4 3800MHz CL16 · 2x 1TB Samsung NVMe RAID 0 · 16GB Radeon RX 6900XT Liquid Cooled

  • (27 Pages)
  • +
  • « First
  • 24
  • 25
  • 26
  • 27
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2024 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942