Urban Terror Forums: UDP Flood / DOS attacks from GTA servers? - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

UDP Flood / DOS attacks from GTA servers? Rate Topic: -----

#1 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 22 November 2012 - 10:58 AM

Hello,

Would like to know if this IP address means anything to anyone

178.33.114.105

I'm getting loads of incoming traffic from port 7777 from this IP even when I shut down the servers.

Am I being dos'ed by this IP? its between 1-2mbps of UDP packets

Thank you,

Regards,
>zB

This post has been edited by zombiebob: 24 November 2012 - 07:12 AM


#2 User is offline   Derfull Icon

  • Account: derfull
  • Main tag: |U`u|
  • Country:
  • Joined: 28-February 10
  • Posts: 39

Posted 22 November 2012 - 05:50 PM

Maybe a DrDOS

Have you protect your server ?

Read this ;)
http://www.urbanterr...post__p__322656

#3 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 23 November 2012 - 08:57 AM

View PostDerfull, on 22 November 2012 - 05:50 PM, said:

Maybe a DrDOS

Have you protect your server ?

Read this ;)
http://www.urbanterr...post__p__322656


I'm getting this is just an attempt to UDP flood attack me >.<

So, my questions is, how am best dealing with the UDP flood packets? (its almost 2Mbps at peak)

Is -A INPUT -s 178.33.114.105 -j DROP enough?

Should i report to the abuse email on the IP range?

Any advice would be much appreciated, ty :)

#4 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 23 November 2012 - 09:18 AM

I am getting a packet every 0.000003 seconds >.< thats a lot of packets!

#5 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 24 November 2012 - 05:17 AM

Hi Thread,

Looks like the IP's attacking me have something in common - GTA servers.

The only thing I can do is send abuse complaint emails?

Regards,
>>zB

bullet_loaderAdvertisement

#6 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 24 November 2012 - 07:12 AM

I cant be the only one getting flooded...right? xD

#7 User is offline   surrealold2 Icon

Posted 24 November 2012 - 07:26 AM

the drop policy will prevent traffic obtaining a connection through that port, if there is even something listening on 7777 to start with.

It will however NOT stop the bandwidth consumption; You should probably speak to your upstream provider regarding the attack and have it blocked before it even reaches you.

P.S: You are probably looking at your firewall the wrong way around too; You should be explicitly denying everything, and then adding rules for what you "need" to be forwarded through, such as port 27960 if you're hosting Urban Terror on the default port.

#8 User is offline   zombiebob Icon

  • Account: zombiebob
  • Main tag: [UZF]
  • Joined: 28-February 10
  • Posts: 85

Posted 24 November 2012 - 10:57 AM

View Postsurreal, on 24 November 2012 - 07:26 AM, said:

the drop policy will prevent traffic obtaining a connection through that port, if there is even something listening on 7777 to start with.

It will however NOT stop the bandwidth consumption; You should probably speak to your upstream provider regarding the attack and have it blocked before it even reaches you.

P.S: You are probably looking at your firewall the wrong way around too; You should be explicitly denying everything, and then adding rules for what you "need" to be forwarded through, such as port 27960 if you're hosting Urban Terror on the default port.



Hi Surreal, thanks for your input.

I've sent several abuse emails now - I think GTA servers have an exploit (like we used to have x) at least we're not Dos'in other peoples servers now :D

I am denying everything and allowing only stuff I want - just after input on how best to drop these UDP floods.

I guess I'm doing the right thing - except I'm doing it manually and adding each IP thats used to flood me to the droplist, I rekon I'm gonna have to look at automating the DROP after a number of packets are received, I think that's what Derfull posted ~

Derfull
Posted 22 November 2012 - 10:50 AM
Maybe a DrDOS

Have you protect your server ?

Read this ;)
http://www.urbanterr...post__p__322656

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2024 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942