English Null-packet Protection icon

37 comments
27.02.16 02:53:16 am
like 15 like it!
6 kb, 100 Downloads
Lee
Moderator
Offline Off
If you're running a linux dedicated server and you don't have root access to set up iptable rules to mitigate these recent DoS attacks, you can now fix this from within Lua.

Just drop patch.so into sys/lua/patch.so and add
Code:
1
require 'sys.lua.patch'


into server.lua.

IMG:http://i.imgur.com/E37R9hE.png


Notice how the server is still processing new packets after null-packets are sent into it.
image
ok This file has been reviewed and approved by Yates (27.02.16 02:56:13 am)

Comments

37 comments
Goto Page
To the start Previous 1 2 Next To the start

Log in!

You need to log in to be able to write comments!Log in
11.10.18 11:55:16 pm
Up
karthik
User
Offline Off
For 1.0.0.7 available?
05.10.16 06:50:18 pm
like I like it!
Up
kerker
User
Offline Off
I like your program. Nice!
28.08.16 09:36:57 am
like I like it!
Up
floria
User
Offline Off
@user Fraizeraust oooh i understand.

Well, i will just get this if i do not have root/sudo privileges.
27.08.16 05:58:40 pm
like I like it!
Up
Fraizeraust
Moderator
Offline Off
@user floria: You completely misunderstood user Yates's comment. Not everybody is a Linux-geek especially when setting up iptable rules and exceptions within firewall configuration. Proper teaching and learning won't hurt but you can't apply to every single person as not everybody likes to read much.

Are you a Linux newbie? Get this tool! Can't set up iptable rules due to lack of administrative rights for some reason? Get this tool!
27.08.16 05:38:07 pm
like I like it!
Up
floria
User
Offline Off
user Yates has written:
Very useful for those who are not or cannot into Linux.

Dude Linux can be used in almost all pc's around the world. You can even use cs2d dedicated without graphical interface. You don't even need to install a linux distro in order to run it. And if you are not on Linux, download a freaking Ubuntu distro and run it into a VM. That's all: Linux > Windows.

user Lee: Nice work on this dude
04.04.16 06:51:07 pm
like I like it!
Up
andrezinho1997xx
User
Offline Off
Our nice guy that will test soon, thank you.
09.03.16 02:04:49 am
Up
mrc
User
Offline Off
Server still crash with attacks.
07.03.16 10:42:06 am
like I like it!
Up
Marco X
User
Offline Off
It very nice
i think need add in debug like it "Caught a null packet from 127.0.0.1:2343".
05.03.16 07:30:39 am
like I like it!
Up
cartel
User
Offline Off
Nice work !
03.03.16 01:09:20 am
Up
Lee
Moderator
Offline Off
Yes, it's effectively the same thing. This script is targeted at people who don't have access to iptables for whatever reason, as long as they can upload scripts, they can still seek protection.
03.03.16 12:20:28 am
Up
mrc
User
Offline Off
A friend of mine said this script is the same of: sudo iptables -A INPUT -p udp -m length --length 0:28 -j DROP
02.03.16 11:38:27 pm
like I like it!
Up
Angel DEED
BANNED
Offline Off
Thanks god
02.03.16 07:48:38 pm
Up
Goo
User
Offline Off
The description tells me its compatible with Linux, it does not tell anything about windows and so I was asking to make sure.
02.03.16 06:17:27 pm
like I like it!
Up
Fraizeraust
Moderator
Offline Off
@user Goo: If the description tells you that it's compatible with Linux dedicated servers, then what do you think?
02.03.16 05:31:49 pm
Up
Goo
User
Offline Off
Is it Linux only?
02.03.16 04:00:07 pm
like I like it!
Up
Gaios
Security Supporter
Offline Off
Yeah.. it's good √
02.03.16 03:40:11 pm
like I like it!
Up
Marcell
Super User
Offline Off
I love you Lee!
02.03.16 04:46:49 am
Up
Lee
Moderator
Offline Off
@user mrc: is it still on-going? Furthermore, have you restarted your server since your original iptable rule? These rules are not persistent unless you are explicit about such things.

One of the things to note is that if ./cs2d_dedicated is inundated with random packets, it will take forever to process everything, but nevertheless, if you look at the log or the standard output of the process, it will still run smoothly. More importantly, it shouldn't crash. If your server is getting DDoSed and your process runs out of available space because of the incoming packets, then it means that the attacker is sending a sequence of well-formed packets that CS2D understands one after the other to trigger non-trivial workload. If I were you, I would set up a passive sniffer on 36963 and create a frequency table of the occurrence of each packet type broken down by each minute. Next time you get taken down, consult this histogram to see what's going on, and then create an iptable rule based on that.
01.03.16 10:09:42 pm
like I like it!
Up
Nekomata
User
Offline Off
Helpful and easy to implement. Thanks for sharing.
01.03.16 08:49:04 pm
Up
mrc
User
Offline Off
The attacks doesnt do a thing on vps, but the cs2d_dedicated stop responding. I already have an autorestart for cs2d_dedicated. Its annoying when people crash the serv when its full or while clanwars and mixes. Oh well.
To the start Previous 1 2 Next To the start