Forum

> > CS2D > Servers > Server hosters please note.
Forums overviewCS2D overview Servers overviewLog in to reply

English Server hosters please note.

19 replies
To the start Previous 1 Next To the start

old Server hosters please note.

Mami Tomoe
User Off Offline

Quote
Hi, there is a new crasher called SnK, he is crashing many servers for no reason and I came to ask you if you can range ban him from your servers.
Some links: vC Fwsl

Let's get that crasher banned so he will be sorry for crashing servers.
Do it unless you want to be his next target.
edited 1×, last 19.05.16 06:18:12 pm

old Re: Server hosters please note.

G3tWr3ck3d
User Off Offline

Quote
I managed to block such (dos) attacks / the empty packets tweak, just contact me on skype, I won't post here the commands I use just because of security reasons that would mean to give them the bypass to my servers once again.

old Re: Server hosters please note.

Evaldas
BANNED Off Offline

Quote
security reasons? NONSENSES!

Drop packets with empty payload. (You can find it in any DDoS Usgn thread)
1
sudo iptables -A INPUT -p udp -m length --length 28 -j DROP
Drop DrDoS attacks. (Most times got hit by this attack, btw its most effective)
1
sudo iptables -A INPUT -p udp -m multiport --sport 19,111,53,521,135,161,151,162,123,1434,1900,3306 -j DROP
edited 1×, last 18.05.16 06:32:50 pm

old Re: Server hosters please note.

Evaldas
BANNED Off Offline

Quote
Your whole life is a lie.

well probably someone can confirm that this command drops all packets of incoming connections with ports 19,111,53,521,135,161,151,162,123,1434,1900,3306.
1
sudo iptables -A INPUT -p udp -m multiport --sport 19,111,53,521,135,161,151,162,123,1434,1900,3306 -j DROP
Now google how DrDoS attacks works.
After that, check these ports on wiki or anywhere else. √

also you probably want to add this too.
1
--dport 36900:37000

old am I a cat?

xsiN
User Off Offline

Quote
Hello, I'm a sixteen year old kid who has nothing to do with ddosing, even though he gets banned, almost every hacker uses an ip camouflage/ip changer.

Regards.

old Re: Server hosters please note.

Evaldas
BANNED Off Offline

Quote
VPN services like TorGuard, SecurityKiss, HotSpot-Shield, PrivateInternetAccess and any others you can simply block by just sending message with request blacklist your ip.

David (Hotspot Shield Help Desk) has written
David (Hotspot Shield Help Desk)

Mar 22, 09:18

Hello,

I want to help you out on this matter.

We can protect your IP from any HSS user.
If you share the IP that you want protected, we can set that up as a protected server in our system and then no one using our app can touch it.

Please reply to this message and I will set this in motion.

Thanks,

David

old Re: Server hosters please note.

Cirium
User Off Offline

Quote
That's good to know. Wouldn't have thought to have contacted them.

I have my iptables rules setup to block invalid packets and I still find my server gets crashed by SnK. I dont think this method of prevention/mitigation works against the method(s) he is using to attack.

old Re: Server hosters please note.

Cirium
User Off Offline

Quote
I have some screenshots i'm willing to release. There is little value in the whole tcpdump, they just look like this:

http://f.cirium.me/attacks_05-13-2016/screen1.png
http://f.cirium.me/attacks_05-13-2016/screen2.png

Notes:
1.
1
2
3
4
5
6
recv join attempt... (181.163.179.86:58624)
[03:14:27] Fighters | SnK clientdata: WIN {28cefe3ac30ab30ab5268978955263db3271680}
[03:14:27] U.S.G.N.: Fighters | SnK (181.163.179.86) joining with U.S.G.N. ID #150145 - verifying...
[03:14:28] U.S.G.N.: 181.163.179.86 is using U.S.G.N. ID #150145
[03:14:28] Fighters | SnK connected
[03:14:28] Fighters | SnK is using IP 181.163.179.86:58624 and U.S.G.N. ID #150145
2. From what I can remember he was in spectator the entire time

old Re: Server hosters please note.

Evaldas
BANNED Off Offline

Quote
if its DoS why you simply dont just block his IP?
1
sudo iptables -A INPUT -s 181.163.179.86 -j DROP
Also i need .cap file.

old Re: Server hosters please note.

gotya2
GAME BANNED Off Offline

Quote
screen2 shows a regular packet ( move / rotate). This isn't a DoS attack. We need tcpdumps (udp).
As you can see, there's a packet every 0.02s , which corresponds to a framerate of 50 fps (framerate = netrate).
edited 1×, last 18.05.16 09:17:23 pm

old Re: Server hosters please note.

Evaldas
BANNED Off Offline

Quote
Chances he is DoS with VPN is almost zero, because most VPNs firewalls have limited bandwidth and outgoing packet rate. If he is doing with no VPN im sure just simply sending letter to his ISP ambuse mail, should be enough trouble for him.
edited 2×, last 18.05.16 09:16:38 pm

old Re: Server hosters please note.

xsiN
User Off Offline

Quote
Even if you block Vpn's, ddosers can still use CMD with /ip config although it only works with fix internet (router)
To the start Previous 1 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview