Forum

> > CS2D > Servers > LoL Gamer crashing NoPain server (Proof)
Forums overviewCS2D overview Servers overviewLog in to reply

English LoL Gamer crashing NoPain server (Proof)

128 replies
Page
To the start Previous 1 2 3 4 5 6 7 Next To the start

old Re: LoL Gamer crashing NoPain server (Proof)

DannyDeth
User Off Offline

Quote
user SD has written
Quite effective way to protect yourself from attacks like these is to ban specific (presumably hacker's) IP address

Most ISPs provide dynamic IP addresses, and most of those provide it by default. Simply restarting your DSL router will give you a change in IP in these circumstances. IP bans work well where there are extremely large numbers of internet users, which would acount for a large portion of Europe, ( I know several ISPs in Britain at least give static IP's to their customer by default. ) but if you try to do this to people from countries that are in South America an most of Africa, you won't succeed.

EDIT: One solution to the problem would be to log packet data and then look at the series of packets coming in when the server is crashed, then monitor the incoming packet traffic to your server port and reject packets from an IP address if there are a large number ( say, 1000 or maybe less depending on how many packets are needed before the server crashes ) of that type of packet from said IP address.

An example, if you recieve 1500 packets of this structure ( note: not actual packets from CS2D ):
1
Message Number = 0; content = 0x61 0x6F 0x42
Then, after that, do not let packets with that contents through to the CS2D server. It's not something someone who hasn't got a large amount of programming experience and knowledge of system-dependant promiscuous packet monitoring can do, however.

old Re: LoL Gamer crashing NoPain server (Proof)

SD
User Off Offline

Quote
Here, Internet service providers rarely provide dynamic IP addresses. You can still ban whole subnet then. This command would block all IP addresses from 255.255.255.0 to 255.255.255.255 (class C subnet).
1
iptables -I INPUT -s 255.255.255.0/24 -j DROP
255.0.0.0 (8 bits in the network section) = A.
255.255.0.0 (16 bits in the network section) = B.
255.255.255.0 (24 bits in the network section) = C.
Therefore this will ban a larger subnet.
1
iptables -I INPUT -s 255.255.0.0/16 -j DROP
Or you can ban a range of IP addresses. This will block everything from 127.0.0.1 to 128.0.0.1.
1
iptables -A INPUT -m iprange --src-range 127.0.0.1-128.0.0.1 -j DROP
If you want to log all the transferred packets, install tcpdump.
1
apt-get install tcpdump
Then start it. This will log all the UDP packets. Log file will be saved in the current working directory.
1
tcpdump -w udpcap.log udp
You can later copy the log file to Wireshark, and analyze is graphically

old Re: LoL Gamer crashing NoPain server (Proof)

Apache uwu
User Off Offline

Quote
@user DannyDeth: Well you can't log them because most of these attacks are not on the port cs2d is running on. You would either need to open an additional program listening for spam on other ports.

Then in that case, you would need to further check if the packets coming in are spam or not.

Ex. http requests, or other games running on the same virtual/dedicated machine--which would be impossible to detect for every single game.

old Re: LoL Gamer crashing NoPain server (Proof)

Cirium
User Off Offline

Quote
I would have to disagree, I would say most of the attacks crashing the servers are port specified. A DoS attack.

DoS - Usually port specified to take down process's.
DDoS - Usually specified to take down the entire host. (Port 80 usually.)

On another note, SD's packet capture idea is pretty neat. I'm looking at the packet activity of my host for the last hour.

old Re: LoL Gamer crashing NoPain server (Proof)

Apache uwu
User Off Offline

Quote
You said that they can be port specified...

Therefore, the attacker could choose to attack any port open, and that doesn't need to be cs2d's port.

That means you need to setup a logger on your httpd server as well as others if the port is open (minecraft etc).

old Re: LoL Gamer crashing NoPain server (Proof)

SD
User Off Offline

Quote
From what I've seen so far, they flood the port that CS2D server is running on in order to crash it. By the way, flooding random ports should do no harm to CS2D servers, unless it's massive DDoS attack.

old Re: LoL Gamer crashing NoPain server (Proof)

SD
User Off Offline

Quote
I think that not all of them seem to be ignored, when server ignores specific packets, console sends something similar to this.
1
[17:37:11] FLOOD WARNING: 178.93.235.208 seems to flood msg type inforeq - ignoring.
Lots of my servers often crash just after bunch of messages like this.
1
[13:03:57] NET: Received msg from unexpected sender (12, 89.223.135.0:1058)
So I suppose that attack goes on the port that CS2D server is running on and they are flooding specific packets to make server crash. I have also noticed that one IP is always not enough to crash a server - it always turns out that more than two IP addresses were attacking the server.
edited 1×, last 21.06.12 01:35:24 am

old Re: LoL Gamer crashing NoPain server (Proof)

Cirium
User Off Offline

Quote
user SD has written
So I suppose that attack goes on the port that CS2D server is running and they are flooding specific packets to make server crash. I have also noticed that one IP is always not enough to crash a server - it always turns out that more than two IP addresses were attacking the server.


Usually its one or two IP address's, fortunately for me I'm hiding behind a firewall. It takes more than two to even touch my host.

old Re: LoL Gamer crashing NoPain server (Proof)

ohaz
User Off Offline

Quote
user Cirium has written
I would have to disagree, I would say most of the attacks crashing the servers are port specified. A DoS attack.

DoS - Usually port specified to take down process's.
DDoS - Usually specified to take down the entire host. (Port 80 usually.)

On another note, SD's packet capture idea is pretty neat. I'm looking at the packet activity of my host for the last hour.
That's wrong. The only difference between DoS and DDoS is that DDoS is distributed, which means that many many hosts try to DoS one pc at the same time.

old Re: LoL Gamer crashing NoPain server (Proof)

oxytamine
User Off Offline

Quote
user Apache uwu has written
If the attacker is using a vpn/socks/proxy then it doesn't work if you ban subnet.

You have mental issues, maybe you should see a doctor. You're telling useless and obvious bullshit almost in every thread. It's impossible to perform a DDoS attack unless proxy is yours (fast). You're not likely to have 9000 fast proxy servers, so it's possible to ban you. Socks is proxy too (you separated them), get off it. VPN providers give you only one IP address. It's easy to ban them. My ass hurts every time I read your posts - stop it, you're like user ImSoFuckingRetarded, but instead of uploading shit, you're posting it. Think before posting - there is no postcount here, it makes no sense to post bullshit like yours.
edited 1×, last 21.06.12 12:00:14 pm

old Re: LoL Gamer crashing NoPain server (Proof)

Apache uwu
User Off Offline

Quote
Most of the time it's quantity, not quality. Since cs2d does ignore packets after a while you need to acquire a lot of IPs instead fast powerful servers.

For example, if everyone on cs2d all of a sudden just went to one server, that server would probably crash due the number of connections. In this case, it was quantity, it was not concerned with the speed of the connection of the individual clients.

old Re: LoL Gamer crashing NoPain server (Proof)

oxytamine
User Off Offline

Quote
user Apache uwu has written
Most of the time it's quantity, not quality. Since cs2d does ignore packets after a while you need to acquire a lot of IPs instead fast powerful servers.

Your answer is not related to my message in any ways. However, I did not understand what do you mean. You are surely right about packets being ignored after a while - but why do I need to acquire lots of IP addresses.
user Apache uwu has written
For example, if everyone on cs2d all of a sudden just went to one server, that server would probably crash due the number of connections. In this case, it was quantity, it was not concerned with the speed of the connection of the individual clients.

It may count as DDoS actually, if viewing from server-side perspective.

old Re: LoL Gamer crashing NoPain server (Proof)

Apache uwu
User Off Offline

Quote
user oxytamine has written
It's impossible to perform a DDoS attack unless proxy is yours (fast). You're not likely to have 9000 fast proxy servers, so it's possible to ban you.


You stated that you need 9000 fast proxy servers. If you already have 9000 computers/servers you don't need them to be fast. 9000 is already enough to start a fake player flood.

user oxytamine has written
but why do I need to acquire lots of IP addresses.


Well once it's ignored, it doesn't do much damage, -- almost none if that's all you have.

old Re: LoL Gamer crashing NoPain server (Proof)

oxytamine
User Off Offline

Quote
user Apache uwu has written
You stated that you need 9000 fast proxy servers. If you already have 9000 computers/servers you don't need them to be fast. 9000 is already enough to start a fake player flood.

Well, let's state that "over 9000" is an Internet meme. Of course you don't need 9000 proxy servers. First of all - public proxy servers are really slow. You won't crash a single server even if you'll have nearly 50-100 public proxy servers, just because they are very slow and dying fast. Some proxy servers are private and therefore paid. In this case i don't believe that you're going to waste your money to buy 50-100 private proxy servers to perform a single DDoS attack.

user Apache uwu has written
Well once it's ignored, it doesn't do much damage, -- almost none if that's all you have.

You still didn't answer my question - why do I need to acquire lots of IP addresses.
edited 1×, last 21.06.12 01:11:14 pm

old Re: LoL Gamer crashing NoPain server (Proof)

DannyDeth
User Off Offline

Quote
@user Cirium:
My idea, not SD's. I actually implemented it a while ago, but the server that had the source code on it is no longer in existence due to contract expiration.

@user Apache uwu:
The people crashing servers usually use the packet used to get the server data as this is one of the most expensive operations. Therefore looking for packets with multiple repetitions of that packet will allow you to mark certain IP's as "dangerous" and "ban" their packets in a way.

It's a very simple idea, guys, why not have a hack at it?

EDIT:
user oxytamine has written
user Apache uwu has written
If the attacker is using a vpn/socks/proxy then it doesn't work if you ban subnet.

You have mental issues, maybe you should see a doctor. You're telling useless and obvious bullshit almost in every thread. It's impossible to perform a DDoS attack unless proxy is yours (fast). You're not likely to have 9000 fast proxy servers, so it's possible to ban you. Socks is proxy too (you separated them), get off it. VPN providers give you only one IP address. It's easy to ban them. My ass hurts every time I read your posts - stop it, you're like user ImSoFuckingRetarded, but instead of uploading shit, you're posting it. Think before posting - there is no postcount here, it makes no sense to post bullshit like yours.

This is useless and not obvious-becuase-it-is-bullshit nonsense. If you had 300 zombie hosts at your disposal, a crash would be easy. Hell, with 6 zombie hosts and a few proxy servers could crash a CS2D server. A SINGLE HOST AND A PROXY COULD CRASH A SERVER. Speed does not matter as the proxies will generally be fast enough to send out 30 fucking UDP packets in a matter of milliseconds.
edited 1×, last 21.06.12 01:29:54 pm
To the start Previous 1 2 3 4 5 6 7 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview