Severeal ways, unuseal high ingoing bandwidth usage, extreme server lag and/or flood of repetive/strange packets (use a packet analyzer/sniffer like Ethereal). A few years ago I identified someone DOS'ing our servers by simple looking for strange packets (the old but now fixed zero data exploit). To our amusement, we managed to identify the DOS'er with some help, and it turned out to be a server admin from another community :|.
On 4/4/12, Tyler Davies <tyler.k.dav...@gmail.com> wrote: > How are you able to tell you're being attacked? I have a feeling my servers > are being attacked as well, but I'm not sure how to be sure. > > On Tue, Apr 3, 2012 at 2:34 PM, Mihály Rácz <racz...@gmail.com> wrote: > >> Hi. >> >> Its maybe helpfull. >> >> http://www.wolffiles.de/index.php?forum-showposts-44-p1#131 >> >> 2012. április 3. 19:26 Oskar Levin írta, <os...@dataviruset.com>: >> >> > I can confirm this as a big problem. I'm getting attacked by various >> > Call >> > of Duty 4 servers with big UDP packets. Someone spoofs my IP address and >> > the reply of getstatus (or something similar) is sent to me. The packet >> > which requests the info isn't big, but the reply is very large as this >> > contains player information etc. >> > >> > Best regards >> > Oskar Levin >> > os...@dataviruset.com >> > >> > -----Ursprungligt meddelande----- >> > Från: hlds_linux-boun...@list.valvesoftware.com [mailto: >> > hlds_linux-boun...@list.valvesoftware.com] För Kyle Sanderson >> > Skickat: den 3 april 2012 19:10 >> > Till: Half-Life dedicated Linux server mailing list >> > Ämne: Re: [hlds_linux] LOIC and UDP flood. How to protect? >> > >> > http://www.securityfocus.com/archive/1/522076 >> > >> > Isn't just LOIC... But yes, it's a bit ridiculous that you can take down >> a >> > server with just 1Mbit/s of traffic. Not much that can be done about it >> > either. >> > >> > Hope for TCP, at least that way it's slightly more difficult to hide the >> > spoofed sender from the destination. >> > Kyle. >> > >> > 2012/4/3 Никита Булаев [Nikita Bulaev] <djfireb...@gmail.com> >> > >> > > The problem NOT in bandwidth. It's possible to kill server just in >> 1Mbit. >> > > >> > > 3 апреля 2012 г. 20:05 пользователь >> > > <hlds_linux-requ...@list.valvesoftware.com> написал: >> > > > Message: 5 >> > > > Date: Tue, 3 Apr 2012 10:07:09 +0200 >> > > > From: lwf <l...@rocketblast.com> >> > > > To: Half-Life dedicated Linux server mailing list >> > > > <hlds_linux@list.valvesoftware.com> >> > > > Subject: Re: [hlds_linux] LOIC and UDP flood. How to protect? >> > > > Message-ID: >> > > > < >> > > ca++kgkr9cot1d7f+ddsfsrt9jwcs2gw+oitscblsikmzuqc...@mail.gmail.com> >> > > > Content-Type: text/plain; charset=KOI8-R >> > > > >> > > > Without any help from your ISP there is nothing you can do about a >> > > > bandwidth attack. >> > > > >> > > > 2012/4/3 [Nikita Bulaev] <djfireb...@gmail.com>: >> > > >> In fact - no. Hoster, where we plase our root servers, wont filter >> > > >> DoS and Flood, it just can do this for money. But this kind of >> > > >> service is very expensive. >> > > >> >> > > >> <hlds_linux-requ...@list.valvesoftware.com> >> > > >>> Message: 8 >> > > >>> Date: Tue, 3 Apr 2012 13:22:49 +0800 >> > > >>> From: "dmex" <dme...@gmail.com> >> > > >>> To: "'Half-Life dedicated Linux server mailing list'" >> > > >>> ? ? ? ?<hlds_linux@list.valvesoftware.com> >> > > >>> Subject: Re: [hlds_linux] LOIC and UDP flood. How to protect? >> > > >>> Message-ID: <000601cd1159$d2a73f30$77f5bd90$@gmail.com >> > > > >> > > > >> > > >>> >> > > >>>> >> > > >>> Content-Type: text/plain; ? ? ? charset="us-ascii" >> > > >>> >> > > >>> DoS protection is the responsibility of your service provider, >> > > >>> there's >> > > not >> > > >>> much Valve or even you can do to prevent attacks. >> > > >>> >> > > >>> -----Original Message----- >> > > >>> From: hlds_linux-boun...@list.valvesoftware.com >> > > >>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of >> > > >>> [Nikita Bulaev] >> > > >>> Sent: Tuesday, April 03, 2012 12:32 PM >> > > >>> To: hlds_linux@list.valvesoftware.com >> > > >>> Subject: [hlds_linux] LOIC and UDP flood. How to protect? >> > > >>> >> > > >>> Well, for now DoSers are using LOIC in UDP-mode. There is no use >> > > >>> to >> > > silent >> > > >>> this. >> > > >>> >> > > >>> The problem is that L4D1/2 servers are lagging while sending to >> > > >>> them >> > > UDP >> > > >>> packets at 32-bit lengh by LOIC. >> > > >>> This utility is using now almost by every DoSer and as for now >> > > >>> there >> > > is no >> > > >>> defense from this, even by IPTABLES. The only way is using >> > > >>> firewall >> > > before >> > > >>> root game servers. >> > > >>> >> > > >>> Friends! I'd like to be wrong! So is there a real working desigion >> > > >>> to protect from LOIC UDP? >> > > >>> >> > > >>> Best regards, >> > > >>> Nikita Bulaev >> > > >> > > _______________________________________________ >> > > To unsubscribe, edit your list preferences, or view the list archives, >> > > please visit: >> > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> > > >> > _______________________________________________ >> > To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> > >> > >> > _______________________________________________ >> > To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> > >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
