I think what people would want is a simple and effective tool to check it in a easy way. Sure you can check your bandwith and see more incoming, but what then? What would a person do to identify the ip or packets to quickly diagnose and block that person.
Usually by the time i want to investigate they stop, or my isp sends me an email that they blocked certain ips because of a attack (they do as long as it doesn't impact the segment) Op 4 april 2012 17:38 schreef Emil Larsson <ail...@gmail.com> het volgende: > Severeal ways, unuseal high ingoing bandwidth usage, extreme server > lag and/or flood of repetive/strange packets (use a packet > analyzer/sniffer like Ethereal). A few years ago I identified someone > DOS'ing our servers by simple looking for strange packets (the old but > now fixed zero data exploit). To our amusement, we managed to identify > the DOS'er with some help, and it turned out to be a server admin from > another community :|. > > On 4/4/12, Tyler Davies <tyler.k.dav...@gmail.com> wrote: > > How are you able to tell you're being attacked? I have a feeling my > servers > > are being attacked as well, but I'm not sure how to be sure. > > > > On Tue, Apr 3, 2012 at 2:34 PM, Mihály Rácz <racz...@gmail.com> wrote: > > > >> Hi. > >> > >> Its maybe helpfull. > >> > >> http://www.wolffiles.de/index.php?forum-showposts-44-p1#131 > >> > >> 2012. április 3. 19:26 Oskar Levin írta, <os...@dataviruset.com>: > >> > >> > I can confirm this as a big problem. I'm getting attacked by various > >> > Call > >> > of Duty 4 servers with big UDP packets. Someone spoofs my IP address > and > >> > the reply of getstatus (or something similar) is sent to me. The > packet > >> > which requests the info isn't big, but the reply is very large as this > >> > contains player information etc. > >> > > >> > Best regards > >> > Oskar Levin > >> > os...@dataviruset.com > >> > > >> > -----Ursprungligt meddelande----- > >> > Från: hlds_linux-boun...@list.valvesoftware.com [mailto: > >> > hlds_linux-boun...@list.valvesoftware.com] För Kyle Sanderson > >> > Skickat: den 3 april 2012 19:10 > >> > Till: Half-Life dedicated Linux server mailing list > >> > Ämne: Re: [hlds_linux] LOIC and UDP flood. How to protect? > >> > > >> > http://www.securityfocus.com/archive/1/522076 > >> > > >> > Isn't just LOIC... But yes, it's a bit ridiculous that you can take > down > >> a > >> > server with just 1Mbit/s of traffic. Not much that can be done about > it > >> > either. > >> > > >> > Hope for TCP, at least that way it's slightly more difficult to hide > the > >> > spoofed sender from the destination. > >> > Kyle. > >> > > >> > 2012/4/3 Никита Булаев [Nikita Bulaev] <djfireb...@gmail.com> > >> > > >> > > The problem NOT in bandwidth. It's possible to kill server just in > >> 1Mbit. > >> > > > >> > > 3 апреля 2012 г. 20:05 пользователь > >> > > <hlds_linux-requ...@list.valvesoftware.com> написал: > >> > > > Message: 5 > >> > > > Date: Tue, 3 Apr 2012 10:07:09 +0200 > >> > > > From: lwf <l...@rocketblast.com> > >> > > > To: Half-Life dedicated Linux server mailing list > >> > > > <hlds_linux@list.valvesoftware.com> > >> > > > Subject: Re: [hlds_linux] LOIC and UDP flood. How to protect? > >> > > > Message-ID: > >> > > > < > >> > > ca++kgkr9cot1d7f+ddsfsrt9jwcs2gw+oitscblsikmzuqc...@mail.gmail.com> > >> > > > Content-Type: text/plain; charset=KOI8-R > >> > > > > >> > > > Without any help from your ISP there is nothing you can do about a > >> > > > bandwidth attack. > >> > > > > >> > > > 2012/4/3 [Nikita Bulaev] <djfireb...@gmail.com>: > >> > > >> In fact - no. Hoster, where we plase our root servers, wont > filter > >> > > >> DoS and Flood, it just can do this for money. But this kind of > >> > > >> service is very expensive. > >> > > >> > >> > > >> <hlds_linux-requ...@list.valvesoftware.com> > >> > > >>> Message: 8 > >> > > >>> Date: Tue, 3 Apr 2012 13:22:49 +0800 > >> > > >>> From: "dmex" <dme...@gmail.com> > >> > > >>> To: "'Half-Life dedicated Linux server mailing list'" > >> > > >>> ? ? ? ?<hlds_linux@list.valvesoftware.com> > >> > > >>> Subject: Re: [hlds_linux] LOIC and UDP flood. How to protect? > >> > > >>> Message-ID: <000601cd1159$d2a73f30$77f5bd90$@gmail.com > >> > > > > >> > > > > >> > > >>> > >> > > >>>> > >> > > >>> Content-Type: text/plain; ? ? ? charset="us-ascii" > >> > > >>> > >> > > >>> DoS protection is the responsibility of your service provider, > >> > > >>> there's > >> > > not > >> > > >>> much Valve or even you can do to prevent attacks. > >> > > >>> > >> > > >>> -----Original Message----- > >> > > >>> From: hlds_linux-boun...@list.valvesoftware.com > >> > > >>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of > >> > > >>> [Nikita Bulaev] > >> > > >>> Sent: Tuesday, April 03, 2012 12:32 PM > >> > > >>> To: hlds_linux@list.valvesoftware.com > >> > > >>> Subject: [hlds_linux] LOIC and UDP flood. How to protect? > >> > > >>> > >> > > >>> Well, for now DoSers are using LOIC in UDP-mode. There is no use > >> > > >>> to > >> > > silent > >> > > >>> this. > >> > > >>> > >> > > >>> The problem is that L4D1/2 servers are lagging while sending to > >> > > >>> them > >> > > UDP > >> > > >>> packets at 32-bit lengh by LOIC. > >> > > >>> This utility is using now almost by every DoSer and as for now > >> > > >>> there > >> > > is no > >> > > >>> defense from this, even by IPTABLES. The only way is using > >> > > >>> firewall > >> > > before > >> > > >>> root game servers. > >> > > >>> > >> > > >>> Friends! I'd like to be wrong! So is there a real working > desigion > >> > > >>> to protect from LOIC UDP? > >> > > >>> > >> > > >>> Best regards, > >> > > >>> Nikita Bulaev > >> > > > >> > > _______________________________________________ > >> > > To unsubscribe, edit your list preferences, or view the list > archives, > >> > > please visit: > >> > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > > > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> > please visit: > >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > > >> > > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> > please visit: > >> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux