Register
Events
Popular
More
Post #41
Most of my posts are dumb, but this one tops it.
-
-
No, the stupidest thing I've read in 2012 is about 99% of the posts in DevNull threads.
At least I'm brainstorming instead of going around in endless circles
-
Holy shit, I used to play PG all the time.
And now it's gone because of retarded fucking asshole 10 year olds.
-
Cant understand sarcasm i guess.
-
Things like this will either make or break online gaming.
-
wow stan u ruined my life i want to play gmod and 10 year olds ddos my server wtf
-
Is there any progress on this? Cause i would like to be able to play GMOD again without constantly ddos. It ruins the fun really.
-
I have a question, does the DevNull program send the packets to a specific port (say 27015) or is it just which ever port it feels like it or what?
-
Which ever port, that is why it could also be used to attack websites.
-
I guess then you can specify which port it attacks?
-
Why do you want to know?
-
Yes, you can specify which port it attacks.
-
Just want to know if I can do some port blocking or detection or w/e.
Seeing as you can just makes it harder. Stateful Packet Inspection consumes time and resource but in this case might have to be used to detect the packets and drop them.
Can someone PM me or post the contents of the packets it sends? Including packet headers. Thanks.
-
The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.
-
I do know you know lol. But I was just asking as it would be useful to tell the System Admin at the DC were I work to add some rules for it to the main firewalls. Therefore anyone that does have a gameserver inside will hopefully be protected against the main cause.
-
I think you'll find most of the time its the quantity of packets being sent not the size that does it.
-
Anyone seen this yet? http://rankgamehosting.ru/index.php?showtopic=1320
-
does that work for srcds
i don't think it blocks 'statusResponse' stuff, only getStatus stuff
-
I found your DDoS problem so I made an illustration to help you.
-
I was referring to the type of the attack, not what OS I'm running.I found your DDoS problem so I made an illustration to help you.
-
It's a 200megabit attack, obviously.
A reflected denial of service attack from quake/cod servers.
Wait it out.
-
We should figure out a way to spread the word about this fix. If a large portion of the old CoD/Quake3 servers stop being vulnerable to this, the attacks will have much less strength.
-
Key word; IF.
-
The problem is he doesn't and can't have a firewall, not being able to filter a 200mbps attack when having a 1gbps line is just as useless as having a 100mbps line.Code:
iptables -A INPUT -match --string "statusResponse" -j DROP
-
IPtables are for linux..
-
Thus why he pointed out his problem was that the victim uses Windows.
-
Ill just leave this here.
-
There's no point posting a fix for linux when the majority of servers affected are windows based.
-
He meant for CoD4 hosts, not gmod hosts.
Yes, but Gmod is so completely damn useless on Linux. And anyone arguing otherwise has never tried to run a popular server on linux, having 2-3 weeks downtime when garry forgets to test the linux libs is not fun...
-
you should monitor wireshark and check what the source ports say and block the range of the most used ones, using a firewall like http://www.ntkernel.com/w&p.php?id=18 is nice because you can see how many packets it blocks. works kinda good on windows and keeps the server available
-
This does work, however you can just use the firewall in W2008 R2. It works just fine. I have a comprehensive port list to stop the majority of power behind DevNull. However if you do it software based and the guys pissed off enough at you he will just switch the attack type.
Did someone say it was called 'DevNull Special' or some shit? Anyway, the upgraded hit is too big for a 1Gb port to handle.
-
Sorry for the necromancy but may you upload the list again?
-
Devnull was made by stan and thus you are able to pay stan to put you on the speical "list" so you aren't DDos any more.
-
Welcome to ban. But in actual response that list mentioned by aftokinito would be great...
-
Screw that...
If you've access to a hardware firewall Charrax/Aftokinito send me a PM and I can provide you with some common port setups to block the majority of devnulls power.
Don't PM me asking for non hardware solutions as I cba this week :)
-
Well that's fucking stupid... Another GSP in our datacenter did that, didn't stop devnull attacking other servers in the same rack as them, causing them to go down too..
-
Aww look, he thinks he's the eMafia
-
I don't support Stan at all, When I was at IG we had the same problem and had to pay Stan $200 for it to stop.
I was just suggesting a last chiose.
-
There's no real definate fix for DevNull, You can block a majority of traffic by blocking the COD4/Quake ports but that would have to be done at a high enough network level where the pipe can handle it, it would be very costly to do it as a server level.
To totally protect yourself you would need to get a Dedicated Firewall and At least a 5Gbps pipe.
-
what is 'IG'?
Dumb x 7
Agree x 2
Disagree x 1
Funny x 8
Winner x 1
Informative x 1
