DDoS attacks
-
- New to forums
- Posts: 10
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Thu Oct 11, 2012 10:08 am
DDoS attacks
So at least one person has the audacity to tell me they are ddos'ing me and I notice it at times. Is there a good program to monitor traffic so I can see where it is coming from and block it via the firewall? I want something that can monitor constantly even when I am away.
Re: DDoS attacks
Wireshark would probably be your best bet, You would be able to analyse traffic and block it via the firewall on your VDS.
Alternatively using the firewall option we provide in the control panel might be a better bet, it allows for easier rule making and managing.
Alternatively using the firewall option we provide in the control panel might be a better bet, it allows for easier rule making and managing.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
-
- New to forums
- Posts: 10
- Joined: Thu Oct 11, 2012 10:08 am
Re: DDoS attacks
Know of a way to show it graphically? Like see which connections are using the most bandwidth?
Re: DDoS attacks
Wire shark may have a way of determining that but in most cases, no. Most attacks are also DDoS's so they are using 100's of different IP's and it's not possible to look at which IP is sending the most as their all probably sending a good bit.
If you are seeing just a normal DoS then you can block that single IP which should be enough.
I would suggest taking a look at the firewall tab in your VDS. We include some good information on that page that can help get you going. You can also ask any additional questions here in this thread.
If you are seeing just a normal DoS then you can block that single IP which should be enough.
I would suggest taking a look at the firewall tab in your VDS. We include some good information on that page that can help get you going. You can also ask any additional questions here in this thread.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
-
- New to forums
- Posts: 10
- Joined: Thu Oct 11, 2012 10:08 am
Re: DDoS attacks
Well it isnt a VDS so there is no firewall tab. Do you think I should just find a way to stop all connections that dont go to RPD or my gameservers?
Re: DDoS attacks
In theory that is easy but when it comes time to actually do it, it's not so easy. With a full server there will be a lot of connections going back and fourth not to mention background programs and programs you may be completely unaware of that are communicating.TheLaughingMan wrote:Well it isnt a VDS so there is no firewall tab. Do you think I should just find a way to stop all connections that dont go to RPD or my gameservers?
Your best bet would be to first identify that you are being attacked.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
-
- New to forums
- Posts: 10
- Joined: Thu Oct 11, 2012 10:08 am
-
- New to forums
- Posts: 10
- Joined: Thu Oct 11, 2012 10:08 am
Re: DDoS attacks
It seems like something is still going on. I used over 100GB of BW in a day which seems high for 2 dayz servers. Wireshark fails because it cant handle the load. Any other ideas on software, even if it is paidware? Also it seems I was hit again:
Re: DDoS attacks
Your best bet is to catch it when it happens, unfortunately I don't think there is any program that will do what you want. I suggested something that will do a tcpdump (linux) when bandwidth goes over a threshold, but nothing like that exists yet. I've had to deal with these for months and in my experience if you can't catch it when it happens, you're out of luck.
Also, that small spike likely wasn't enough to cause much of the 100GB you saw in a day. The graph you showed logs all traffic to and from your server, so its a good bet your servers did push that much bandwdith. I get suprised on my dedi all the time, i think we're averaging around 213GB/day
Also, that small spike likely wasn't enough to cause much of the 100GB you saw in a day. The graph you showed logs all traffic to and from your server, so its a good bet your servers did push that much bandwdith. I get suprised on my dedi all the time, i think we're averaging around 213GB/day
Not a NFO employee
-
- New to forums
- Posts: 10
- Joined: Thu Oct 11, 2012 10:08 am
Re: DDoS attacks
Does the CPU usage on the server go up? From the thread contents I gather you're on an unmanaged vds, so this will be hard to check. 200Mbit typically isn't enough to cause a brute force connection drop. Are there any known dayz attacks that you can block? (I don't have much experience with dayz, but I have seen "tools" to crash servers)
Not a NFO employee
Re: DDoS attacks
That graph suggests that you started to be hit by an attack but our automated system saw the spike in traffic traffic and filtered it for you.
100 GB a day sounds about right for a couple of busy servers. That would be ~3000 GB a month, so well under the amount included with a dedi.
100 GB a day sounds about right for a couple of busy servers. That would be ~3000 GB a month, so well under the amount included with a dedi.
-
- This is my homepage
- Posts: 1573
- Joined: Sun Jun 26, 2011 8:03 am
Re: DDoS attacks
We also had issues with one of our dedi dayz servers.
The datacenter terminated our server claiming our server was causing issues with a Shaw customer by downloading something from them for a long period of time.
Told them they were nuts and that there were only dayz server running.
No one is downloading anything.
Been also reading that hackers are injecting new files into Wasteland servers which is another variation of Operation Arrowhead. Watch your files for anything new.
The datacenter terminated our server claiming our server was causing issues with a Shaw customer by downloading something from them for a long period of time.
Told them they were nuts and that there were only dayz server running.
No one is downloading anything.
Been also reading that hackers are injecting new files into Wasteland servers which is another variation of Operation Arrowhead. Watch your files for anything new.
Visit gspreviews.com And Rate & Review Your Old & Current GSP's
Find Your GSP Coupons at gspreviews.com/coupons/
Find Your GSP Coupons at gspreviews.com/coupons/