DOS attack

[haynakoo]

I am sure my CS 1.6 server I was running on the VPS was being ddos attacked. Is there any way to know who's doing it? block the IP? and prevent the server from attack? BTW I am currently running 3 game servers but only one got attacked. It's because I have it advertised on my old game server's host which was being ddos attacked at that same time.

At the moment, I installed a antidos patch, it patches the hlds.exe and supposed to block any attack. Also from the tutorial where I got it from, it said disable ICMP from the registry and so I did. Could this cause any malfunction to the VPS? So far everything is running great.

Any help will be appreciated.

[Edge100x]

I haven't seen a bandwidth-based DDoS attack on any VDS here recently, so this must have been something application-specific. Applying application fixes and a firewall is the best course of action here, as you have guessed.

Blocking ICMP won't make a difference, since this isn't bandwidth-based. Windows and Linux have no problem handling a full gigE worth of ICMP traffic, and won't hand any of it off to the application. The traffic that you need to worry about is what is getting through to the application -- if this is a CS 1.6 server, that means UDP to port 27015.

If the attacks start again, I'd recommend upgrading to the latest HLDS beta (using hldsupdatetool with -beta hlbeta on the command line). I'd also recommend taking a look at the traffic inbound to your VDS via a program like Wireshark, to look for a common thread in it. For instance, all the packets might be the same length, come from a small list of IPs, or have the same source port. With such information, you should be able to create firewall rules to block the attacks.