tcpdump: 23:09:04.102010 IP (tos 0x0, ttl 117, id 47660, offset 0, flags [none], proto UDP (17), length 39)
135.12.63.10.3378 > 192.223.27.167.5000: UDP, payload 11
0x0000: 4500 0027 ba2c 0000 7511 e8fc 870c 3f0a E..'.,..u.....?.
0x0010: c0df 1ba7 0d32 1388 0013 ce44 5341 4d50 .....2.....DSAMP
0x0020: c0df 1ba7 8813 69
======================================
23:09:04.102064 IP (tos 0x0, ttl 116, id 63732, offset 0, flags [none], proto UDP (17), length 32)
31.178.206.99.30576 > 192.223.27.167.5000: UDP, payload 4
0x0000: 4500 0020 f8f4 0000 7411 833c 1fb2 ce63 E.......t..<...c
0x0010: c0df 1ba7 7770 1388 000c 0ff3 04b1 959d ....wp..........
======================================
23:09:04.104710 IP (tos 0x0, ttl 117, id 50094, offset 0, flags [none], proto UDP (17), length 39)
77.199.176.248.3391 > 192.223.27.167.5000: UDP, payload 11
0x0000: 4500 0027 c3ae 0000 7511 a6d1 4dc7 b0f8 E..'....u...M...
0x0010: c0df 1ba7 0d3f 1388 0013 958e 5341 4d50 .....?......SAMP
0x0020: c0df 1ba7 8813 69
======================================
I am having such attacks in my VDS, any idea to block it, and a little help to detect attackers packages!
Attacks on VDS
-
- New to forums
- Posts: 8
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Sat Apr 13, 2013 2:32 pm
Re: Attacks on VDS
If you're not running a SAMP server, it should be safe to block all length-39 UDP packets starting with "SAMP". Depending on the application that you run, you also might be able to block all length-32 UDP packets without causing collateral damage.
-
- New to forums
- Posts: 8
- Joined: Sat Apr 13, 2013 2:32 pm
Re: Attacks on VDS
If I run SAMP Servers!
Re: Attacks on VDS
If you run SAMP servers, you will need to consider a rate-limit or whitelist setup.
-
- New to forums
- Posts: 8
- Joined: Sat Apr 13, 2013 2:32 pm
Re: Attacks on VDS
A speed limit referred to it and how will you use?