Dos

Xeno · October 2004

hey guys. i was wondering, how can you prevent someone from lagging your server. i admin a server, and i banned someone for language. i think he got mad, then like 1 hour later, the server started to lag badly. its been going on for 2 hours now. is it possible to do something like this, and how do i stop it, if possibe?

GiGaBiTe · October 2004

if you have a router with logging capabilities you can see if your being packet attacked. and the best way to stop something like this is to goto the router settings and disable all incoming hits on the router except the port that hlds uses.

i had a simmilar situation, someone was being an **** on my server so i banned them and one of their butt-buddies said "OMG WHY YOU BAN HIM, UNBAN NOW!"

well bla bla, i banned him but before i could execute the command he swore he would hack through my router and kill the server. so i watched his feeble attempts to use tftp and cause buffer overflows. he gave up after about an hour.

most people that think they can hack cant, and if they talk lots of smack, they are probably idiots.

if you can find the ip or ips that are hitting your server (if any) just traceroute them to their isp and they will be dealt with.

Sion · October 2004

there is a way to block ping pakets, as it's the paket reply that causes lag ...

but I only know how to do it on linux :o

GiGaBiTe · October 2004

well if you had one of those super expensive routers from cisco you could tell the router to ignore them, but for cheaper ones it really shouldnt bog the connection down if only a couple of people are pinging you. the max the dos ping command can send is 64 bytes, and thats not alot of data.

you could change your server name and ip address and that would stop them if the ip did not exist anymore.

JHunz · October 2004

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (GiGaBiTe @ Oct 23 2004, 09:26 PM)</td></tr><tr><td id='QUOTE'> well if you had one of those super expensive routers from cisco you could tell the router to ignore them, but for cheaper ones it really shouldnt bog the connection down if only a couple of people are pinging you. the max the dos ping command can send is 64 bytes, and thats not alot of data.

you could change your server name and ip address and that would stop them if the ip did not exist anymore.  </td></tr></table><div class='postcolor'> 
Ping packets can be a lot larger than 64 bytes.

GiGaBiTe · October 2004

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'> Ping packets can be a lot larger than 64 bytes.</td></tr></table><div class='postcolor'>

not from the dos ping command.

JHunz · October 2004

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (GiGaBiTe @ Oct 25 2004, 04:28 PM)</td></tr><tr><td id='QUOTE'></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'> Ping packets can be a lot larger than 64 bytes.</td></tr></table><div class='postcolor'>

not from the dos ping command.</td></tr></table><div class='postcolor'>
<span style='color:red'>D</span>enial <span style='color:red'>o</span>f <span style='color:red'>S</span>ervice attack

not Disk Operating System

devicenull · October 2004

And.. they can be a lot bigger then 64 bytes if you know what your doing..
</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'>
Pinging google.com [216.239.39.99] with 1024 bytes of data:
</td></tr></table><div class='postcolor'>

@Xeno, look through server logs to find IP addresses of the people who are doing this.
Put it in <a href='http://arin.net/' target='_blank'>http://arin.net/</a> then email where it says Abuse handle (usually ABUSE@ISP.NET) Also send a copy off to the techsupport handle. Repeat for each IP it comes from.

GiGaBiTe · October 2004

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (JHunz @ Oct 25 2004, 09:04 PM)</td></tr><tr><td id='QUOTE'> </div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (GiGaBiTe @ Oct 25 2004, 04:28 PM)</td></tr><tr><td id='QUOTE'></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'> Ping packets can be a lot larger than 64 bytes.</td></tr></table><div class='postcolor'>

not from the dos ping command.</td></tr></table><div class='postcolor'>
<span style='color:red'>D</span>enial <span style='color:red'>o</span>f <span style='color:red'>S</span>ervice attack

not Disk Operating System  </td></tr></table><div class='postcolor'> 
lol your not getting what im saying...

you can start a denial of service attack if you use the DOS PING COMMAND

c:/> ping 223.66.129.xxx -t -lsize 65500

but you have to get thousands of computers for something like that to work hitting the box at the same time.

im sure theres way better methods of doing this.

Scythe · October 2004

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (ping /?)</td></tr><tr><td id='QUOTE'>Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name

Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
<b> -l size Send buffer size.</b>
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.</td></tr></table><div class='postcolor'>

--Scythe--

GiGaBiTe · October 2004

yep thats the ping command in dos, the maximum lsize (buffer size) is 65500 bytes.

xeon-skycreations · November 2004

it is possible that he ran a crash script. just restart the server if it happens.

<img src='http://www.unknownworlds.com/forums/html//emoticons/tsa.gif' border='0' style='vertical-align:middle' alt='tsa.gif' /> Xeon - SkyCreations

Vadakill · November 2004

I've had screwheads doing this to me in the past as well. He was using a Distributed Denial of service attack on port 1. Unlike you however, I have access to my upstream providers border router and was able to block him from even getting in. Once his tool was disarmed he went away.

If you aren't sure how he's attacking you, try running TCPDump and redirect output to a file. Once the attack happens, you can see where it's coming from and what port he's using. You might be able to form a defense from there.

xeon-skycreations · November 2004

Dont you think thats kinda sad that people go to such extents over a game?

<img src='http://www.unknownworlds.com/forums/html//emoticons/tsa.gif' border='0' style='vertical-align:middle' alt='tsa.gif' /> Xeon - SkyCreations

Caucasian · November 2004

If you are running linux, I would suggest learning IPTables. From there, you should be able to only permit what you want to allow in from the internet as well as outbound to the internet.

Vadakill · November 2004

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Caucasian @ Nov 15 2004, 09:19 AM)</td></tr><tr><td id='QUOTE'> If you are running linux, I would suggest learning IPTables. From there, you should be able to only permit what you want to allow in from the internet as well as outbound to the internet.  </td></tr></table><div class='postcolor'> 
Yes, but you see the server still has to handle the traffic. Get enough of that junk coming in and it could saturate your connection, regardless if your machine drops the packets or not.

Dos

Comments