Dos

XenoXeno Join Date: 2002-11-01 Member: 2343Members
hey guys. i was wondering, how can you prevent someone from lagging your server. i admin a server, and i banned someone for language. i think he got mad, then like 1 hour later, the server started to lag badly. its been going on for 2 hours now. is it possible to do something like this, and how do i stop it, if possibe?

Comments

  • GiGaBiTeGiGaBiTe Join Date: 2003-10-07 Member: 21489Members
    if you have a router with logging capabilities you can see if your being packet attacked. and the best way to stop something like this is to goto the router settings and disable all incoming hits on the router except the port that hlds uses.

    i had a simmilar situation, someone was being an **** on my server so i banned them and one of their butt-buddies said "OMG WHY YOU BAN HIM, UNBAN NOW!"

    well bla bla, i banned him but before i could execute the command he swore he would hack through my router and kill the server. so i watched his feeble attempts to use tftp and cause buffer overflows. he gave up after about an hour.

    most people that think they can hack cant, and if they talk lots of smack, they are probably idiots.

    if you can find the ip or ips that are hitting your server (if any) just traceroute them to their isp and they will be dealt with.
  • SionSion Join Date: 2004-09-10 Member: 31572Members
    there is a way to block ping pakets, as it's the paket reply that causes lag ...

    but I only know how to do it on linux :o
  • GiGaBiTeGiGaBiTe Join Date: 2003-10-07 Member: 21489Members
    well if you had one of those super expensive routers from cisco you could tell the router to ignore them, but for cheaper ones it really shouldnt bog the connection down if only a couple of people are pinging you. the max the dos ping command can send is 64 bytes, and thats not alot of data.

    you could change your server name and ip address and that would stop them if the ip did not exist anymore.
  • JHunzJHunz Join Date: 2002-11-15 Member: 8815Members, Constellation
    <!--QuoteBegin-GiGaBiTe+Oct 23 2004, 09:26 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (GiGaBiTe @ Oct 23 2004, 09:26 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> well if you had one of those super expensive routers from cisco you could tell the router to ignore them, but for cheaper ones it really shouldnt bog the connection down if only a couple of people are pinging you. the max the dos ping command can send is 64 bytes, and thats not alot of data.

    you could change your server name and ip address and that would stop them if the ip did not exist anymore. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Ping packets can be a lot larger than 64 bytes.
  • GiGaBiTeGiGaBiTe Join Date: 2003-10-07 Member: 21489Members
    <!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Ping packets can be a lot larger than 64 bytes.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->

    not from the dos ping command.
  • JHunzJHunz Join Date: 2002-11-15 Member: 8815Members, Constellation
    <!--QuoteBegin-GiGaBiTe+Oct 25 2004, 04:28 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (GiGaBiTe @ Oct 25 2004, 04:28 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Ping packets can be a lot larger than 64 bytes.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->

    not from the dos ping command.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    <span style='color:red'>D</span>enial <span style='color:red'>o</span>f <span style='color:red'>S</span>ervice attack

    not Disk Operating System
  • devicenulldevicenull Join Date: 2003-04-30 Member: 15967Members, NS2 Playtester, Squad Five Blue
    edited October 2004
    And.. they can be a lot bigger then 64 bytes if you know what your doing..
    <!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
    Pinging google.com [216.239.39.99] with 1024 bytes of data:
    <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->

    @Xeno, look through server logs to find IP addresses of the people who are doing this.
    Put it in <a href='http://arin.net/' target='_blank'>http://arin.net/</a> then email where it says Abuse handle (usually ABUSE@ISP.NET) Also send a copy off to the techsupport handle. Repeat for each IP it comes from.
  • GiGaBiTeGiGaBiTe Join Date: 2003-10-07 Member: 21489Members
    <!--QuoteBegin-JHunz+Oct 25 2004, 09:04 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (JHunz @ Oct 25 2004, 09:04 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-GiGaBiTe+Oct 25 2004, 04:28 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (GiGaBiTe @ Oct 25 2004, 04:28 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Ping packets can be a lot larger than 64 bytes.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->

    not from the dos ping command.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    <span style='color:red'>D</span>enial <span style='color:red'>o</span>f <span style='color:red'>S</span>ervice attack

    not Disk Operating System <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    lol your not getting what im saying...

    you can start a denial of service attack if you use the DOS PING COMMAND

    c:/> ping 223.66.129.xxx -t -lsize 65500

    but you have to get thousands of computers for something like that to work hitting the box at the same time.

    im sure theres way better methods of doing this.
  • ScytheScythe Join Date: 2002-01-25 Member: 46NS1 Playtester, Forum Moderators, Constellation, Reinforced - Silver
    <!--QuoteBegin-ping /?+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (ping /?)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
                [-r count] [-s count] [[-j host-list] | [-k host-list]]
                [-w timeout] target_name

    Options:
        -t            Ping the specified host until stopped.
                      To see statistics and continue - type Control-Break;
                      To stop - type Control-C.
        -a            Resolve addresses to hostnames.
        -n count      Number of echo requests to send.
    <b>    -l size        Send buffer size.</b>
        -f            Set Don't Fragment flag in packet.
        -i TTL        Time To Live.
        -v TOS        Type Of Service.
        -r count      Record route for count hops.
        -s count      Timestamp for count hops.
        -j host-list  Loose source route along host-list.
        -k host-list  Strict source route along host-list.
        -w timeout    Timeout in milliseconds to wait for each reply.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->

    --Scythe--
  • GiGaBiTeGiGaBiTe Join Date: 2003-10-07 Member: 21489Members
    yep thats the ping command in dos, the maximum lsize (buffer size) is 65500 bytes.
  • xeon-skycreationsxeon-skycreations Join Date: 2004-11-11 Member: 32750Members
    it is possible that he ran a crash script. just restart the server if it happens.

    <!--emo&::tsa::--><img src='http://www.unknownworlds.com/forums/html//emoticons/tsa.gif' border='0' style='vertical-align:middle' alt='tsa.gif' /><!--endemo--> Xeon - SkyCreations
  • VadakillVadakill The Almighty BSO Join Date: 2002-04-02 Member: 373Members, NS1 Playtester
    edited November 2004
    I've had screwheads doing this to me in the past as well. He was using a Distributed Denial of service attack on port 1. Unlike you however, I have access to my upstream providers border router and was able to block him from even getting in. Once his tool was disarmed he went away.

    If you aren't sure how he's attacking you, try running TCPDump and redirect output to a file. Once the attack happens, you can see where it's coming from and what port he's using. You might be able to form a defense from there.
  • xeon-skycreationsxeon-skycreations Join Date: 2004-11-11 Member: 32750Members
    Dont you think thats kinda sad that people go to such extents over a game?

    <!--emo&::tsa::--><img src='http://www.unknownworlds.com/forums/html//emoticons/tsa.gif' border='0' style='vertical-align:middle' alt='tsa.gif' /><!--endemo--> Xeon - SkyCreations
  • CaucasianCaucasian Join Date: 2002-11-26 Member: 9993Members
    If you are running linux, I would suggest learning IPTables. From there, you should be able to only permit what you want to allow in from the internet as well as outbound to the internet.
  • VadakillVadakill The Almighty BSO Join Date: 2002-04-02 Member: 373Members, NS1 Playtester
    <!--QuoteBegin-Caucasian+Nov 15 2004, 09:19 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Caucasian @ Nov 15 2004, 09:19 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> If you are running linux, I would suggest learning IPTables. From there, you should be able to only permit what you want to allow in from the internet as well as outbound to the internet. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Yes, but you see the server still has to handle the traffic. Get enough of that junk coming in and it could saturate your connection, regardless if your machine drops the packets or not.
Sign In or Register to comment.