A ray of hope against DDOS attacks

[Toto]

I want to leave just a note, this guy have a clue what he's talking about, do not consider him as newbie. There's many peoples that can solve this problem, but everyone is lazy or doesn't wants to...

[Gandalf]

Hi,

You are welcome to use my PM if you wish to discuss this more in-depth.
As for protecting, you have to make a difference between a DOS (dnial of service) and DDOS (distributes denial of service).
Most crashers and tools are working based on DOS. this means that a single connection floods a number of malformed packets, causing the server to crash.
The best solution lies in the server software itself. If the coders of the server package place limitations in the acceptance of packets, these tools become less effective as SA:MP has proven.
To a certain extent it is possible to catch repeat offenders by a packet sniffer. For this you need to have access to the RDP and run such a tool. The IP
 you may find this way can be blocked by using the native firewall.

As for DDOS, this is a different kind of attack. It does not have to be directed at a specific port, as an attack against any open port can overload the network capabilities (bandwidth) of the server. There are several cheap or free firewall solutions that reduce the effect by intelligently closing out suspicious traffic. However the downside is that the refused traffic tends to 'bounce' inside the data centre, causing outages on other servers in the same switch. Providers might not be happy and block your account.

The best way to stop a DDOS attack if having a secondary IP. In case of an attack you can enter the server from there and mae a switch. This is only needed in case of a long and persistent attacker. Most kids who 'order' an attack to not have the money to keep it up long enouch for it being a problem.

[hellboy_vkk]

DOS attack is quite easy to prevent as we can block the number of packets being received by the host (either vps or own hosted) on a specific port and that won't harm the connection much as DOS is not for long term as far i know people who use this cheap way.
but to stop this without using any firewall we have to edit the server software , but as we got no vcmp server code we cannot do it in that way (otherwise would have done that).
DDOS as you said that if we try to block the number of packets it will jump in the connection and will either make the service provider's connection to lag to all or may also can temporarily ban the connection , which ultimately will result in a permanent ban over us from the ISP. so this solution is not a nice way to do it.
and the next way you suggested about the secondary ip that will do the like in dos we will need to change ip and lose players playing there and it will decrease the server reputation .
Dos is not a big problem , we can even use the socket blocking technique (i hope that won't effect the players)  .
but i think this is real time to work on this issue as its getting worse now a days.
p.s. i just read the mIRC thing .. yeah mIRC is best but not the squirrel server i got .

[SugarD]

Hellboy_vkk:

I find it quite interesting that you are willing to work alongside another community in order to resolve this issue. I personally find this very noble of you to do, given that we are technically competition for each other in the VC:MP area of things.

As for the subject at hand, did you and Gandalf possibly come up with any solutions? I'm still searching for ideas for the security of this community's upcoming Liberty Unleashed server, and I love seeing what people come up with for their own servers so I can find new ways to protect our's, and possibly even share the ideas with them.

Thanks again for having the courage to create this topic and try to find a mutual resolution. You've got my respect for that.

-SugarD

[PulseEffect]

Hellboy_vkk:

I find it quite interesting that you are willing to work alongside another community in order to resolve this issue. I personally find this very noble of you to do, given that we are technically competition for each other in the VC:MP area of things.

As for the subject at hand, did you and Gandalf possibly come up with any solutions? I'm still searching for ideas for the security of this community's upcoming Liberty Unleashed server, and I love seeing what people come up with for their own servers so I can find new ways to protect our's, and possibly even share the ideas with them.

Thanks again for having the courage to create this topic and try to find a mutual resolution. You've got my respect for that.

-SugarD

+1

Yea, not sure if everyone knew, SAMP was lagging as I believe the DoSs' continued all the way into Monday Night for me. On the weekend the "10yr rage kid" decided to launch attacks against ParUni, RPG, Stunt and Teamspeak. Many of the servers were engulfed in heavy user traffic. These attacks from those who wish to destroy cookies can seriously please go outside and play catch.

[SugarD]

+1

Yea, not sure if everyone knew, SAMP was lagging as I believe the DoSs' continued all the way into Monday Night for me. On the weekend the "10yr rage kid" decided to launch attacks against ParUni, RPG, Stunt and Teamspeak. Many of the servers were engulfed in heavy user traffic. These attacks from those who wish to destroy cookies can seriously please go outside and play catch.

There was actually an announcement regarding SA:MP's situation, from which Gandalf said wasn't caused by a DDoS.

[hellboy_vkk]

sugarD thanks for your appreciation and i truly feel that coming up together can solve it (i hope so) and as far the competition is concerned i'd just say that the better will win that and time will decide it so keeping the competition aside we both are facing a problem which is making us not to compete each other so enemy of my enemy is my friend is my policy so that we can have a fair competition

also would like to add that i'm working on it the way i can and i hope if argonath gets any way they will tell us as i think argonath too believe in fair competition as i do.
thanks again for your replies

and yeah would like to add that your competition gona increase as i'm coming for SAMP soon i hope you will be ready for that.

[SugarD]

sugarD thanks for your appreciation and i truly feel that coming up together can solve it (i hope so) and as far the competition is concerned i'd just say that the better will win that and time will decide it so keeping the competition aside we both are facing a problem which is making us not to compete each other so enemy of my enemy is my friend is my policy so that we can have a fair competition

also would like to add that i'm working on it the way i can and i hope if argonath gets any way they will tell us as i think argonath too believe in fair competition as i do.
thanks again for your replies

and yeah would like to add that your competition gona increase as i'm coming for SAMP soon i hope you will be ready for that.

Ha, awesome! Love to see your enthusiasm too! These DDoS'ers don't stand a chance!

[hellboy_vkk]

thanks for your appreciation
Post Merge: November 03, 2012, 06:54:01 pmkessu stop being a fool man , i went there just to confirm that was it a dos attack over argonath too ,
i don't want to play with you man i told you already and if you still thinks that you are a lot superior then i have to say that you are the one because of which i'm not able to work .
i got an ip and went there to confirm weather we both got dos attack from same ip but you kicked me man this is too much , i'm a man of my words i don't want to play with you and i'm serious so stop acting like a  children .

[Klaus]

You are banned, which means you cannot enter the server for any reason. So please, "stop being a fool man".

[Kessu]

If you want to confirm something, use the forum PM. You are NOT allowed to enter the server under ANY circumstances. If you have the IP, send it to me and I can check it out.

[Teddy]

due to how anachronistic PAWN scripting is in VCMP, PAWN servers can be crashed due to a few attack packets sent (whatever you want to call them) whereas huge amount of packets sent on IP of a server scripted in mIRC/Squirrel 'should' just generate lag. If your server gets crashed due to ddos attacks while it's on squirrel I don't know what's the reason hellboy, back when we owned <insert server name here> with Morphine and Stormeus it wasn't crashable.

False.

A DDOS attack is against a service or port, not a script. Sure a script may exist to target this method of script, that doesn't make a it a DDOS. A decent attack can bring down a service or at least prevent its access regardless of the coding language.

The statement stands true the only really effective way to negate the effects of a DDOS attack is 2 servers, one is the server with the actual service; we'll call it computer A, and the other one is the IP actually handed out, we'll call it computer B. Computer B will need to have special software on it to one forward the data and communicate effectively between computer A and the user. Additionally computer B will monitor the traffic. Computer B is only a watching gateway, once it detects suspicious activity, or high flood coming from a certain IP it'll close the traffic to that IP, or in some software revert it. However, as I stated also before, this software is really expensive. This setup is commonly called a ddos proxy, as like a proxy the data is just being routed to a middleman.

[Marcell]

False.

A DDOS attack is against a service or port, not a script. Sure a script may exist to target this method of script, that doesn't make a it a DDOS. A decent attack can bring down a service or at least prevent its access regardless of the coding language.

The statement stands true the only really effective way to negate the effects of a DDOS attack is 2 servers, one is the server with the actual service; we'll call it computer A, and the other one is the IP actually handed out, we'll call it computer B. Computer B will need to have special software on it to one forward the data and communicate effectively between computer A and the user. Additionally computer B will monitor the traffic. Computer B is only a watching gateway, once it detects suspicious activity, or high flood coming from a certain IP it'll close the traffic to that IP, or in some software revert it. However, as I stated also before, this software is really expensive. This setup is commonly called a ddos proxy, as like a proxy the data is just being routed to a middleman.

I don't really care about the science bullshit talk, the point is any pawn-based server on VCMP can be crashed with a simple program due to a few button presses.

[SugarD]

I don't really care about the science bullshit talk, the point is any pawn-based server on VCMP can be crashed with a simple program due to a few button presses.

Then that is a different issue than what this topic is about.

[Teddy]

I don't really care about the science bullshit talk, the point is any pawn-based server on VCMP can be crashed with a simple program due to a few button presses.

Sure a script may exist to target this method of script, that doesn't make a it a DDOS.

Then that is a different issue than what this topic is about.