January 25, 2018, 20:18:27
Welcome, Guest. Please login or register
News:

Hot Chills



collapse

* Server Information

Name:
IP:83.209.176.183
Port:36963
Map:
Players:0  [Hover]
Ranks:[Link]
Traffic:[Link]

* Who's Online

  • Dot Guests: 2
  • Dot hidden: 0
  • Dot Users: 2
  • Dot Users Online:

* Recent Posts

Re: HC => Fws by Nighthawk
[December 17, 2017, 01:07:55]


Re: HC => Fws by Range Rover
[December 09, 2017, 16:33:17]


Re: HotChills.org will close on January 27 by Maloo
[November 28, 2017, 22:47:06]


Re: HotChills.org will close on January 27 by Bounty Hunter
[November 28, 2017, 18:29:07]


Re: HotChills.org will close on January 27 by siN
[November 28, 2017, 10:45:22]

Show Posts

* Messages | Topics | Attachments

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Cirium

Pages: [1]
1
Server / Re: Ddos attack
« on: April 18, 2016, 01:19:00 »
Ohh that's nothing. Good to know its useful to you though. You could spend hours analyzing the attacks and learning about them. Not like that'l help though in the end.

Many of the attacks that take place in CS2D seem to be empty packet attacks. Which are mostly blockable using the correct firewall rules if you know what you're doing. (Two weeks ago took a hit of 60,000packets/sec from 'Pelennor' and his 4 VPSes. CS2D server was still playable and my box was mitigating every packet sent to it. Was quite impressed.)

Ultimately DDoS protection needs to be enabled 24/7 for this kind of attack, and even then I find that this "Alex" guy seems to switch his methods of attacks now and again making them difficult to mitigate. Not much that can be done but wait it out.

Regards,
Cirium.

2
Server / Re: Ddos attack
« on: April 13, 2016, 06:40:36 »

Before the ddos attacks i saw a guy joining as Player 3 (ID: 57648)
He stayed in specs the whole time, which was pretty suspicious.
I'm guessing it might have been him, although i might be wrong.

Can confirm. It's very obvious its him. Within a 1hour span earlier today my server was attacked 7-8 times. I noticed the same thing with him in spec as you did Hyorgh, he'll join the server, then 10 seconds later the attacks begin and the server crashes. He dosen't play, say, or do anything.

His goal is to get the players to leave and join the servers that he hosts. "Infinity" servers as it appears to be. He'll immediately run back to his servers hoping people will join him after he crashes other servers.

Code: [Select]
[16:11:48] Player clientdata: WIN {2916352}
[16:11:48] U.S.G.N.: Player (213.233.85.197) joining with U.S.G.N. ID #57648 - verifying...
[16:11:48] U.S.G.N.: 213.233.85.197 is using U.S.G.N. ID #57648
[16:11:48] Player 2 connected

It appears he's using something called "tsource engine query" commonly used to crash game servers. Specifically counterstrike and call of duty servers from what i've read. Can see the name encoded in the actual data packets that are received by the server. img: http://f.cirium.me/attacks_04-12-2016/screen1.png

Regards,
Cirium.

Pages: [1]
Carbonate design by Bloc
variant: carbon
SMF 2.0.3 | SMF © 2013, Simple Machines
SimplePortal 2.3.5 © 2008-2012, SimplePortal