January 25, 2018, 18:15:39
Welcome, Guest. Please login or register
News:

Hot Chills



collapse

* Server Information

Name:
IP:83.209.176.183
Port:36963
Map:
Players:0  [Hover]
Ranks:[Link]
Traffic:[Link]

* Who's Online

  • Dot Guests: 3
  • Dot Hidden: 0
  • Dot Users: 2
  • Dot Users Online:

* Recent Posts

Re: HC => Fws by Nighthawk
[December 17, 2017, 01:07:55]


Re: HC => Fws by Range Rover
[December 09, 2017, 16:33:17]


Re: HotChills.org will close on January 27 by Maloo
[November 28, 2017, 22:47:06]


Re: HotChills.org will close on January 27 by Bounty Hunter
[November 28, 2017, 18:29:07]


Re: HotChills.org will close on January 27 by siN
[November 28, 2017, 10:45:22]

Author Topic: Ddos attack  (Read 1580 times)

Offline siN

  • CS2D Moderator
  • Sr. Member
  • *
  • Posts: 340
  • Goddamn hackers, ban them all!
    • View Profile
Ddos attack
« on: April 11, 2016, 20:41:26 »
Hello! I want to report a mass ddos attack ocurring today :D

The server suffered from ddos attacks, maybe you(the owner) should get a better ddos protection ^^

Anyways that's all, just wanted to keep you (the owner) informed.

PS: Was it ex0? O.o

Offline Maloo

  • CS2D Moderator
  • Full Member
  • *
  • Posts: 166
    • View Profile
Re: Ddos attack
« Reply #1 on: April 11, 2016, 20:48:00 »
Before the ddos attacks i saw a guy joining as Player 3 (ID: 57648)
He stayed in specs the whole time, which was pretty suspicious.
I'm guessing it might have been him, although i might be wrong.

Offline siN

  • CS2D Moderator
  • Sr. Member
  • *
  • Posts: 340
  • Goddamn hackers, ban them all!
    • View Profile
Re: Ddos attack
« Reply #2 on: April 11, 2016, 21:01:48 »
Damn, i took to long to input his usgn here.

Offline Cirium

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Ddos attack
« Reply #3 on: April 13, 2016, 06:40:36 »

Before the ddos attacks i saw a guy joining as Player 3 (ID: 57648)
He stayed in specs the whole time, which was pretty suspicious.
I'm guessing it might have been him, although i might be wrong.

Can confirm. It's very obvious its him. Within a 1hour span earlier today my server was attacked 7-8 times. I noticed the same thing with him in spec as you did Hyorgh, he'll join the server, then 10 seconds later the attacks begin and the server crashes. He dosen't play, say, or do anything.

His goal is to get the players to leave and join the servers that he hosts. "Infinity" servers as it appears to be. He'll immediately run back to his servers hoping people will join him after he crashes other servers.

Code: [Select]
[16:11:48] Player clientdata: WIN {2916352}
[16:11:48] U.S.G.N.: Player (213.233.85.197) joining with U.S.G.N. ID #57648 - verifying...
[16:11:48] U.S.G.N.: 213.233.85.197 is using U.S.G.N. ID #57648
[16:11:48] Player 2 connected

It appears he's using something called "tsource engine query" commonly used to crash game servers. Specifically counterstrike and call of duty servers from what i've read. Can see the name encoded in the actual data packets that are received by the server. img: http://f.cirium.me/attacks_04-12-2016/screen1.png

Regards,
Cirium.

Offline Maloo

  • CS2D Moderator
  • Full Member
  • *
  • Posts: 166
    • View Profile
Re: Ddos attack
« Reply #4 on: April 13, 2016, 11:31:21 »
Wow 0.o
Ddosing other servers so that people would play on his one's... That's just the next level of douche-baggery.
Thank you Cirium for the confirmation, you did a really good job!
Now we need ŦƲƦƙɘƳ to permanently ban him.

Online ŦƲƦƙɘƳ

  • CS2D Administrator
  • Hero Member
  • *
  • Posts: 592
  • Hellouw!
    • View Profile
    • YouTube
Re: Ddos attack
« Reply #5 on: April 17, 2016, 16:04:01 »

Before the ddos attacks i saw a guy joining as Player 3 (ID: 57648)
He stayed in specs the whole time, which was pretty suspicious.
I'm guessing it might have been him, although i might be wrong.

Can confirm. It's very obvious its him. Within a 1hour span earlier today my server was attacked 7-8 times. I noticed the same thing with him in spec as you did Hyorgh, he'll join the server, then 10 seconds later the attacks begin and the server crashes. He dosen't play, say, or do anything.

His goal is to get the players to leave and join the servers that he hosts. "Infinity" servers as it appears to be. He'll immediately run back to his servers hoping people will join him after he crashes other servers.

Code: [Select]
[16:11:48] Player clientdata: WIN {2916352}
[16:11:48] U.S.G.N.: Player (213.233.85.197) joining with U.S.G.N. ID #57648 - verifying...
[16:11:48] U.S.G.N.: 213.233.85.197 is using U.S.G.N. ID #57648
[16:11:48] Player 2 connected

It appears he's using something called "tsource engine query" commonly used to crash game servers. Specifically counterstrike and call of duty servers from what i've read. Can see the name encoded in the actual data packets that are received by the server. img: http://f.cirium.me/attacks_04-12-2016/screen1.png

Regards,
Cirium.

Thank you for this valuable info. I'll make short work of him.
^^

Offline Cirium

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Ddos attack
« Reply #6 on: April 18, 2016, 01:19:00 »
Ohh that's nothing. Good to know its useful to you though. You could spend hours analyzing the attacks and learning about them. Not like that'l help though in the end.

Many of the attacks that take place in CS2D seem to be empty packet attacks. Which are mostly blockable using the correct firewall rules if you know what you're doing. (Two weeks ago took a hit of 60,000packets/sec from 'Pelennor' and his 4 VPSes. CS2D server was still playable and my box was mitigating every packet sent to it. Was quite impressed.)

Ultimately DDoS protection needs to be enabled 24/7 for this kind of attack, and even then I find that this "Alex" guy seems to switch his methods of attacks now and again making them difficult to mitigate. Not much that can be done but wait it out.

Regards,
Cirium.

 

Carbonate design by Bloc
variant: carbon
SMF 2.0.3 | SMF © 2013, Simple Machines
SimplePortal 2.3.5 © 2008-2012, SimplePortal