Author Topic: Performance issues  (Read 10820 times)

0 Members and 1 Guest are viewing this topic.

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Performance issues
« on: April 30, 2011, 05:52:40 pm »
Some of you may notice the forums and other services I host being slow.  One of my physical servers is under attack (DoS from 75.102.27.162, whoever that is.  If it's the real source it looks to be someone renting a server in Chicago).

They're targeting one of the NA Gather servers (the one I run on port 23002)


Dickless idiot, UDP flooding is so 1997.

Offline demoniac93

  • Veteran
  • *****
  • Posts: 1554
Re: Performance issues
« Reply #1 on: April 30, 2011, 07:40:22 pm »
1997? I don't know anything about internet servers, but if it's that old a method, shouldn't you it be easy to counter?
b&

Offline darDar

  • Soldat Beta Team
  • Flagrunner
  • ******
  • Posts: 794
    • #Soldat Gather - Community on Discord
Re: Performance issues
« Reply #2 on: April 30, 2011, 08:26:29 pm »
1997? I don't know anything about internet servers, but if it's that old a method, shouldn't you it be easy to counter?
you canĀ“t 100% protect any site of d-dosing.
Any Site can be d-dosed
Soldat Gather 'Matchmaking Community on Discord'

gather.soldat.pl

| My Maps: ctf_Pyramid, ctf_Replay, ctf_Blako, ctf_R6, ctf_Ntex, ctf_Caro, ctf_Bizar & vs_mode mappack |

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #3 on: April 30, 2011, 08:30:55 pm »
Here's the way DOS/DDOS attacks work, and why they're still common for skiddies who don't really know how to do anything more sophisticated:
- They generally work by sending lots of small packets, fast (in this case they're just one byte each).  This can make routers and other network devices upstream of the servers have problems handling routing/switching so many packets so fast.  This means that it is out of my control since I am a customer on this network.
- When this traffic hits a game server and needs to be processed by the application (which in this case it is, since it's UDP traffic going to a port the game server runs on), it'll cause that program to crash or use tons of CPU.  Which it did, which is why I put in a firewall rule to drop the traffic as soon as it hits the server so it can never reach the application.  no problem here
- Slightly smarter skiddies will change the traffic around until they get bored, so this was more of  a warning in case they decide to attack different servers and/or from different IP addresses, since there may be a delay before I can add a new address
- When there's enough traffic, it can still make the server pissy even if I'm telling the OS to drop it as soon as it gets there.  Though in a case like that it's probably saturating an upstream piece of network equipment anyway so I'd need to get my host to block it (which I have no confidence in them to be able to do, but the traffic stopped before I asked anyway)
- If there was enough traffic to cause problems for my host, then they'd have to ask their upstream to filter it, which makes it even more of a PITA to filter, even if the traffic constantly changes profile.

All of that said, yes it's very unsophisticated and easy to filter - except in my case where I'm a customer on someone else's network and they may or may not be competent enough to filter this simple attack out.

These kinds of attacks which are this simple generally come from a kid with access to a dedicated server who thinks they might as well just send the traffic from there, a kid who has compromised someone else's server with a tool and either the tool can't do anything more complex or they don't know enough to do something "better", or if it was distributed (which this isn't), then it's more like the latter - they used someone else's bot code and it can't do anything better than "send lots of packets which are fairly easy to block"

When I worked for an ISP I saw these attacks all the time (and we only saw/cared about the ones big enough to take out multiple customers or a device on our network).  It generally took only a minute or two to create a filter to block the attack traffic.

edit: which is what darDar said in a lot fewer words/with less detail/info

Offline 12th_account

  • Major(1)
  • Posts: 43
Re: Performance issues
« Reply #4 on: May 01, 2011, 05:13:53 am »
Well if his goal was degrading your services, pissing you off, wasting your time and to get official recognition from the admin, then I guess he was pretty successful, especially considering he used a tool and didn't have to spend much time setting it up.

Offline CheeSeMan.

  • Flagrunner
  • ****
  • Posts: 731
  • WOOT SLIPPERY PICKLES
Re: Performance issues
« Reply #5 on: May 01, 2011, 10:58:41 am »
sounds like a banned hacker got mad? So who lives in chicago? Usso? Atomic? x)
Banana Banging since summer 2008!     
cB. Cheeky Bananas                
#CheekyB.Soldat

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #6 on: May 01, 2011, 02:28:32 pm »
Well if his goal was degrading your services, pissing you off, wasting your time and to get official recognition from the admin, then I guess he was pretty successful, especially considering he used a tool and didn't have to spend much time setting it up.

he took a total of 10 minutes of my time, plus the time I took to write that longer post (which was just to enlighten the community about how DoS/DDoS work since there are probably some people here who are interested)

plus nothing actually went down except before I put the firewall rule in to keep the traffic from getting to the application (just so happened I was at the computer and saw it within seconds of it starting), soooooo I say he didn't get what he wanted.

Offline demoniac93

  • Veteran
  • *****
  • Posts: 1554
Re: Performance issues
« Reply #7 on: May 01, 2011, 03:05:02 pm »
Well if his goal was degrading your services, pissing you off, wasting your time and to get official recognition from the admin, then I guess he was pretty successful, especially considering he used a tool and didn't have to spend much time setting it up.

he took a total of 10 minutes of my time, plus the time I took to write that longer post (which was just to enlighten the community about how DoS/DDoS work since there are probably some people here who are interested)

plus nothing actually went down except before I put the firewall rule in to keep the traffic from getting to the application (just so happened I was at the computer and saw it within seconds of it starting), soooooo I say he didn't get what he wanted.

[sarcasm] Bad guys never do. [/sarcasm]
b&

Offline jettlarue

  • Flagrunner
  • ****
  • Posts: 724
Re: Performance issues
« Reply #8 on: May 01, 2011, 07:14:01 pm »
Should we all ddos his ip to show him we're not fucking around?

Offline jrgp

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 5036
Re: Performance issues
« Reply #9 on: May 01, 2011, 07:58:05 pm »
Should we all ddos his ip to show him we're not f**king around?

This isn't 4chan. :P
There are other worlds than these

Offline Fireman

  • Major
  • *
  • Posts: 88
  • D:
Re: Performance issues
« Reply #10 on: May 01, 2011, 09:18:18 pm »
sounds like a banned hacker got mad? So who lives in chicago? Usso? Atomic? x)

usso lives in wa

atom is in florida

unless they moved ?

Offline PQ

  • Camper
  • ***
  • Posts: 418
  • Charge!
Re: Performance issues
« Reply #11 on: May 01, 2011, 09:32:05 pm »
It's a server anyway. You could report it at the host and they might take the server down. I bet they're not allowed to DDoS with their server. ( http://www.colocrossing.com/ )
#2Wai.soldat @ quakenet.org Soldat's heaven


Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #12 on: May 02, 2011, 12:09:13 am »
It's a server anyway. You could report it at the host and they might take the server down. I bet they're not allowed to DDoS with their server. ( http://www.colocrossing.com/ )

yeah I notified them and another related company after it started.

Keep in mind that since it is UDP traffic it could be spoofed from somewhere else.  I can't know it came from them unless they can acknowledge a burst of traffic that corresponds to the attack I saw.

Offline vehicledestroyer

  • Soldier
  • **
  • Posts: 120
  • I'm a Soldat freelancer, and I'm Looking for work.
    • Crash Commando Kings
Re: Performance issues
« Reply #13 on: May 02, 2011, 04:11:29 am »
Should we all ddos his ip to show him we're not f**king around?

This isn't 4chan. :P

Lmao! No, like FilesLikeABrick said, it's not a very sophisticated attack. We should use a better one. I live in chicago so just trace the IP to an address and I'll take it from there *VD opens a can of woop ass*. xD
« Last Edit: May 02, 2011, 04:13:01 am by vehicledestroyer »
I am a Soldat freelancer. I'm looking for projects and I have some of my own. I'm ready when you are...
My Projects:
Soldat weapon Factory 1.1
A community appeal
GTA II Mod

Offline homerofgods

  • Soldat Beta Team
  • Rainbow Warrior
  • ******
  • Posts: 2029
  • We can do better!
Re: Performance issues
« Reply #14 on: May 02, 2011, 05:19:15 pm »
Should we all ddos his ip to show him we're not f**king around?

This isn't 4chan. :P

Lmao! No, like FilesLikeABrick said, it's not a very sophisticated attack. We should use a better one. I live in chicago so just trace the IP to an address and I'll take it from there *VD opens a can of woop ass*. xD
Crap in a bag and put it on his doorstep, atleast now I know more about DOS/DDOS
Btw, didn't he learn anything from Bin Ladens death? :p
« Last Edit: May 02, 2011, 05:22:22 pm by homerofgods »

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #15 on: May 08, 2011, 11:45:15 pm »
They're at it again. slightly different techniques this time but basically just as easy to block.  It might be distributed now but they don't have enough bots to take out any network hardware or my servers.... so sometimes things might get a little slow until I can block the traffic.


« Last Edit: May 09, 2011, 12:08:31 am by FliesLikeABrick »

Offline Meteorisch

  • Soldier
  • **
  • Posts: 144
Re: Performance issues
« Reply #16 on: May 09, 2011, 02:12:07 am »
they be hatin
www.idunwantanpage.com
Clicking this increases your IQ oh wait.

Offline demoniac93

  • Veteran
  • *****
  • Posts: 1554
Re: Performance issues
« Reply #17 on: May 09, 2011, 12:20:43 pm »
Wait, I thought you reported this to the owners of the server they were directing this from. What happened?
b&

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #18 on: May 09, 2011, 01:55:08 pm »
Wait, I thought you reported this to the owners of the server they were directing this from. What happened?

As is unfortunately all too common with abuse complaints, they didn't respond.  and also, as I mentioned, there was no way to tell if that traffic had its source IP address spoofed - so they may have looked into it and found that the traffic didn't really originate from their network.

Offline demoniac93

  • Veteran
  • *****
  • Posts: 1554
Re: Performance issues
« Reply #19 on: May 09, 2011, 02:55:13 pm »
Eh, even though it only lasts 10-20 minute each time, it is somewhat annoying.
Can't you put up a firewall or something for those kinds of attacks?
b&

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #20 on: May 09, 2011, 05:08:12 pm »
go read the rest of the thread.

and no, they're not still happening.  It happened for a bit when I posted last night, but hasn't happened since then.

Offline Furai

  • Administrator
  • Veteran
  • *****
  • Posts: 1908
    • TransHuman Design
Re: Performance issues
« Reply #21 on: May 10, 2011, 09:32:47 am »
How one can check if one was DoSed?
"My senses are so powerful that I can hear the blood pumping through your veins."

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Re: Performance issues
« Reply #22 on: May 10, 2011, 11:02:05 am »
You'll know when it happens.  Unless you make a pastime of pissing off people on the Internet, it's not something you need to worry about at home.  It's much more common for people who host sites/content/servers for other people because then the host feels the wrath of whoever the customers have pissed off.

In this case I suspect one of the people I host Soldat or other servers has someone who doesn't like them.

I only noticed these attacks because one of my servers had a bit of packet loss (and I have more than just hosting which goes through that server), so I flipped to a terminal tab where I track the interface usage of my servers.  if there's a strange volume of network traffic there, then I use tcpdump to figure out what it is and block accordingly.

Offline Furai

  • Administrator
  • Veteran
  • *****
  • Posts: 1908
    • TransHuman Design
Re: Performance issues
« Reply #23 on: May 10, 2011, 11:08:14 am »
I'm hosting few soldatservers, too, and my services were for sure attacked once. As I'm kinda newbie in terms of linux I'd like to know how to deal with it. I'd appreciate any help you can give me. :)
"My senses are so powerful that I can hear the blood pumping through your veins."

Offline PQ

  • Camper
  • ***
  • Posts: 418
  • Charge!
Re: Performance issues
« Reply #24 on: May 10, 2011, 11:13:22 am »
Pick your nose and wait till it's over.
#2Wai.soldat @ quakenet.org Soldat's heaven


Offline Meteorisch

  • Soldier
  • **
  • Posts: 144
Re: Performance issues
« Reply #25 on: May 10, 2011, 12:31:20 pm »
I'm hosting few soldatservers, too, and my services were for sure attacked once. As I'm kinda newbie in terms of linux I'd like to know how to deal with it. I'd appreciate any help you can give me. :)

close the servers wait a while restart them :DD
www.idunwantanpage.com
Clicking this increases your IQ oh wait.

Offline zyxstand

  • Veteran
  • *****
  • Posts: 1106
  • Mother of all Bombs
Re: Performance issues
« Reply #26 on: May 11, 2011, 03:59:53 am »
this wouldn't happen if soldat were p2p :P
Can't think of anything original to put here...