DOS Attacks

  • Hey - turns out IRC is out and something a little more modern has taken it's place... A little thing called Discord!

    Join our community @ https://discord.gg/JuaSzXBZrk for a pick-up game, or just to rekindle with fellow community members.

Phear

Phear

The all powerful W|G!
May 27, 2001
4,080
0
Birmingham, UK
Well it seems so jackass is DOS'ing the f00k out of our server, this is the reason for the constant re-occuring down time. This server hosts utassault.net and all the hosted clan sites. I am desperately trying to find out whose doing it and how I can stop it.

The league site and forums are hosted on seperate servers, however the DNS for them is on the same server as the uta site. If the main site is dead you can access them from these addresses:

Forums: http://d8981.u24.usa.assimilatedservers.net/
League: http://www.p-h-e-a-r.net/league/

I would make a note / bookmark those addresses.
Note by Martz: the alternative forum URL above should only be used if the main site cannot be accessed. If you use both or alternate between them you will experience cookie and login problems.
 
get some 8008 hacksaw to hacksaw them and leave a sub 8 barndoor greek in there system thus solveing the problem :)


im soo 8008 :)
 
[noob mode]

Haven't you got information about the attacks from your firewall? Then we can look if someone is registered with that ip >:)

[/noob mode]
 
Originally posted by Sonic
[noob mode]

Haven't you got information about the attacks from your firewall? Then we can look if someone is registered with that ip >:)

[/noob mode]
Click to expand...

SYN attacks from spoofed IP's are a pain the ass, so I am told.
 
Is this affecting the clanbase site too? Because I can't seem to reach that one either...
 
Unless the culprit is on an OC768 backbone connection then its gotta be a DDoS attack to take the server down.
 
I am probably wrong but i think with just a few computers using syn attacks using the ip off the adress u wanna attack as source ip or whatever u call it, u can like third the amount of bandwidth needed.

so say u had 5 cable connections going at 15kbyte/sec u could be flooding at 225kbyte/sec
 
Well maybe OC768 was a bit overboard ;x But most successful DDoS attacks are usually made of up serveral hundred to several thousand comprimised hosts using programs such as Trinoo, TFN, TFN2K and Stacheldraht.
 
The problem isn't the bandwidth, but resources. SYN attacks open up connections with a spoofed IP, and abandon them. Do this lots of times over a sustained period of time and the service is denied.
 
As you can imagine, all of this connection management consumes valuable and limited resources in the server. Meanwhile, the attacking TCP client continues firing additional fraudulent SYN packets at the server, forcing it to accumulate a continuously growing pool of incomplete connections. At some point, the server will be unable to accommodate any more "half-open" connections and even valid connections will fail, since the server's ability to accept any connections will have been maliciously consumed.

This is NOT bandwidth consumption

Before operating systems' TCP support was enhanced to mitigate the effect of these SYN floods, even a single malicious machine using a slow dial-up connection could fill and consume the "connection queues" of the highest performance Internet server. Although some advances in anti-SYN-spoofing vulnerability have been made, few effective solutions have been created.
Click to expand...
 
You must log in or register to reply here.
Top Bottom
Back