Banning an entire IP subnet

[Captain B.O]

A few days ago I IP banned someone off our servers for various reasons, but indstead of banning his exact IP I banned his whole subnet (as in missing out the last set of digits so it only adds xxx.xxx.xxx to the banned list). When I did writeip and went into banned_ip.cfg in it it had "addip 0 xxx.xxx.xxx.0". Is this supposed to be the case or does banned_ip.cfg only handle single IP addresses? I added his subnet underneith it in the cfg however it went back to only having xxx.xxx.xxx.0 when I checked later. I haven't seen him at all on our servers since but am wondering whether he is actually banned. The last digits of his IP weren't 0, it was .78 or something like that.

[Mooga]

You can't ban subnets automatically.
You can either add every IP to the ban list or use a firewall or IP blacklisting software to do that.
Peerblock can be customized to ban subnets (windows program).
I'm sure there are plenty of other firewall software that will let you build custom blacklists as well.

[BehaartesEtwas]

I know this doesn't answer your question but: IP bans are usually the wrong choice. IPs can change (some providers give you a new IP everytime you reconnect the modem), sometimes even the IP subnet will change. On the other hand some other people might be affected by the ban if they accidentally get the IP (or into the subnet).
Why don't you ban the ID? The guy will have to buy a new game if he want to change that...

[trewq]

As BehaartesEtwas said, ban their steam ID not their IP it is much more effective.

[Captain B.O]

Problem is before I banned him he said he could crash servers, but wouldn't crash ours because he liked playing on them. Later that day while not on the server (using HLSW) I caught him saying..... bad things so I decided to ban his IP because AFAIK you can still crash servers when you are ID banned because you can still make a connection to the servers before you are auto-kicked. There's a load of anti-crash/anti-exploit plugins that were added by the owner of the servers but I still wanted to be sure he was gone for good.

[trewq]

... I would call his bluff if you have ant-crash plugins on there.

[dualcore1289]

(06-24-2010, 03:30 PM)Goilio Wrote:  ... I would call his bluff if you have ant-crash plugins on there.

X2

[xguju]

(06-25-2010, 07:17 AM)dualcore1289 Wrote:  

(06-24-2010, 03:30 PM)Goilio Wrote:  ... I would call his bluff if you have ant-crash plugins on there.

X2

Should we really subject his GSP to annoyance by him by acting aggressively against a DDoS attacker. We aren't sure of his capabilities is what I am trying to infer here?

[Captain B.O]

Well yesterday afternoon I'd have probably agreed with you but since this unannounced change to clients and servers some of our security has been compromised ¬_¬. This will be fixed soon but currently they are not quite as secure as they could be. Does anyone know of a tool or site that can auto-generate a list of IPs within a subnet? I want this guy gone so I'm having to write out 255 IP addresses .

[trewq]

Um...Make a little program for your self? Or just tell me the range and I will give you the list.

---

(06-25-2010, 08:09 AM)xguju Wrote:  

(06-25-2010, 07:17 AM)dualcore1289 Wrote:  

(06-24-2010, 03:30 PM)Goilio Wrote:  ... I would call his bluff if you have ant-crash plugins on there.

X2

Should we really subject his GSP to annoyance by him by acting aggressively against a DDoS attacker. We aren't sure of his capabilities is what I am trying to infer here?

No offense to any GPS' but they should have DDoS prevention.

[BehaartesEtwas]

it's usually not a ddos that is used to crash some server but some exploits either in the server or in some plugin (mani...). but if banning the steamid doesn't help, banning the ip will not help either, I guess both are checked at the same time during the connection process. instead you would have to ban his IP via a firewall, but that's only possible if you run on a root server...

[loopyman]

(06-25-2010, 04:59 PM)BehaartesEtwas Wrote:  it's usually not a ddos that is used to crash some server but some exploits either in the server or in some plugin (mani...). but if banning the steamid doesn't help, banning the ip will not help either, I guess both are checked at the same time during the connection process. instead you would have to ban his IP via a firewall, but that's only possible if you run on a root server...

This, Except if the ID is banned the user can still make rcon connections to the game server and some exploits use rcon.

[Captain B.O]

Banning by ID does not stop them from connecting and sending/receiving info. I've been able to connect and be on a server my ID is banned from momentarily before I'm kicked with the usual The steam ID yadayada is banned. The thing about IP banning is it depends where you do the ban, through SRCDS or the actual server/connection. Doing it through the normal addip will stop a CS:S client from connecting however afaik you can still access rcon. I could access ftp when I added my own IP as a test.

When I added the subnet to banned_ip it just removed it, maybe if I make a new cfg file with it inside, and get server.cfg to exec it along with banned_ip/user it will work then.[/align]