Login

silentbr · (This post was last modified: 07-25-2012, 03:51 AM by silentbr.)

Mates

I am getting Dos Attack for about 2 weeks from this IP 184.82.65.116 and the responsible is Hostnoc.net or .com

I sent them an email to 'abuse' (5 times) warning about a client using they're service to do bad things, but till now they didn't do anything to stop the kid that is attacking my servers. Searching on google I saw some reviews that Hostnoc is "dirty", they don't care if a client breake the rules.

The kid that is attacking my servers is like this: He attacks my CSS server, then go to attack my TF2 #01 server, then go to attack my TF2 #02 server. Is all day like this.

The company that hosts my servers already blocked the IP but didn't solve the problem, still lagging my servers.

Appear this in the linux log

Quote:17:46:03.408481 IP 184.82.65.116.41282 > : UDP, length 1
17:46:03.408493 IP 184.82.65.116.41282 > : UDP, length 1
17:46:03.408496 IP 184.82.65.116.41282 > : UDP, length 1
17:46:03.408499 IP 184.82.65.116.41282 > : UDP, length 1
17:46:03.408502 IP 184.82.65.116.41282 > : UDP, length 1
17:46:03.408504 IP 184.82.65.116.41282 > : UDP, length 1

I don't know what should I do. Can you guys please help me to find what kid is doing this with my community, or try talk with hostnoc, or something else to stop those attacks.

Please I beg help.

silentbr · 07-25-2012, 05:53 AM

Now getting attacks by another IP

184.22.123.76

Guys, how do I stop them?

loopyman · (This post was last modified: 07-25-2012, 06:50 AM by loopyman.)

You're probably just getting attacks from spoofed IP's. Happens all the time.

Best way to prevent it is to invest thousands in mitigation bandwidth and equipment... Or Null route YOUR ip. Problem with nullrouting it pretty much does what they intended the whole time.

You could move to a ddos mitigated facility, but those will cost more...

Hostnoc isn't dirty (Burst.NET etc) they just have thousands of cheap clients and very little support so it takes time for them to investigate abuse reports... By law they cannot ignore them. Plus the thousands of cheap clients typically don't know any better so the datacenter has become a haven for exploited / hacked servers...

silentbr · 07-25-2012, 07:23 AM

(07-25-2012, 06:45 AM)loopyman Wrote: You're probably just getting attacks from spoofed IP's. Happens all the time.

Best way to prevent it is to invest thousands in mitigation bandwidth and equipment... Or Null route YOUR ip. Problem with nullrouting it pretty much does what they intended the whole time.

You could move to a ddos mitigated facility, but those will cost more...

Hostnoc isn't dirty (Burst.NET etc) they just have thousands of cheap clients and very little support so it takes time for them to investigate abuse reports... By law they cannot ignore them. Plus the thousands of cheap clients typically don't know any better so the datacenter has become a haven for exploited / hacked servers...

In Brazil? All the companies has poor bandwitch. You can have 10 20 maybe 50 MB as bandwitch but would cost kind of $2.500 dollars. Most of them are 4~20 MB.

If a kid buy a botnet with 5 GB of power, it's pretty much impossible to stop it and run the server without lag.

Hostnoc should improve their service then. I am having dos atack for about 2 weeks, I did send a lot of emails and nothing... I guess finally they blocked the first IP, but the same client is using another IP. So i'ts not solved.

What should I do? Buy a VPS there and attacks that IP? C'mon I am not a criminal.

loopyman · 07-25-2012, 07:29 AM

Sorry, but Welcome to the internet!\

Don't retaliate... The attacker might be untraceable, but you might not be...

silentbr · 07-25-2012, 08:06 AM

(07-25-2012, 07:29 AM)loopyman Wrote: Sorry, but Welcome to the internet!\

Don't retaliate... The attacker might be untraceable, but you might not be...

Of course I will not retaliate. I don't accept those things, this is very bad. I just don't know what to do.

Mike · 07-26-2012, 07:25 PM

Do you know if you max out the switch port when it happens? If you are on Linux and its just a little DoS attack, then run;
iptables -A INPUT -p udp --destination-port 27015:27300 -m length --length 0:32 -j drop

Which should probably resolve the issue.

sozika · 07-27-2012, 02:49 AM

I'm being attacked by the same IP Sad

Try use:

"ip route add blackhole 184.82.65.116"

Or

"iptables -A FORWARD -s 184.82.65.116 -j DROP"

Mike · 07-27-2012, 04:28 AM

He gets 1 byte packets, UDP packets can easily be spoofed.

sozika · 07-27-2012, 04:33 AM

Hmm. How to block?

Mike · 07-27-2012, 05:39 AM

I just said it in one of my posts.

silentbr · 07-27-2012, 06:29 AM

(07-26-2012, 07:25 PM)Mike Wrote: Do you know if you max out the switch port when it happens? If you are on Linux and its just a little DoS attack, then run;
iptables -A INPUT -p udp --destination-port 27015:27300 -m length --length 0:32 -j drop

Which should probably resolve the issue.

Didn't solve the problem. Still getting attacks.

sozika · 07-27-2012, 06:44 AM

Iptables its not 'null route'.

Mike · 07-30-2012, 10:33 PM

A nullroute is when you actually set a route to not route anywhere, this would just drop all packets under 32 bytes on ports 27015-27300.

silentbr · 08-03-2012, 07:20 AM

I told Burst.net is dirty. More than 20 emails to denunce. They did turn off the machine for 3 days, now the client is attacking again with same IP.

They just want money, don't care about the rules and ethics. What a shame company.

Login
Username:
Password:	Lost Password?
	Remember me