DDoS Attacks - What do you do?

[Jack]

What do you do if there are multiple customers on the same IP, for example customer on port 27015 is under attack but customer 27016 is'nt?

 

DDoS attacks the whole server, not just a specific ip-port, thus it may be aimed at a specific server directly.

[Shepsie]

All of the ones I receive on clients are specific to particular port and IP, the nullrouting of the particular IP then stops the attack. Thus allowing customers on different IP's to use there servers again.

[ryanb213]

Looks like the COD4 DRDOS is going around again.

[Shepsie]

I was mainly trying to find out what do you if one customer is under attack on a specific IP /port and another customer on the same IP but different port is not under attack. But the nullroute of the IP will also affect them as well?

[dimitrifrom31]

I was mainly trying to find out what do you if one customer is under attack on a specific IP /port and another customer on the same IP but different port is not under attack. But the nullroute of the IP will also affect them as well?

 

of course.

 

 

Simply take note of offending Ip's, fill an abuse after checking who they belong to. If attacks persist sue the owner/provider.

[peace]

of course.

 

 

Simply take note of offending Ip's, fill an abuse after checking who they belong to. If attacks persist sue the owner/provider.

 

Easy to say. Did you successfully sue anyone?

[dimitrifrom31]

Easy to say. Did you successfully sue anyone?

 

with small attacks where you can easily track servers owner. sometimes hacker is just an idiot who found an how to on google and didnt think that he could be found and sued.

If massive ddos using zombie machines thats gona be harder but filling an abuse usually is enough.

[Shepsie]

Lots of people who attack garrysmod servers use a program called DEVNULL which is sold on private forums which essentially uses the COD4 DRDDOS method and quake attacks.

 

Customer can then buy more slots to up the power of the attacks they do.

 

Tracking these or even sueing them is next to impossible.

[ECF]

The problem is that the attacking machines are most likely unsuspecting providers that have had their machines compromised.

 

So you can attempt to sue them but it really is not their fault...

[Shepsie]

It would be so much simpler if the game makers patched this exploit.

[dimitrifrom31]

Ddos has nothing to do with games exploits. you can get ddos'ed without hosting a single game server.

[Shepsie]

Ddos has nothing to do with games exploits. you can get ddos'ed without hosting a single game server.

 

In my own experience with 90% of the attack I get onto my customers using Garrysmod, are based on the call of duty exploits.

 

As with minimal starting bandwidth then can amplify the attack.

[dimitrifrom31]

In my own experience with 90% of the attack I get onto my customers using Garrysmod, are based on the call of duty exploits.

 

As with minimal starting bandwidth then can amplify the attack.

 

 

those are more dos attacks, you can get ddos'ed because of a game server IP by an angry kid but you don't have to use a game exploit to launch a ddos.

 

Anyway we will stick to the same conclusion:

temporary nullroute + abuse + lawsuit

 

With a good HW firewall and 1Gbps+ Port you can handle the small attacks else its ways too much expensive to even consider trying to really mitigate a real ddos