Ok so John transfered me here -.-, He told me he would advise me on how to determine the type of attack in order to be able to block it or to help us block it on my behalf. This will involve troubleshooting it with utilities such as wireshark/windump, process monitor, or the application and its logs itself.
i host a small, 2d pvp game run through a system by Byond.com called dream maker and hosted through dream daemon. Currently i have hackers ddosing my game and nfo cant do anything about it, because they have no clue about what is happening, The Hackers are flooding my game with thousands of fake players causing HUGE lag surges and blocking my players from playing my game. Im extremly pissed off about it and i have NO clue what the hell to do. I Have to stop them they are ruining my game
To clarify, what is happening against linkinparksf is not a DDoS, but an application-specific/OS-specific DoS of some sort. It is not large enough to make a blip in bandwidth graphs and I have not been able to capture it on this end. This does not mean that it can't be filtered; likely, the opposite is true. But, linkinparksf, through his unmanaged single-core VDS, needs to collect further information on what is happening, for us to understand the attack and suggest a course of action. Fundamentally, this is a software question, and one that other customers can benefit from the answer to, which is why I advised him to post here.
The first step here will be to run Wireshark or windump while the attack is in progress, looking for anything that stands out. For instance:
* Many connections from a single IP * Packets that are all the same size * Many ICMP messages * Packets sent to an invalid port * Anything that does not fit in with the normal game traffic flows
With an application-specific attack, it does not usually require much traffic to take the target service down, typically because the attack exploits a weakness in the code that causes all CPU or memory resources to be exhausted (something that should also be visible through the task manager). Generally these types of attacks use specially-crafted identical packets that come either from a large set of spoofed IPs or from a single attacking IP.
Users browsing this forum: Google [Bot] and 1 guest
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum