DoS attacks(help)

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
Post Reply
+FEAR+EPIC
A semi-regular
A semi-regular
Posts: 28
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Fri Jul 17, 2009 9:22 am

DoS attacks(help)

Post by +FEAR+EPIC »

Ok so i was woundering how i can prevent DoS attacks on my vps server
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: DoS attacks(help)

Post by Edge100x »

The best way to prevent DoS attacks is by treating disruptive players with kid gloves -- kicking and banning them, but being very civil about it.

But, that doesn't always work, and sometimes servers get attacked despite this.

If you feel that you might be getting attacked and you aren't sure who is doing it, I would recommend taking a look at a dump of the traffic to the server to see if anything about it is unusual, such as one person sending large numbers of packets or packets that are all the same size (one common attack on Source servers involves UDP packet with a zero-length payload).

More specifically, on your Windows server, install WinPcap and then run WinDump from the command line. It will show all packets coming in and out of your machine.

If you isolate a single IP, such as 111.111.111.111, that is flooding you or doing something otherwise malicious, you can block it with IPSec, which is built into Windows. To add an ipsec rule, you can use their snap-in, but I personally like to do it through the command line, using the ipseccmd tool that you can find in the Windows XP SP2 support tools. An example command line to block this IP (both in and out) would be:

Code: Select all

ipseccmd -f "0+111.111.111.111"
Some DoS attacks on HL1/Source servers (such as some exploits to crash the server) that we hear about attack bugs in the game itself, or its plugins, however, and would not be obvious in the packet output. In that case, you might try disabling or upgrading your plugins, or running a plugin that is designed to address deficiencies in the engine (if one exists for your particular type of DoS).
Post Reply