)>SoL<(~JK2 Worldwide

The Torch of Fair Play and Bonfire of Equality and Democracy
 
HomePortalCalendarFAQSearchMemberlistUsergroupsRegisterLog in
JK2 for Number 1!
Let us capture the victory!
A look at the table?
Fun events!
Want to organize an event or any to happen?
Post or ask for help here!
Black Flame!
Enel holds black flame!
Who will face him?
Autumn Tournament!
TT Autumn 2016 begins!
Sign up here!
Skin Add ons
Post your skins that you'd like to have!
Find details here!
Council frozen!
Read discussion here!
Check poll result here!

Share | 
 

 DDOS TODAY

View previous topic View next topic Go down 
AuthorMessage
boss_master



Posts : 36

PostSubject: DDOS TODAY    Mon 24 Oct 2016, 3:14 am

Today all the force servers got ddosed , KEN , FOD , SOL .
I'm gonna post the TCPDUMP and the IPTABLES from my server if any of u has any suggestions on what to do , feel free to reply.

TCPDUMP while DDOS
Code:
16:11:15.477570 IP 79.134.220.253.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.477597 IP 176.117.118.42.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477719 IP 93.188.191.102.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477854 IP 79.171.171.83.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.477893 IP 212.22.81.85.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477918 IP 213.27.10.195.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477953 IP 85.88.164.190.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.477979 IP 85.12.237.201.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478008 IP 194.29.187.107.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478084 IP 94.127.68.160.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478117 IP 91.240.16.47.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478118 IP 93.184.163.19.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478143 IP 193.28.234.213.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478140 IP 194.11.21.203.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478168 IP 194.1.198.149.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478177 IP 212.20.8.135.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478507 IP 79.134.220.93.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478508 IP 79.134.220.86.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478513 IP 79.171.208.58.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478540 IP 193.25.191.157.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478610 IP 94.102.91.37.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478749 IP 79.134.220.222.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478706 IP 193.187.73.119.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478787 IP 84.254.224.22.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478786 IP 91.220.131.207.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478791 IP 93.180.137.246.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478946 IP 193.27.239.191.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479031 IP 91.221.61.239.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479041 IP 176.116.252.98.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479096 IP 213.24.146.83.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479002 IP 193.223.68.66.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479124 IP 193.28.234.213.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479101 IP 192.162.103.215.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479165 IP 193.200.10.29.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479254 IP 213.108.206.99.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479278 IP 193.26.208.194.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479331 IP 193.23.126.166.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479497 IP 79.134.221.101.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479508 IP 79.134.221.16.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479539 IP 193.203.60.193.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479541 IP 193.200.88.127.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479566 IP 91.221.247.198.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479637 IP 91.221.98.110.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479642 IP 79.134.220.200.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479649 IP 194.1.184.102.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479697 IP 213.5.48.65.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479793 IP 79.134.220.51.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479906 IP 91.220.5.101.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479967 IP 84.201.167.174.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480105 IP 193.200.211.211.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480114 IP 91.221.68.134.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480147 IP 93.189.42.132.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480213 IP 93.183.103.52.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480246 IP 212.32.199.223.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480511 IP 79.134.220.186.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480521 IP 79.134.221.94.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480525 IP 194.28.21.112.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480532 IP 193.104.64.30.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480546 IP 193.104.128.194.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480535 IP 193.201.159.205.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480609 IP 193.203.42.40.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480597 IP 79.134.221.69.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480629 IP 176.116.158.255.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480689 IP 176.124.188.34.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480790 IP 193.35.49.43.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480844 IP 212.22.81.85.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480935 IP 193.200.18.146.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481043 IP 84.23.33.225.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481067 IP 176.116.252.98.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481093 IP 94.125.94.43.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481104 IP 213.134.215.224.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481158 IP 176.115.206.41.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481177 IP 93.185.22.88.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481247 IP 176.123.216.48.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481253 IP 176.119.210.50.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481509 IP 193.25.191.157.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481517 IP 193.46.77.175.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481531 IP 86.110.113.72.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481533 IP 193.104.128.194.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481534 IP 193.47.154.192.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481539 IP 193.93.121.247.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481545 IP 79.134.223.224.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481664 IP 79.134.221.104.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481718 IP 176.123.49.90.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481737 IP 93.190.17.80.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481818 IP 79.134.220.157.29070 > 176.28.14.191.28111: UDP, length 15


IPTABLES
Code:
root@lvps176-28-14-191:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N CHECK1
-N udp-flood
-A INPUT -p udp -m length --length 16 -j DROP
-A INPUT -p udp -m length --length 15 -j DROP
-A INPUT -s 116.31.116.5/32 -j DROP
-A INPUT -s 182.100.67.113/32 -j DROP
-A INPUT -s 213.108.172.121/32 -j DROP
-A INPUT -s 212.220.8.67/32 -j DROP
-A INPUT -p udp -m length --length 1:1024 -m recent --set --name GetStatus --rsource
-A INPUT -p udp -m string --hex-string "|ffffffff676574737461747573|" --algo bm --to 65535 -m recent --update --name DEFAULT --rsource
-A INPUT -p udp -m string --hex-string "|ffffffff676574737461747573|" --algo bm --to 65535 -m recent --update --seconds 1 --hitcount 5 --name GetStatus --rsource -j DROP
-A INPUT -p udp -m length --length 28:32 -j DROP
-A INPUT -p udp -m length --length 15 -j CHECK1
-A INPUT -s MY_IP/32 -p tcp -m tcp --dport 28111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 27015 -j DROP
-A INPUT -p tcp -m tcp --dport 28111 -j DROP
-A OUTPUT -p udp -j udp-flood
-A udp-flood -p udp -m limit --limit 200/sec -j RETURN
-A udp-flood -j LOG --log-prefix "UDP-flood attempt: "
-A udp-flood -j DROP

And yes , I know sol has some flood protection but sol got ddosed as well.
Back to top Go down
View user profile
EpicJK2
Legend
Legend


Posts : 2947

PostSubject: Re: DDOS TODAY    Mon 24 Oct 2016, 3:58 am

Cheers for the info, looks like SoL is getting hit now. Do you know if it's only 1.04 getting attacked?
Back to top Go down
View user profile
boss_master



Posts : 36

PostSubject: Re: DDOS TODAY    Mon 24 Oct 2016, 4:00 am

Well , it's someone from jk2 , also 50% of the ips doing the DDOS are RU.
It's diablo or electrozz .
Back to top Go down
View user profile
KingYodah
Legend
Legend


Posts : 5789

PostSubject: Re: DDOS TODAY    Mon 24 Oct 2016, 5:15 am

We have d!ablo, veyd and dendy registered on forums. I don't know who else but IPs they posted from here on forums aren't among those mentioned here, and d!ablo has no post here hence can't check him out. If he has a post elsewhere it might be worth a try to compare that forum IP with logs, or we can try to check server logs too but I am not promising much from it. Some IPs looked familiar but probably only because they were close to IPs of someone else.
And dunno, could be one of them but if they use different IPs, it's hard to determine just as to determine who else could be behind it. It would be wild shooting. But we can keep the IPs for future references.

___________________
)>SoL<(~KingYodah
~SoL HC Admin
~SoL FA Admin

EpicJK2 wrote:
You can always get grapeless seeds

Mai** wrote:
My antivirus had poop up

Back to top Go down
View user profile
Danek
Sith Warrior
Sith Warrior


Posts : 1400

PostSubject: Re: DDOS TODAY    Mon 24 Oct 2016, 5:32 am

I believe it's Electrozz
Back to top Go down
View user profile
EpicJK2
Legend
Legend


Posts : 2947

PostSubject: Re: DDOS TODAY    Mon 24 Oct 2016, 7:52 am

What a f*cking joke, does some *sshole not have anything better to do than spend their time attacking a 13 year old game.
Back to top Go down
View user profile
Kameleon



Posts : 155

PostSubject: Re: DDOS TODAY    Tue 25 Oct 2016, 9:03 pm

They may not always use their own internet/IP when doing these sort of things, so your IP tables may not be of too much use Smile
Back to top Go down
View user profile
KingYodah
Legend
Legend


Posts : 5789

PostSubject: Re: DDOS TODAY    Tue 25 Oct 2016, 10:29 pm

Those IPs were likely spoofed anyway, yes.

___________________
)>SoL<(~KingYodah
~SoL HC Admin
~SoL FA Admin

EpicJK2 wrote:
You can always get grapeless seeds

Mai** wrote:
My antivirus had poop up

Back to top Go down
View user profile
michl



Posts : 2

PostSubject: Re: DDOS TODAY    Sun 13 Nov 2016, 8:25 pm

Some of those IP's were used by player men@ce in past. Maybe a hint.
Back to top Go down
View user profile
Kameleon



Posts : 155

PostSubject: Re: DDOS TODAY    Sun 13 Nov 2016, 10:44 pm

Menace wouldn'til ddos anyone, and if he did he's too clever to use his own IP Laughing
Back to top Go down
View user profile
michl



Posts : 2

PostSubject: Re: DDOS TODAY    Sun 13 Nov 2016, 11:44 pm

Well he tried this on KAI server, why not on sol too? He's not clever afaik
Back to top Go down
View user profile
merc



Posts : 34

PostSubject: Re: DDOS TODAY    Mon 14 Nov 2016, 6:00 am

Why would someone DDos a dead game? Seems pointless.
People should enjoy a game not ruining it for those 10 people who still play this game.
Back to top Go down
View user profile
KingYodah
Legend
Legend


Posts : 5789

PostSubject: Re: DDOS TODAY    Mon 14 Nov 2016, 8:06 am

merc wrote:
Why would someone DDos a dead game? Seems pointless.
People should enjoy a game not ruining it for those 10 people who still play this game.
It pretty much looked like he was apparently doing it to populate his/their server when people can't play on their usual servers.

___________________
)>SoL<(~KingYodah
~SoL HC Admin
~SoL FA Admin

EpicJK2 wrote:
You can always get grapeless seeds

Mai** wrote:
My antivirus had poop up

Back to top Go down
View user profile
Sponsored content




PostSubject: Re: DDOS TODAY    Today at 8:02 am

Back to top Go down
 
DDOS TODAY
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» I got chased by a horse today
» Later today maybe...at Sci Fi City
» Sorry, was busy today.
» today was a good day
» OMG I talked to a girl today...

Permissions in this forum:You cannot reply to topics in this forum
)>SoL<(~JK2 Worldwide :: )>SoL<(~Free Chat :: Jedi Knight-
Jump to: