)>SoL<(~JK2 Worldwide
)>SoL<(~JK2 Worldwide
)>SoL<(~JK2 Worldwide
Would you like to react to this message? Create an account in a few clicks or log in to continue.

)>SoL<(~JK2 Worldwide

The Torch of Fair Play and Bonfire of Equality and Democracy
 
HomePortalSearchRegisterLog in
Sunrise of Liberty Reunion!
Take a look at holiday party!

)>SoL<(~JK2 Worldwide :: )>SoL<(~Free Chat :: Jedi Knight
 

 DDOS TODAY

Go down 
+3
KingYodah
EpicJK2
boss_master
7 posters
AuthorMessage
boss_master




Posts : 36

DDOS TODAY Empty
PostSubject: DDOS TODAY    DDOS TODAY Icon_minitimeMon 24 Oct 2016, 3:14 am
Today all the force servers got ddosed , KEN , FOD , SOL .
I'm gonna post the TCPDUMP and the IPTABLES from my server if any of u has any suggestions on what to do , feel free to reply.

TCPDUMP while DDOS
Code:
16:11:15.477570 IP 79.134.220.253.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.477597 IP 176.117.118.42.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477719 IP 93.188.191.102.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477854 IP 79.171.171.83.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.477893 IP 212.22.81.85.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477918 IP 213.27.10.195.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.477953 IP 85.88.164.190.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.477979 IP 85.12.237.201.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478008 IP 194.29.187.107.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478084 IP 94.127.68.160.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478117 IP 91.240.16.47.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478118 IP 93.184.163.19.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478143 IP 193.28.234.213.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478140 IP 194.11.21.203.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478168 IP 194.1.198.149.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478177 IP 212.20.8.135.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478507 IP 79.134.220.93.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478508 IP 79.134.220.86.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478513 IP 79.171.208.58.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478540 IP 193.25.191.157.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478610 IP 94.102.91.37.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478749 IP 79.134.220.222.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478706 IP 193.187.73.119.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478787 IP 84.254.224.22.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.478786 IP 91.220.131.207.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478791 IP 93.180.137.246.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.478946 IP 193.27.239.191.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479031 IP 91.221.61.239.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479041 IP 176.116.252.98.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479096 IP 213.24.146.83.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479002 IP 193.223.68.66.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479124 IP 193.28.234.213.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479101 IP 192.162.103.215.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479165 IP 193.200.10.29.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479254 IP 213.108.206.99.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479278 IP 193.26.208.194.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479331 IP 193.23.126.166.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479497 IP 79.134.221.101.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479508 IP 79.134.221.16.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479539 IP 193.203.60.193.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479541 IP 193.200.88.127.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479566 IP 91.221.247.198.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479637 IP 91.221.98.110.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479642 IP 79.134.220.200.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479649 IP 194.1.184.102.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479697 IP 213.5.48.65.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479793 IP 79.134.220.51.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.479906 IP 91.220.5.101.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.479967 IP 84.201.167.174.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480105 IP 193.200.211.211.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480114 IP 91.221.68.134.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480147 IP 93.189.42.132.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480213 IP 93.183.103.52.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480246 IP 212.32.199.223.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480511 IP 79.134.220.186.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480521 IP 79.134.221.94.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480525 IP 194.28.21.112.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480532 IP 193.104.64.30.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480546 IP 193.104.128.194.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480535 IP 193.201.159.205.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480609 IP 193.203.42.40.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480597 IP 79.134.221.69.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480629 IP 176.116.158.255.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480689 IP 176.124.188.34.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480790 IP 193.35.49.43.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.480844 IP 212.22.81.85.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.480935 IP 193.200.18.146.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481043 IP 84.23.33.225.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481067 IP 176.116.252.98.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481093 IP 94.125.94.43.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481104 IP 213.134.215.224.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481158 IP 176.115.206.41.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481177 IP 93.185.22.88.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481247 IP 176.123.216.48.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481253 IP 176.119.210.50.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481509 IP 193.25.191.157.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481517 IP 193.46.77.175.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481531 IP 86.110.113.72.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481533 IP 193.104.128.194.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481534 IP 193.47.154.192.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481539 IP 193.93.121.247.29070 > 176.28.14.191.28111: UDP, length 16
16:11:15.481545 IP 79.134.223.224.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481664 IP 79.134.221.104.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481718 IP 176.123.49.90.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481737 IP 93.190.17.80.29070 > 176.28.14.191.28111: UDP, length 15
16:11:15.481818 IP 79.134.220.157.29070 > 176.28.14.191.28111: UDP, length 15


IPTABLES
Code:
root@lvps176-28-14-191:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N CHECK1
-N udp-flood
-A INPUT -p udp -m length --length 16 -j DROP
-A INPUT -p udp -m length --length 15 -j DROP
-A INPUT -s 116.31.116.5/32 -j DROP
-A INPUT -s 182.100.67.113/32 -j DROP
-A INPUT -s 213.108.172.121/32 -j DROP
-A INPUT -s 212.220.8.67/32 -j DROP
-A INPUT -p udp -m length --length 1:1024 -m recent --set --name GetStatus --rsource
-A INPUT -p udp -m string --hex-string "|ffffffff676574737461747573|" --algo bm --to 65535 -m recent --update --name DEFAULT --rsource
-A INPUT -p udp -m string --hex-string "|ffffffff676574737461747573|" --algo bm --to 65535 -m recent --update --seconds 1 --hitcount 5 --name GetStatus --rsource -j DROP
-A INPUT -p udp -m length --length 28:32 -j DROP
-A INPUT -p udp -m length --length 15 -j CHECK1
-A INPUT -s MY_IP/32 -p tcp -m tcp --dport 28111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 27015 -j DROP
-A INPUT -p tcp -m tcp --dport 28111 -j DROP
-A OUTPUT -p udp -j udp-flood
-A udp-flood -p udp -m limit --limit 200/sec -j RETURN
-A udp-flood -j LOG --log-prefix "UDP-flood attempt: "
-A udp-flood -j DROP

And yes , I know sol has some flood protection but sol got ddosed as well.
Back to top Go down
EpicJK2
Legend
Legend
EpicJK2


Posts : 3376

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 24 Oct 2016, 3:58 am
Cheers for the info, looks like SoL is getting hit now. Do you know if it's only 1.04 getting attacked?
Back to top Go down
boss_master




Posts : 36

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 24 Oct 2016, 4:00 am
Well , it's someone from jk2 , also 50% of the ips doing the DDOS are RU.
It's diablo or electrozz .
Back to top Go down
KingYodah
Legend
Legend
KingYodah


Posts : 7342

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 24 Oct 2016, 5:15 am
We have d!ablo, veyd and dendy registered on forums. I don't know who else but IPs they posted from here on forums aren't among those mentioned here, and d!ablo has no post here hence can't check him out. If he has a post elsewhere it might be worth a try to compare that forum IP with logs, or we can try to check server logs too but I am not promising much from it. Some IPs looked familiar but probably only because they were close to IPs of someone else.
And dunno, could be one of them but if they use different IPs, it's hard to determine just as to determine who else could be behind it. It would be wild shooting. But we can keep the IPs for future references.
Back to top Go down
Danek

Danek


Posts : 1466

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 24 Oct 2016, 5:32 am
I believe it's Electrozz
Back to top Go down
EpicJK2
Legend
Legend
EpicJK2


Posts : 3376

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 24 Oct 2016, 7:52 am
What a f*cking joke, does some *sshole not have anything better to do than spend their time attacking a 13 year old game.
Back to top Go down
Kameleon




Posts : 260

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeTue 25 Oct 2016, 9:03 pm
They may not always use their own internet/IP when doing these sort of things, so your IP tables may not be of too much use Smile
Back to top Go down
KingYodah
Legend
Legend
KingYodah


Posts : 7342

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeTue 25 Oct 2016, 10:29 pm
Those IPs were likely spoofed anyway, yes.
Back to top Go down
michl




Posts : 7

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeSun 13 Nov 2016, 8:25 pm
Some of those IP's were used by player men@ce in past. Maybe a hint.
Back to top Go down
Kameleon




Posts : 260

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeSun 13 Nov 2016, 10:44 pm
Menace wouldn'til ddos anyone, and if he did he's too clever to use his own IP Laughing
Back to top Go down
michl




Posts : 7

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeSun 13 Nov 2016, 11:44 pm
Well he tried this on KAI server, why not on sol too? He's not clever afaik
Back to top Go down
merc




Posts : 55

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 14 Nov 2016, 6:00 am
Why would someone DDos a dead game? Seems pointless.
People should enjoy a game not ruining it for those 10 people who still play this game.
Back to top Go down
KingYodah
Legend
Legend
KingYodah


Posts : 7342

DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitimeMon 14 Nov 2016, 8:06 am
merc wrote:
Why would someone DDos a dead game? Seems pointless.
People should enjoy a game not ruining it for those 10 people who still play this game.
It pretty much looked like he was apparently doing it to populate his/their server when people can't play on their usual servers.
Back to top Go down
Sponsored content





DDOS TODAY Empty
PostSubject: Re: DDOS TODAY    DDOS TODAY Icon_minitime
Back to top Go down
 
DDOS TODAY
Back to top 
Page 1 of 1
 Similar topics
-
» Guess who i saw today?
» Someone lagging server today
» Sorry for anger today...
» New DJ Mix i made today
» fisto is 18 today

Permissions in this forum:You cannot reply to topics in this forum
)>SoL<(~JK2 Worldwide :: )>SoL<(~Free Chat :: Jedi Knight-
Jump to: