[HELP] A2S/Dos attack exploit

Mikado · **Author**

Hello everybody.

So my CS:GO server is getting attacked by multi IPs ...
This maybe will help you to understand the problem:

Quote:

IP rate limit under distributed packet load (10468 buckets, 213589 global count), rejecting 62.83.123.56

5946.
IP rate limit sustained 430439 distributed packets at 14348.0 pps (0 buckets).
IP rate limit under distributed packet load (8836 buckets, 196551 global count), rejecting 78.58.62.122:62456.
IP rate limit sustained 423225 distributed packets at 14107.5 pps (0 buckets).
IP rate limit under distributed packet load (9746 buckets, 193136 global count), rejecting 115.144.113.243:768.
IP rate limit sustained 405515 distributed packets at 13517.2 pps (0 buckets).
IP rate limit under distributed packet load (9080 buckets, 190981 global count), rejecting 185.91.100.204

3323.
IP rate limit sustained 404014 distributed packets at 13467.1 pps (0 buckets).
IP rate limit under distributed packet load (9438 buckets, 193440 global count), rejecting 4.251.67.21:44317.
IP rate limit sustained 411873 distributed packets at 13729.1 pps (0 buckets).
IP rate limit under distributed packet load (10173 buckets, 189414 global count), rejecting 72.242.25.37:62486.
IP rate limit sustained 405017 distributed packets at 13500.6 pps (0 buckets).
IP rate limit under distributed packet load (8491 buckets, 187233 global count), rejecting 63.223.16.38:41502.
IP rate limit sustained 403867 distributed packets at 13462.2 pps (0 buckets).
IP rate limit under distributed packet load (9904 buckets, 187275 global count), rejecting 16.43.199.169:62052.
IP rate limit sustained 401065 distributed packets at 13368.8 pps (0 buckets).
IP rate limit under distributed packet load (8756 buckets, 184879 global count), rejecting 179.144.131.102:29851.
IP rate limit sustained 399941 distributed packets at 13331.4 pps (0 buckets).
IP rate limit under distributed packet load (9377 buckets, 187683 global count), rejecting 143.15.131.203:16826.
IP rate limit sustained 398810 distributed packets at 13293.7 pps (0 buckets).
IP rate limit under distributed packet load (9048 buckets, 68316 global count), rejecting 98.27.155.69:59606.

This started a week ago lost 70% of my daily players, i tested a lot of fix like A2S hux, rcon pretect, edited/changed differentes rates, but these attacks are still present.
if someone can help so please help

tumtum · 02-01-2016 , 13:23 Re: [HELP] A2S/Dos attack exploit

Close the TCP port.
If you are using linux and need fast help, send a pm for support.

Mikado · 02-01-2016 , 15:37 Re: [HELP] A2S/Dos attack exploit

If i close port the server won't be online
And yes i'm using linux centos

Potato Uno · 02-02-2016 , 00:20 Re: [HELP] A2S/Dos attack exploit

TCP is used for rcon only. All other data is UDP.

Nolongerinthegame · 02-02-2016 , 05:06 Re: [HELP] A2S/Dos attack exploit

Alternatively you can whitelist your ip address to access tcp. Helps though if you have a static ip address ;)

Mikado · 02-02-2016 , 10:07 Re: [HELP] A2S/Dos attack exploit

Quote:

Originally Posted by Potato Uno

TCP is used for rcon only. All other data is UDP.

But it's not a rcon hack i think, plus rcon_password is disabled.

Quote:

Originally Posted by nelioneil

Alternatively you can whitelist your ip address to access tcp. Helps though if you have a static ip address ;)

but this won't block these attacks.
there is a way like to limit trafic or limit multiple connection to the same port ?! or if you know more about this kind of flood... thank's for help

Mikado · 02-14-2016 , 11:54 Re: [HELP] A2S/Dos attack exploit

UP.

i tried iptables, CSF, ruleshax: https://forums.alliedmods.net/showthread.php?t=236521 and this: https://forums.alliedmods.net/showthread.php?t=196990 , even OVH anti ddos didn't block this.
so if someone has an idea or know something to reduce or stop these attacks, thank's for helping

Akuba · 02-14-2016 , 12:31 Re: [HELP] A2S/Dos attack exploit

The question is, do you really need rcon access that often? Or would it work to open the screen session. If you rarely use rcon, try disableing it by removing the "-ip xxx.xxx.xxx.xxx" parameter from your startscript. This (should) stop the attacks atleast for now.

Try this for a few days and see if it happens again if you enable it again.

Mikado · *Last edited by Mikado; 02-15-2016 at 14:32.*

Thank's for replying @Akuba

Quote:

this my startup cmd: ./srcds_run -game csgo -console -port 27017 -maxplayers_override 32 -tickrate 64 +sv_setsteamaccount *** +game_type 0 +game_mode 0 +mapgroup mg_active +map de_dust2 -authkey ***

on server.cfg

Quote:

rcon_password ""

cTmoNe · 02-19-2016 , 19:28 Re: [HELP] A2S/Dos attack exploit

They are in the same situation, my dedication is at OVH, but protection does not help, i tried everything iptables, firewall rules from OVH, to block TCP port but in vain

If anybody can help me with a script, i am willing to pay because i am tired