[C0nw0nk]

To everyone who loves the TCP/IP Stack in your systems registry theres allot more functions avalible that microsoft recommend to be added.

http://technet.microsoft.com/library/cc700847.aspx

[-=Leb=-]

Hi c0n, i have a windows server 2003. and im trying to block the srcds connecting from TCP
and i can't get your command to work

Quote:

netsh advfirewall firewall add rule name="srcds block TCP" protocol=TCP dir=in action=block program="C:\srcds\srcds.exe"

would you plz type the command for windows 2003


I maybe need to allow the UDP incase if its blocked.

Quote:

netsh advfirewall firewall add rule name="srcds allow UDP" protocol=UDP dir=in action=allow program="C:\srcds\srcds.exe" localport=27015,27020

thx in advance

[C0nw0nk]

In windows server 2003 the command line is different when i find out what it is i will post it but i don't think it blocks ports for specific programs like windows firewall 2008 as far as i am aware if you block a port it would block it for all programs upon the server.

To open a port this would do the trick
netsh firewall set portopening protocol=TCP port=3389 name="Remote Desktop Protocol" mode=ENABLE

To block a port im assuming if it is not set to a state as allowed in the firewall it would be blocked by default.
(Atleast thats the understanding i have from microsoft http://technet.microsoft.com/en-us/l...=ws.10%29.aspx)

So it should look like this.. I hope it works

netsh firewall delete portopening protocol=TCP port=27015

[-=Leb=-]

Quote:

Originally Posted by C0nw0nk In windows server 2003 the command line is different when i find out what it is i will post it but i don't think it blocks ports for specific programs like windows firewall 2008 as far as i am aware if you block a port it would block it for all programs upon the server.

Hi thx for the reply. that will be awesome if you could find a way to prevent the srcds connecting to steam servers from the TCP. I want them to connect from UDP like before to fix the problem i have in my servers.

[C0nw0nk]

I just updated the original post and added "Anti-DDoS Tools" Basically really handy for windows servers under any form of denial of service attack.
http://sourceforge.net/projects/qaas...?source=navbar

• Blocks IP address with more than 100 connection on DNS MSSQL MySQL HTTP
• Does not block host IP and IP in the white list
• you can unblock IP using ublock command
• Takes only few seconds for setup

It is a step forward for windows DDoS Security and its Free!

Also http://sourceforge.net/projects/wipfw/?source=directory "wipfw" :

wipfw - IPv4 packet filter and traffic shaper for Windows based on IPFW (FreeBSD firewall).

[NinjaSK]

Can we expect a Linux version anytime soon C0nw0nk?

[C0nw0nk]

Quote:

Originally Posted by NinjaSK Can we expect a Linux version anytime soon C0nw0nk?

I'm not really sure linux uses IP Tables for its Denial of Service security as far as i am aware i focus on windows only, But browsing the sourceforge site there are allot of freeware firewalls for linux.

http://sourceforge.net/directory/os:...linux+firewall

You will just have to browse and test and see what they all say.

You could even try GitHub see what there community offers instead.

[Mike_BoG]

I doubt anything in this thread will help against a real large scale DDoS. Sure, it might help against a couple of skids, but not anything more.

Anyhow, for Linux you can use DDoS-Deflate, a small script you install which runs in a cronjob every minute. Basically what it does is check the output of a command, the command will show a list over IP's with their connection count, if the connection count is over the set threshold it will block the IP using iptables or apf and will send you an email with the IP's it blocked.

As said, this will only help against small/medium sized DoS attacks, not a real DDoS. If the attack is larger than your connection it does not matter what you do on the server, if your pipe is flooded there isn't much you can do except a nullroute or if the GSP can block the offending IP's in their border routers (/other routers which exists in their network).

http://deflate.medialayer.com/

[NinjaSK]

Alright guys, thanks for the explanation, much appreciated

[C0nw0nk]

Quote:

Originally Posted by Mike_BoG I doubt anything in this thread will help against a real large scale DDoS. Sure, it might help against a couple of skids, but not anything more. Anyhow, for Linux you can use DDoS-Deflate, a small script you install which runs in a cronjob every minute. Basically what it does is check the output of a command, the command will show a list over IP's with their connection count, if the connection count is over the set threshold it will block the IP using iptables or apf and will send you an email with the IP's it blocked. As said, this will only help against small/medium sized DoS attacks, not a real DDoS. If the attack is larger than your connection it does not matter what you do on the server, if your pipe is flooded there isn't much you can do except a nullroute or if the GSP can block the offending IP's in their border routers (/other routers which exists in their network). http://deflate.medialayer.com/

Well said, It should be obvious to everyone if most game servers have a 100mbps connection they could fend of an attack of the same speed but if from multiple IP's and probably about 1GBPS you would not stand a chance best of getting a decent router or joining a good data center.

Anyway the Anti-DDoS tools i posted will help allot if the attack is only small but utilizes the same connection speed.