Raised This Month: $93 Target: $400
 23% 

Block ddos steam Fail2Ban


Post New Thread Reply   
 
Thread Tools Display Modes
stevenlafl
Member
Join Date: Apr 2005
Location: Florida, USA
Old 09-30-2010 , 13:58   Re: Block ddos steam Fail2Ban
Reply With Quote #21

I can't imagine this working. More professional DDoS attacks rely on sending the maximum amount of data on random UDP ports per packet. The idea is to overload the router with data. In this manner, there is no possible way to, with software, block a DDoS attack.

Mainly, underage script kiddies rely on ICMP packet flooding (Ping protocol) with a copious amount of ping.exe files running. The end result would the be the same (overloading the router) if the attacker's connection was strong enough to send that many packets. However, most likely it isn't, and results in lag instead of an actual denial of service.
Edit: More recently, kids have been buying $10 VPS accounts and using them to run packet flooding scripts.

In conclusion, your router would be overloaded before the packets had a chance to reach your server. Typically, this is what can bring down a network of datacenter servers that were attached to a single router. It is for this reason that DDoS attacks must be prevented at the hardware level, and this is actually done by some datacenters, which actually advertise their "DDoS protection." I have purchased one of those servers, and I have to say that it protected me from an attack that used hundreds of bots (each with at LEAST 10 mb/s)
__________________
Hippopotomonstrosesquippedaliophobia

Last edited by stevenlafl; 09-30-2010 at 14:06.
stevenlafl is offline
Send a message via AIM to stevenlafl
berni
SourceMod Plugin Approver
Join Date: May 2007
Location: Austria
Old 09-30-2010 , 16:38   Re: Block ddos steam Fail2Ban
Reply With Quote #22

You guys should first know the difference between DoS and DDoS Attacks.

DDoS != DoS.

And I think we are talking about DoS attacks here, which can be blocked by filters. DDoS can't be blocked by the system, if anything can block DDoS attacks then it would be load balancers...
__________________
Why reinvent the wheel ? Download smlib with over 350 useful functions.

When people ask me "Plz" just because it's shorter than "Please" I feel perfectly justified to answer "No" because it's shorter than "Yes"
powered by Core i7 3770k | 32GB DDR3 1886Mhz | 2x Vertex4 SSD Raid0
berni is offline
stevenlafl
Member
Join Date: Apr 2005
Location: Florida, USA
Old 09-30-2010 , 23:17   Re: Block ddos steam Fail2Ban
Reply With Quote #23

Quote:
Originally Posted by berni View Post
You guys should first know the difference between DoS and DDoS Attacks.

DDoS != DoS.

And I think we are talking about DoS attacks here, which can be blocked by filters. DDoS can't be blocked by the system, if anything can block DDoS attacks then it would be load balancers...
This is exactly what I was trying to point out. This man has the correct idea, guys. You should listen to him.
__________________
Hippopotomonstrosesquippedaliophobia
stevenlafl is offline
Send a message via AIM to stevenlafl
loraliromance
Senior Member
Join Date: Apr 2009
Old 10-04-2010 , 10:50   Re: Block ddos steam Fail2Ban
Reply With Quote #24

Steven, I'm pretty sure I know what it is. I've had it done to me before on my home connection.


>:/

I may not know everything about it, but I know the symptoms. So if this won't work for DDoS then I should look somewhere else.

Last edited by loraliromance; 10-04-2010 at 10:54.
loraliromance is offline
Mavrick4283
Veteran Member
Join Date: Apr 2010
Old 10-04-2010 , 13:03   Re: Block ddos steam Fail2Ban
Reply With Quote #25

Quote:
Originally Posted by loraliromance View Post
Steven, I'm pretty sure I know what it is. I've had it done to me before on my home connection.


>:/

I may not know everything about it, but I know the symptoms. So if this won't work for DDoS then I should look somewhere else.
Wow you should rely read the ONLY way to slow a true DDoS is have load balancing. But good thing most people who DDoS game servers are script kiddies and use SyN floods so you should just use iptables on the input chain to drop not reject all SyN/ICPM packets just google it also you can set iptables to stop people from flooding you udp ports. Between thoes two things you should slow down or even stop weak DDoS attacks. Do not think this is a 100% fix for DDoS attacks......
__________________
Mavrick4283 is offline
loraliromance
Senior Member
Join Date: Apr 2009
Old 10-04-2010 , 18:54   Re: Block ddos steam Fail2Ban
Reply With Quote #26

You should read, I never said I could stop it I just said i'd have to look somewhere else to try and fix the issue. It's a bit hard when the guy that did it to me keeps trying to find my new server. So i'm paranoid. Also, I know how the whole script things goes it's not like their aren't a gazillion people that are silly on hl1 mods spamming them to death
loraliromance is offline
Knight Vision Systems
New Member
Join Date: Mar 2011
Old 03-21-2011 , 22:13   Re: Block ddos steam Fail2Ban
Reply With Quote #27

Group,

I'm trying to understand 1) how to implement this, 2) how this works.

In the IP Tables rules, the following is presented,

Code:
iptables -A INPUT -i eth0 -p udp --dport your_port -m length --length 28 -j REJECT_FLOOD28
Does the "your_port" part mean, the ports which my game servers are on? For example, 27015, 27016, etc?

Also, what part does the fail2ban program play in the equation?

Much thanks in advance!
Knight
Knight Vision Systems
http://www.knightvisionsystems.com
Knight Vision Systems is offline
Ubunter
New Member
Join Date: Nov 2013
Old 11-17-2013 , 13:35   Re: Block ddos steam Fail2Ban
Reply With Quote #28

Quote:
Originally Posted by Knight Vision Systems View Post
Group,

Code:
iptables -A INPUT -i eth0 -p udp --dport your_port -m length --length 28 -j REJECT_FLOOD28
Does the "your_port" part mean, the ports which my game servers are on? For example, 27015, 27016, etc?
Hi, sorry for late intervention, i just was googling, and arrived here...

Yes, here is to monitorize the port, but I have removed the port, to monitorize all, even, in my server I have just 5060, and 443 open... But I did:

Quote:
iptables -A INPUT -i eth0 -p udp -m length --length 28 -j
But I have a question:

In the jail conf, I'm missing the action, dose the action should be to deliver back to the iptables?? I have did:

Quote:
[ddos]
enabled = true
#port = 27015,27025,27050,28000,29000 ## I comminted out the port, to monitor all ports!
protocol = udp
filter = ddos
logpath = /var/log/messages
maxretry = 2
bantime = 60000
action = iptables[name=ddos-404-SLT] ## Dose this action here is correct??
Thank you in advance!
Ubunter is offline
DJEarthQuake
Senior Member
Join Date: Jan 2014
Location: Midwest
Old 07-15-2019 , 17:03   Re: Block ddos steam Fail2Ban
Reply With Quote #29

Quote:
Originally Posted by cmer View Post
opens the file /etc/fail2ban/jail.conf and we add
Quote:
Originally Posted by Fuck For Fun View Post
What the fuck did I see here now?

Bad idea. Upgrades overwrite jail.conf.

Quote:
9 # HOW TO ACTIVATE JAILS:
10 #
11 # YOU SHOULD NOT MODIFY THIS FILE.
12 #
13 # It will probably be overwritten or improved in a distribution update.
14 #
15 # Provide customizations in a jail.local file or a jail.d/customisation.local.
According to this article https://gamebanana.com/threads/128192
cstrike-planet.com disappeared 11 years ago. [counter-strike] has been default in fail2ban years before this thread was written.

I see IP rules threads to offloading module threads while we have had one all along with fail2ban preconfigured. The logpath is out of date and needs to point to /var/log/messages in most instances.

Code:
/etc/fail2ban/jail.conf [counter-strike] logpath = /opt/cstrike/logs/L[0-9]*.log # Firewall: <a href="http://www.cstrike-planet.com/faq/6" target="_blank" rel="nofollow noopener">http://www.cstrike-planet.com/faq/6</a> tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039 udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]            %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
__________________
"It's not the actual programming that's interesting. But it's what you can accomplish with the end results that are important." -Dennis Ritchie
"Mathematics, rightly viewed, possesses not only truth, but supreme beauty a beauty cold and austere, like that of sculpture..." -Bertrand Russell
DJEarthQuake is online now
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:03.


Powered by vBulletin®
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Theme made by Freecode