Hey everyone I have a huge problem:
My port 27960 and 27962 (for my ET servers) are under attack or something.
It causes my router to shutdown every now and then and my connection to reset because it overloads.
I attached my logfile, as you can see by the timestamps on the left, this is HUGE.
I already closed the ports on my router, but is there anything I can do to make it stop?
hrm ok this might sound little bit odd but games runs on UDP protocol. Assuming u are running server on those ports, there are bound to be UDP packets.
Is there something I am not seeing ? I don’t see whats wrong from your attached log.
My W:ET servers are offline for about a year already
also, the incoming port sometimes is from :80, and no way people would connect in this matter,
there are over 200 connections in 0.5 second. And about 2000 connections in 5 seconds.
2 IP’s connecting from there webserver or something.
You can just block this IP.
Line 1990: 64.191.114.135:80 to 88.159.160.153:27960
Line 1994: 77.163.219.46:80 to 88.159.160.153:27960
Now, rest looks weird.
Website: http://www.dpgclan.com/forum/
From there forums: http://img228.imageshack.us/img228/2764/firstddos.jpg
Most of the other attacks come from port 27005 and 27015 which are mostly related to DDoS attacks on CS servers or so.
Contact there ISP with your firewall log. DDoS attacks are taken seriously. I know for sure about Comcast. If you are involved in DDoS attacks, they shut down your Internet.
I contacted my ISP and they said it’s my own fault because my IP is well known on the internet when they googled it.
Seriously :s thats the ***ing reason I bought a static IP!
If this doesn’t stop quite soon I am calling them once more to cancel my account.
I mean, shouldn’'t an ISP help it’s customers against a botnet attack? :s
There’s not much your ISP can do about other users from other countries hammering your IP and ports (not really sure what you think they can do?). If you’re not running servers anymore, change your IP.
I believe it is a botnet attack since to me it sounds inhuman that someone can make 200 connections in 0.5 second, switching between 27960 and 27962 lightning fast.
I would have expected my ISP to block these ip’s.
They also refuse to change my IP for me and advise me to “delete my IP from the websites google shows”.
Like yea, sure :rolleyes:
[QUOTE=Crytiqal;281697]What is Homeland Security?
EDIT:
Lol you serious about this? :D[/QUOTE]
absolutely
The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. This requires the dedication of more than 230,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility inspector. Our duties are wide-ranging, but our goal is clear - keeping America safe.
Go go go! What are you waiting for?
Sadly, I am not an american resident…
Or do you think they might save the world too?
Your ISP are being dicks, if they won’t change your IP then i’d just leave. Regardless of what you use your IP for, it’s not your fault it’s being attacked.
[QUOTE=Crytiqal;282276]Sadly, I am not an american resident…
Or do you think they might save the world too?[/QUOTE]
Contact the ISP from where attack is coming from.
So if attacker IP is from US, contact his ISP. If there IP is coming from some web hosting company or so, send them abuse email.
I am not sure about laws for other country but what I noticed is in US and Germany they are pretty strict.
DDoS attacks are considered terroristic by most western nations, there are proper government agencies to deal with it, stupid little kids are easy to catch and gives the agency a score (keeps the budget up)
You should check if this are ddos attacks or the getstatus requests exploit, in the last 3 days i got more then 30 different ips requesting like 200 getstatus per second in the ports 27960 / 27961 causing my server without nobody playing the connection going to send like 11 mega bites per second. If you want to read more about that: http://www.wolffiles.de/index.php?forum-showposts-20 and http://www.wolffiles.de/index.php?forum-showposts-44
Maybe it helps you.
Thanks for the help and suggestions so far guys, appreciate it.
I already shut down my servers but the requests keep coming in which causes high latency peaks and my connections drops out.
If my ISP still hasn’t resolved this (or it isn’t resolved by itself) in about a week I give them a call again demanding an IP switch or to cancel my account I guess.
