1. Post #41
    Gold Member
    Hailedbean's Avatar
    October 2010
    695 Posts
    SOPA will stop DDoS! +1 SOPA !!!

    Its a conspiracy! Wikipedia and all the other sites that closed are seths otsher servers.

    VOTE FOR SOAP WOO!
    Most of my posts are dumb, but this one tops it.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 7Agree Agree x 2Disagree Disagree x 1 (list)

  2. Post #42
    Hello, my name is Penis. Please refer to me as such. I'm totally cool with it.
    SPESSMEHREN's Avatar
    November 2009
    4,697 Posts
    That's the stupidest thing I've read in 2012.
    No, the stupidest thing I've read in 2012 is about 99% of the posts in DevNull threads.

    At least I'm brainstorming instead of going around in endless circles
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 4Dumb Dumb x 4 (list)

  3. Post #43
    Holy shit, I used to play PG all the time.
    And now it's gone because of retarded fucking asshole 10 year olds.
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Agree Agree x 1 (list)

  4. Post #44
    DefaultText.ini
    Charrax's Avatar
    February 2011
    1,342 Posts
    Most of my posts are dumb, but this one tops it.
    Cant understand sarcasm i guess.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 2 (list)

  5. Post #45
    SammySung's Avatar
    January 2010
    451 Posts
    Holy shit, I used to play PG all the time.
    And now it's gone because of retarded fucking asshole 10 year olds.
    Things like this will either make or break online gaming.
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Agree Agree x 1 (list)

  6. Post #46
    Raged's Avatar
    December 2007
    282 Posts
    wow stan u ruined my life i want to play gmod and 10 year olds ddos my server wtf
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Funny Funny x 8Agree Agree x 1Winner Winner x 1 (list)

  7. Post #47
    Chrik's Avatar
    November 2008
    223 Posts
    Is there any progress on this? Cause i would like to be able to play GMOD again without constantly ddos. It ruins the fun really.
    Reply With Quote Edit / Delete Reply Windows Vista Denmark Show Events Agree Agree x 2Dumb Dumb x 1 (list)

  8. Post #48
    frosty802's Avatar
    April 2009
    445 Posts
    I have a question, does the DevNull program send the packets to a specific port (say 27015) or is it just which ever port it feels like it or what?

  9. Post #49
    "The superior man understands what is right; the inferior man understands what will sell"
    Chessnut's Avatar
    August 2011
    3,507 Posts
    Which ever port, that is why it could also be used to attack websites.

  10. Post #50
    frosty802's Avatar
    April 2009
    445 Posts
    Which ever port, that is why it could also be used to attack websites.
    I guess then you can specify which port it attacks?
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 3 (list)

  11. Post #51
    Chrik's Avatar
    November 2008
    223 Posts
    I guess then you can specify which port it attacks?
    Why do you want to know?
    Reply With Quote Edit / Delete Reply Windows Vista Denmark Show Events Dumb Dumb x 7 (list)

  12. Post #52
    JamieH is a retarded bitch <3
    Pantho's Avatar
    July 2008
    2,191 Posts
    I guess then you can specify which port it attacks?
    Yes, you can specify which port it attacks.

  13. Post #53
    frosty802's Avatar
    April 2009
    445 Posts
    Why do you want to know?
    Just want to know if I can do some port blocking or detection or w/e.

    Seeing as you can just makes it harder. Stateful Packet Inspection consumes time and resource but in this case might have to be used to detect the packets and drop them.

    Can someone PM me or post the contents of the packets it sends? Including packet headers. Thanks.

  14. Post #54
    Gold Member
    hexpunK's Avatar
    August 2008
    15,314 Posts
    Just want to know if I can do some port blocking or detection or w/e.

    Seeing as you can just makes it harder. Stateful Packet Inspection consumes time and resource but in this case might have to be used to detect the packets and drop them.

    Can someone PM me or post the contents of the packets it sends? Including packet headers. Thanks.
    The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 1 (list)

  15. Post #55
    frosty802's Avatar
    April 2009
    445 Posts
    The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.
    I do know you know lol. But I was just asking as it would be useful to tell the System Admin at the DC were I work to add some rules for it to the main firewalls. Therefore anyone that does have a gameserver inside will hopefully be protected against the main cause.
    Reply With Quote Edit / Delete Reply Windows Vista United Kingdom Show Events Winner Winner x 1 (list)

  16. Post #56
    SammySung's Avatar
    January 2010
    451 Posts
    The only problem with using SPI to stop an attack like this, is that you need a line that can handle the incredible about of bandwidth that these attacks chew up. Using SPI is not going to help if there is so much traffic flowing through it in the first place that it can't keep up.

    I think you'll find most of the time its the quantity of packets being sent not the size that does it.
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Agree Agree x 1 (list)

  17. Post #57
    Ruzza's Avatar
    December 2011
    1,137 Posts

  18. Post #58
    metromod.net
    _Chewgum's Avatar
    April 2010
    2,216 Posts
    does that work for srcds

    i don't think it blocks 'statusResponse' stuff, only getStatus stuff

  19. Post #59
    Gold Member
    slayer3032's Avatar
    November 2007
    3,447 Posts
    I found your DDoS problem so I made an illustration to help you.

    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 5Agree Agree x 4 (list)

  20. Post #60
    Ruzza's Avatar
    December 2011
    1,137 Posts
    I found your DDoS problem so I made an illustration to help you.

    I was referring to the type of the attack, not what OS I'm running.

  21. Post #61
    My Blog
    Spencer Sharkey's Avatar
    July 2009
    1,945 Posts
    It's a 200megabit attack, obviously.
    A reflected denial of service attack from quake/cod servers.

    Wait it out.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 1 (list)

  22. Post #62
    Gold Member
    Neo Kabuto's Avatar
    November 2008
    5,641 Posts
    We should figure out a way to spread the word about this fix. If a large portion of the old CoD/Quake3 servers stop being vulnerable to this, the attacks will have much less strength.

  23. Post #63
    SammySung's Avatar
    January 2010
    451 Posts
    We should figure out a way to spread the word about this fix. If a large portion of the old CoD/Quake3 servers stop being vulnerable to this, the attacks will have much less strength.
    Key word; IF.
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Agree Agree x 2 (list)

  24. Post #64
    Gold Member
    slayer3032's Avatar
    November 2007
    3,447 Posts
    It's a 200megabit attack, obviously.
    A reflected denial of service attack from quake/cod servers.

    Wait it out.
    Code:
    iptables -A INPUT -match --string "statusResponse" -j DROP
    The problem is he doesn't and can't have a firewall, not being able to filter a 200mbps attack when having a 1gbps line is just as useless as having a 100mbps line.

  25. Post #65
    SammySung's Avatar
    January 2010
    451 Posts
    Code:
    iptables -A INPUT -match --string "statusResponse" -j DROP
    The problem is he doesn't and can't have a firewall, not being able to filter a 200mbps attack when having a 1gbps line is just as useless as having a 100mbps line.
    IPtables are for linux..
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Dumb Dumb x 4 (list)

  26. Post #66
    Gold Member
    thejjokerr's Avatar
    December 2007
    2,093 Posts
    IPtables are for linux..
    Thus why he pointed out his problem was that the victim uses Windows.
    Reply With Quote Edit / Delete Reply Windows 7 Netherlands Show Events Agree Agree x 1 (list)

  27. Post #67
    We Are No Idiots
    Aide's Avatar
    March 2010
    4,646 Posts
    Ill just leave this here.

    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 1 (list)

  28. Post #68
    SammySung's Avatar
    January 2010
    451 Posts
    Thus why he pointed out his problem was that the victim uses Windows.
    There's no point posting a fix for linux when the majority of servers affected are windows based.
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Agree Agree x 1 (list)

  29. Post #69
    JamieH is a retarded bitch <3
    Pantho's Avatar
    July 2008
    2,191 Posts
    Thus why he pointed out his problem was that the victim uses Windows.
    He meant for CoD4 hosts, not gmod hosts.

    Thus why he pointed out his problem was that the victim uses Windows.
    Yes, but Gmod is so completely damn useless on Linux. And anyone arguing otherwise has never tried to run a popular server on linux, having 2-3 weeks downtime when garry forgets to test the linux libs is not fun...
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 3Dumb Dumb x 2Informative Informative x 1 (list)

  30. Post #70
    metromod.net
    _Chewgum's Avatar
    April 2010
    2,216 Posts
    There's no point posting a fix for linux when the majority of servers affected are windows based.
    you should monitor wireshark and check what the source ports say and block the range of the most used ones, using a firewall like http://www.ntkernel.com/w&p.php?id=18 is nice because you can see how many packets it blocks. works kinda good on windows and keeps the server available

  31. Post #71
    JamieH is a retarded bitch <3
    Pantho's Avatar
    July 2008
    2,191 Posts
    you should monitor wireshark and check what the source ports say and block the range of the most used ones, using a firewall like http://www.ntkernel.com/w&p.php?id=18 is nice because you can see how many packets it blocks. works kinda good on windows and keeps the server available
    This does work, however you can just use the firewall in W2008 R2. It works just fine. I have a comprehensive port list to stop the majority of power behind DevNull. However if you do it software based and the guys pissed off enough at you he will just switch the attack type.

    Did someone say it was called 'DevNull Special' or some shit? Anyway, the upgraded hit is too big for a 1Gb port to handle.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Informative Informative x 1Agree Agree x 1 (list)

  32. Post #72
    Sorry for the necromancy but may you upload the list again?
    Reply With Quote Edit / Delete Reply Windows 7 Netherlands Show Events Dumb Dumb x 1 (list)

  33. Post #73
    Combine911's Avatar
    November 2009
    30 Posts
    Devnull was made by stan and thus you are able to pay stan to put you on the speical "list" so you aren't DDos any more.
    Reply With Quote Edit / Delete Reply Windows XP United Kingdom Show Events Dumb Dumb x 6 (list)

  34. Post #74
    DefaultText.ini
    Charrax's Avatar
    February 2011
    1,342 Posts
    Devnull was made by stan and thus you are able to pay stan to put you on the speical "list" so you aren't DDos any more.
    Welcome to ban. But in actual response that list mentioned by aftokinito would be great...

  35. Post #75
    JamieH is a retarded bitch <3
    Pantho's Avatar
    July 2008
    2,191 Posts
    Devnull was made by stan and thus you are able to pay stan to put you on the speical "list" so you aren't DDos any more.
    Screw that...

    If you've access to a hardware firewall Charrax/Aftokinito send me a PM and I can provide you with some common port setups to block the majority of devnulls power.

    Don't PM me asking for non hardware solutions as I cba this week :)

  36. Post #76
    Gold Member
    Kill coDer's Avatar
    April 2006
    956 Posts
    Devnull was made by stan and thus you are able to pay stan to put you on the speical "list" so you aren't DDos any more.
    Well that's fucking stupid... Another GSP in our datacenter did that, didn't stop devnull attacking other servers in the same rack as them, causing them to go down too..

  37. Post #77
    Resident Raccoon
    kaze4159's Avatar
    January 2008
    8,897 Posts
    Devnull was made by stan and thus you are able to pay stan to put you on the speical "list" so you aren't DDos any more.
    Aww look, he thinks he's the eMafia
    Reply With Quote Edit / Delete Reply Windows Vista Australia Show Events Agree Agree x 1 (list)

  38. Post #78
    Combine911's Avatar
    November 2009
    30 Posts
    I don't support Stan at all, When I was at IG we had the same problem and had to pay Stan $200 for it to stop.

    I was just suggesting a last chiose.
    Reply With Quote Edit / Delete Reply Windows XP United Kingdom Show Events Dumb Dumb x 3 (list)

  39. Post #79
    Gold Member
    Dorkslayz's Avatar
    September 2009
    1,666 Posts
    There's no real definate fix for DevNull, You can block a majority of traffic by blocking the COD4/Quake ports but that would have to be done at a high enough network level where the pipe can handle it, it would be very costly to do it as a server level.

    To totally protect yourself you would need to get a Dedicated Firewall and At least a 5Gbps pipe.

  40. Post #80
    metromod.net
    _Chewgum's Avatar
    April 2010
    2,216 Posts
    I don't support Stan at all, When I was at IG we had the same problem and had to pay Stan $200 for it to stop.

    I was just suggesting a last chiose.
    what is 'IG'?