[Discussion/Theory]About the recent DDOS attacks

Page 6 of 19 « First 45 6 7816 Last »
07/07/2012 16:50 HaGsTeR?#76
Quote:
Originally Posted by pH33n1x<3 View Post
By the way, if only those IPs are attacking, is it possible to solve that by blocking these IPs in Windows Firewall?

16:33:19 An incoming packet(Allowed) Protocol: UDP, Source port: 138, Destination port: 138
.Š... EDEEEFFGDCCACACACACACACACACACACA. FHEPFCELEHFCEPFFFACACACACACACABN.SMB%............ .................&.................&.V......7.\MA ILSLOT\BROWSE..€
.CDEV2.............Ucdev2.
If im not mistaken, first purposes of these attack methods was to actually bring down / crash the firewalls for hackers
Not just put the host offline
07/07/2012 19:36 pH33n1x<3#77
[Only registered and activated users can see links. Click Here To Register...]

Deny IP List generated at 2012:07:07 19:40:30.

NO. Source IP Event Dest IP Protocol Dest Port Occur Time
0 213.40.110.1 SCON SERVER IP TCP 139 2012-7-7 19:22:34
1 110.179.151.5 SCON SERVER IP TCP 139 2012-7-7 19:23:34
2 95.49.248.10 SCON SERVER IP TCP 139 2012-7-7 19:26:4
3 161.235.85.12 SCON SERVER IP TCP 139 2012-7-7 19:26:9
4 81.102.182.21 SCON SERVER IP TCP 139 2012-7-7 19:31:12
5 223.38.194.21 SCON SERVER IP TCP 139 2012-7-7 19:23:37
6 39.113.168.25 SCON SERVER IP TCP 139 2012-7-7 19:31:30
7 35.204.27.28 SCON SERVER IP TCP 139 2012-7-7 19:29:14
8 71.160.4.33 SCON SERVER IP TCP 139 2012-7-7 19:25:2
9 212.123.149.35 SCON SERVER IP TCP 6969 2012-7-7 19:23:48
10 40.190.146.42 SCON SERVER IP TCP 139 2012-7-7 19:33:59
11 205.242.3.49 FCON server ip TCP 139 2012-7-7 19:25:21
12 146.131.112.53 SCON SERVER IP TCP 139 2012-7-7 19:23:36
13 80.49.145.53 SCON SERVER IP TCP 139 2012-7-7 19:36:46
14 197.8.159.53 SCON SERVER IP TCP 139 2012-7-7 19:38:29
15 221.76.165.62 SCON SERVER IP TCP 139 2012-7-7 19:36:49
16 221.73.210.64 SCON SERVER IP TCP 139 2012-7-7 19:26:39
17 222.63.211.64 SCON SERVER IP TCP 139 2012-7-7 19:28:31
18 173.61.15.65 FLD SERVER IP ICMP 139 2012-7-7 19:33:26
19 82.221.38.67 SCON SERVER IP TCP 139 2012-7-7 19:22:35
20 216.85.78.69 SCON SERVER IP TCP 139 2012-7-7 19:23:54
21 4.76.188.70 SCON SERVER IP TCP 139 2012-7-7 19:22:40
22 132.189.241.70 SCON SERVER IP TCP 139 2012-7-7 19:23:25
23 155.223.38.71 SCON SERVER IP TCP 139 2012-7-7 19:23:25
24 14.18.47.72 SCON SERVER IP TCP 139 2012-7-7 19:23:19
25 35.29.49.72 SCON SERVER IP TCP 139 2012-7-7 19:22:47
26 209.19.51.72 SCON SERVER IP TCP 139 2012-7-7 19:22:32
27 115.16.53.72 SCON SERVER IP TCP 139 2012-7-7 19:22:33
28 95.23.54.72 SCON SERVER IP TCP 139 2012-7-7 19:22:30
29 186.16.70.72 SCON SERVER IP TCP 139 2012-7-7 19:23:32
30 223.65.88.73 SCON SERVER IP TCP 139 2012-7-7 19:22:43
31 199.3.12.78 SCON SERVER IP TCP 139 2012-7-7 19:22:36
32 178.43.195.82 SCON SERVER IP TCP 80 2012-7-7 19:22:47
33 115.169.8.84 SCON SERVER IP TCP 139 2012-7-7 19:32:33
34 203.103.213.84 FLD 93.104.213.255 UDP 139 2012-7-7 19:21:59
35 202.126.238.84 SCON SERVER IP TCP 139 2012-7-7 19:29:5
36 94.132.178.90 FCON SERVER IP TCP 6969 2012-7-7 19:29:33
37 84.105.124.91 SCON SERVER IP TCP 139 2012-7-7 19:33:12
38 39.125.178.91 SCON SERVER IP TCP 139 2012-7-7 19:26:32
39 134.207.173.92 SCON SERVER IP TCP 139 2012-7-7 19:23:45
40 119.245.236.95 SCON SERVER IP TCP 139 2012-7-7 19:22:38
41 212.236.237.95 SCON SERVER IP TCP 139 2012-7-7 19:23:33
42 158.140.34.99 FCON SERVER IP TCP 139 2012-7-7 19:40:12
43 208.96.147.99 SCON SERVER IP TCP 139 2012-7-7 19:22:46
44 141.36.180.99 SCON SERVER IP TCP 139 2012-7-7 19:22:44
45 129.109.147.100 SCON SERVER IP TCP 139 2012-7-7 19:22:43
46 155.104.147.101 SCON SERVER IP TCP 139 2012-7-7 19:23:23
47 75.100.147.102 SCON SERVER IP TCP 139 2012-7-7 19:22:48
48 173.187.159.102 SCON SERVER IP TCP 139 2012-7-7 19:25:4
49 89.72.93.105 SCON SERVER IP TCP 139 2012-7-7 19:32:27
50 121.109.147.105 SCON SERVER IP TCP 139 2012-7-7 19:22:42
51 17.254.93.106 SCON SERVER IP TCP 139 2012-7-7 19:30:6
52 4.102.147.106 SCON SERVER IP TCP 139 2012-7-7 19:22:38
53 146.115.33.110 SCON SERVER IP TCP 139 2012-7-7 19:22:40
54 187.122.180.110 SCON SERVER IP TCP 139 2012-7-7 19:23:56
55 186.253.178.111 SCON SERVER IP TCP 139 2012-7-7 19:26:10
56 33.113.250.115 FCON SERVER IP TCP 139 2012-7-7 19:36:52
57 70.107.16.117 SCON SERVER IP TCP 139 2012-7-7 19:23:41
58 202.78.249.118 SCON SERVER IP TCP 139 2012-7-7 19:32:57
59 72.111.218.125 SCON SERVER IP TCP 139 2012-7-7 19:25:17
60 113.253.239.142 FLD SERVER IP ICMP 20515 2012-7-7 19:32:27
61 106.51.10.169 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
62 106.51.10.172 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
63 106.51.10.173 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
64 167.68.122.177 FLD SERVER IP UDP 33438 2012-7-7 19:39:2
65 85.115.128.177 FLD SERVER IP UDP 33437 2012-7-7 19:30:37
66 106.51.4.204 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
67 106.51.9.204 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
68 106.51.9.232 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
69 106.51.9.238 FLD SERVER IP ICMP 35172 2012-7-7 19:33:26
07/07/2012 19:40 Nezekan#78
Quote:
Originally Posted by pH33n1x<3 View Post
[Only registered and activated users can see links. Click Here To Register...]
That's a software based protection program, it will not really help anything since it uses the server's resources, besides it is behind the NIC so your server is still vulnerable, even if it managed to filter all the traffic.
07/07/2012 19:46 pH33n1x<3#79
Quote:
Originally Posted by Nezekan View Post
That's a software based protection program, it will not really help anything since it uses the server's resources, besides it is behind the NIC so your server is still vulnerable, even if it managed to filter all the traffic.
it seems to be an icmp and tcp flood. any way to filter this?
check my post above, added logs
07/07/2012 19:49 Nezekan#80
Quote:
Originally Posted by pH33n1x<3 View Post
it seems to be an icmp and tcp flood. any way to filter this?
check my post above, added logs
icmp is easy to fix, just don't accept ping requests, or atleast limit them. There is not much you can do about tcp flood, it also depends what kind of attack it is. I also wonder why you have port 139 open


If I were you, I would hire a real systems administrator, and try to get a DDoS mitigation proxy somewhere
07/07/2012 19:53 pH33n1x<3#81
Quote:
Originally Posted by Nezekan View Post
icmp is easy to fix, just don't accept ping requests, or atleast limit them. There is not much you can do about tcp flood, it also depends what kind of attack it is. I also wonder why you have port 139 open


If I were you, I would hire a real systems administrator, and try to get a DDoS mitigation proxy somewhere
TCP 139 is not open. o.o

also, im just helping a server, so it's not up to me to hire an administrator ^^

NOSource IPEventDest IPProtocolDest PortOccur Time
060.43.110.1SCONSERVER IPTCP1392012-7-7 19:22:34
2118.76.134.7SCONSERVER IPTCP1392012-7-7 19:59:12
3167.197.90.11SCONSERVER IPTCP1392012-7-7 19:53:3
437.226.85.12SCONSERVER IPTCP1392012-7-7 19:26:9
546.133.127.20SCONSERVER IPTCP1392012-7-7 19:40:47
62.127.181.20FLDSERVER IPICMP1392012-7-7 19:52:17
7119.38.194.21SCONSERVER IPTCP1392012-7-7 19:23:37
9198.116.149.35SCONSERVER IPTCP1392012-7-7 19:23:48
10134.28.252.37FLDSERVER IPICMP1392012-7-7 19:52:4
12218.139.112.53SCONSERVER IPTCP1392012-7-7 19:23:36
13128.55.145.53SCONSERVER IPTCP1392012-7-7 19:36:46
144.7.159.53 SCONSERVER IPTCP1392012-7-7 19:38:29
15214.77.165.62SCONSERVER IPTCP1392012-7-7 19:36:49
16216.66.210.64SCONSERVER IPTCP1392012-7-7 19:26:39
17197.61.211.64SCONSERVER IPTCP1392012-7-7 19:28:31
18131.62.15.65FLDSERVER IPICMP1392012-7-7 19:33:26
192.215.38.67SCONSERVER IPTCP1392012-7-7 19:22:35
2035.83.78.69SCONSERVER IPTCP1392012-7-7 19:23:54
21200.74.188.70SCONSERVER IPTCP1392012-7-7 19:22:40
22144.182.241.70SCONSERVER IPTCP1392012-7-7 19:23:25
2361.225.1.71SCONSERVER IPTCP1392012-7-7 19:52:11
24196.220.38.71SCONSERVER IPTCP1392012-7-7 19:23:25
25216.86.248.71SCONSERVER IPTCP1392012-7-7 19:46:15
26142.27.47.72SCONSERVER IPTCP1392012-7-7 19:23:19
2783.28.49.72SCONSERVER IPTCP1392012-7-7 19:22:47
28196.20.51.72SCONSERVER IPTCP1392012-7-7 19:22:32
29200.31.53.72SCONSERVER IPTCP1392012-7-7 19:22:33
3086.24.54.72SCONSERVER IPTCP1392012-7-7 19:22:30
31198.31.70.72SCONSERVER IPTCP1392012-7-7 19:23:32
3269.77.88.73SCONSERVER IPTCP1392012-7-7 19:22:43
33131.9.12.78SCONSERVER IPTCP1392012-7-7 19:22:36
36112.95.227.84SCONSERVER IPTCP1392012-7-7 19:51:0
3714.118.238.84SCONSERVER IPTCP1392012-7-7 19:29:5
39178.238.237.95SCONSERVER IPTCP1392012-7-7 19:23:33
40192.132.34.99FCONSERVER IPTCP1392012-7-7 19:40:12
4161.111.147.99SCONSERVER IPTCP1392012-7-7 19:22:46
4261.40.180.99SCONSERVER IPTCP1392012-7-7 19:22:44
4383.106.147.100SCONSERVER IPTCP1392012-7-7 19:22:43
44206.90.148.100SCONSERVER IPTCP1392012-7-7 19:44:58
4580.99.147.101SCONSERVER IPTCP1392012-7-7 19:23:23
46125.105.147.102SCONSERVER IPTCP1392012-7-7 19:22:48
47111.100.158.102SCONSERVER IPTCP1392012-7-7 19:52:44
4874.180.159.102SCONSERVER IPTCP1392012-7-7 19:25:4
49140.107.147.105SCONSERVER IPTCP1392012-7-7 19:22:42
50205.247.93.106SCONSERVER IPTCP1392012-7-7 19:30:6
51114.105.147.106SCONSERVER IPTCP1392012-7-7 19:22:38
5298.114.33.110SCONSERVER IPTCP1392012-7-7 19:22:40
54204.118.180.110SCONSERVER IPTCP1392012-7-7 19:23:56
55166.250.178.111SCONSERVER IPTCP1392012-7-7 19:26:10
56202.158.207.138FLDSERVER IPICMP625642012-7-7 19:43:27
57113.253.239.142FLDSERVER IPICMP205152012-7-7 19:32:27
58106.51.10.169FLDSERVER IPICMP351722012-7-7 19:33:26
59106.51.10.172FLDSERVER IPICMP351722012-7-7 19:33:26
60106.51.10.173FLDSERVER IPICMP351722012-7-7 19:33:26
61106.51.4.204FLDSERVER IPICMP351722012-7-7 19:33:26
62106.51.9.204FLDSERVER IPICMP351722012-7-7 19:33:26
63106.51.9.232FLDSERVER IPICMP351722012-7-7 19:33:26
64106.51.9.238FLDSERVER IPICMP351722012-7-7 19:33:26
07/07/2012 21:43 Schickl#82
Port 139 is used by NetBIOS
Turn it off
A single server really doesn't need this
07/07/2012 21:55 Nezekan#83
To be honest, servers who don't even have competent system administrators shouldn't be running a silkroad server, if you don't even close ports like netbios, or don't know how to fix icmp flood you shouldn't be running a server, seriously...
07/08/2012 00:27 PortalDark#84
Quote:
Originally Posted by Nezekan View Post
To be honest, servers who don't even have competent system administrators shouldn't be running a silkroad server, if you don't even close ports like netbios, or don't know how to fix icmp flood you shouldn't be running a server, seriously...
Some even have all sro ports(15788 for example) open wating for a smc injection.
Others with the admin/123456 sa/1234 login to mssql
I really think those people are just there for the easy money

Sent from my GT-S5830L using Tapatalk 2
07/08/2012 01:06 LastThief*#85
The funniest stuff in sro scene ever sa/1234
07/08/2012 06:45 ღ ∂ Ropp#86
Or people who use abdel's thread.
And make their password [password] because he's stating to input a password.

hhhhhhhhhhhhhhh FYLL YMMORTAL ELYXR
07/08/2012 07:04 ᶽPhoenix1337ᶽ#87
The problem is some stupids started to run a server , Even they can not develope it / Requesting for help inside . That's how silkroad sense has been destroyed .
07/08/2012 15:34 PortalDark#88
Quote:
Originally Posted by ᶽPhoenix1337ᶽ View Post
The problem is some stupids started to run a server , Even they can not develope it / Requesting for help inside . That's how silkroad sense has been destroyed .
"new avatar is out, server is gonna have it as soon as i find links on epvpers"

thats a normal speech from the admin to the players on a server
also, i got some time ago a pm of an admin, i told him that thier server was in danger of DDOS
he replied that they will not get hacked or DDOS because "we got Panda AV 2011 on our server"
tell me that this kind of thinking is not killing a bit the scene
07/08/2012 15:49 ᶽPhoenix1337ᶽ#89
Quote:
Originally Posted by PortalDark View Post
"new avatar is out, server is gonna have it as soon as i find links on epvpers"

thats a normal speech from the admin to the players on a server
also, i got some time ago a pm of an admin, i told him that thier server was in danger of DDOS
he replied that they will not get hacked or DDOS because "we got Panda AV 2011 on our server"
tell me that this kind of thinking is not killing a bit the scene
Tell him , put the panda into your ()o() (If you know what I mean)
The problem is , Server files has been released .. If it doesn't , Only who did leached it from the pathetic ftp of vsro , could run a server as well ,
1 Stupid from the 1million stupid victory :
[Only registered and activated users can see links. Click Here To Register...]
Then , I've blocked him . Dunno from where the hell did he came !
Edit: Look @ his stats :p
07/08/2012 16:10 LastThief*#90
Quote:
Originally Posted by PortalDark View Post
"new avatar is out, server is gonna have it as soon as i find links on epvpers"

thats a normal speech from the admin to the players on a server
also, i got some time ago a pm of an admin, i told him that thier server was in danger of DDOS
he replied that they will not get hacked or DDOS because "we got Panda AV 2011 on our server"
tell me that this kind of thinking is not killing a bit the scene
It's effective why you're sarcastic about it :( ?

Panda for ever <3
Page 6 of 19 « First 45 6 7816 Last »