Jump to content

Host Provider Migration


Recommended Posts

Just now, xlOutsiderlx said:

*sigh* And is there anything that Devs can do with the DDoSing? I know if you block an IP it won't do much. How about the Steam ID? I guess that won't matter because because of IP spoofing... There has to be a solution, just has to be.

Hope Bohemia fixes the net code for the Layer 7 method and for the normal TCP/UDP floods nothing much they CAN do except pay a crazy amount of $ for a new host that has a higher threshold which imo isn't worth it.

Link to comment
Just now, Gnashes said:

To give you an example, a volumetric attack on 1/7/18 had 49,000 IPs attack US3 in 1 second.

Good luck blocking that.

LMAO i knew it was a powerful hit but thats probably a fucking Botnet... and probably the biggest one i've seen in a LOOOOONG time... holy shit...

Edited by Tyler
Link to comment
Just now, xlOutsiderlx said:

Yeah, because it deals with their actual servers. Its a suggestion and we are actually discussing the issue at hand. Why would they lock it?

Because; its getting out of hand

its nothing new

its got little thought put into it

your whole reasoning behind why they should do it is because your compTIA certified

Tyler likes this
Link to comment
Just now, Gnashes said:

To give you an example, a volumetric attack on 1/7/18 had 49,000 IPs attack US3 in 1 second.

Good luck blocking that.

Damn... Well... I didn't know I don't get to look at those logs. lol. I thought of just something simple. But since it is a DDoS problem... Fuck...

Just now, Tyler said:

Hope Bohemia fixes the net code for the Layer 7 method and for the normal TCP/UDP floods nothing much they CAN do except pay a crazy amount of $ for a new host that has a higher threshold which imo isn't worth it.

Yeah, I agree. I didn't know that the host providers were already tried. I will shut up there and I agree they shouldn't waste more money... Any DDoS Protection for game servers?

Link to comment
Just now, xlOutsiderlx said:

*sigh* And is there anything that Devs can do with the DDoSing? I know if you block an IP it won't do much. How about the Steam ID? I guess that won't matter because because of IP spoofing... There has to be a solution, just has to be.

Mitigation is much more than just blocking an IP, UDP attacks generally have spoofed source addresses, so you would have to drop the entire internet.

SteamIDs aren't ever going to help you mitigate an attack, they're not connected in anyway.

DXEQt5O.png

Edited by Linden
xlOutsiderlx likes this
Link to comment
Just now, xlOutsiderlx said:

Damn... Well... I didn't know I don't get to look at those logs. lol. I thought of just something simple. But since it is a DDoS problem... Fuck...

Yeah, I agree. I didn't know that the host providers were already tried. I will shut up there and I agree they shouldn't waste more money... Any DDoS Protection for game servers?

Yeah Choopa is the company that handles the server hosting and DDoS protection and then obv CloudFlare for the website.

xlOutsiderlx likes this
Link to comment
Just now, Eazy.lookinass said:

Because; its getting out of hand

its nothing new

its got little thought put into it

your whole reasoning behind why they should do it is because your compTIA certified

No, because people thought I have no sense in computers. I was proving that I have some credentials. While they probably have none. And getting out of hand? How? Its actual conversation that me and Tyler are actually having as well as others.

Tyler likes this
Link to comment
Just now, Tyler said:

Yeah Choopa is the company that handles the server hosting and DDoS protection and then obv CloudFlare for the website.

 

Just now, Linden said:

Mitigation is much more than just blocking an IP, UDP attacks generally have spoofed source addresses, so you would have to drop the entire internet.

SteamIDs aren't ever going to help you mitigate an attack, they're not connected in anyway.

 

 

Just now, Gnashes said:

The ones today were 200+Gb/s. The one I was referencing was likely closer to 2-3Gb/s

 

Just now, Gnashes said:

To give you an example, a volumetric attack on 1/7/18 had 49,000 IPs attack US3 in 1 second.

Good luck blocking that.

 

Just now, Trilligy said:

Na, we are all just laughing 

So, we all agree its a DDoSing problem? Fuck... Hmm.... Has Bohemia been aware of the issue and are they actually working on it or don't give a shit?

Tyler likes this
Link to comment
Just now, Gnashes said:

The ones today were 200+Gb/s. The one I was referencing was likely closer to 2-3Gb/s

Were the ones today a flood with multiple IPs as well? 2-3Gb/s while powerful seems a bit... small for that many slaves. Maybe it's not a botnet... but with how many IPs there were that wouldn't make sense. Then again it's been a good 4-5 years since I messed with any sort of server.

Edited by Tyler
Link to comment
Just now, Gnashes said:

Why would Bohemia care about DDOS?

He's referring to the Arma 3 netcode exploit they were using in a Layer 7 attack, but i think someone mentioned that Choopa may have found a way to re route that traffic. But i assume bohemia would want to fix any netcode issues.

Link to comment
Just now, Tyler said:

Were the ones today a flood with multiple IPs as well? 2-3Gb/s while powerful seems a bit... small for that many slaves. Maybe it's not a botnet... but with hop many IPs there were that wouldn't make sense. Then again it's been a good 4-5 years since I messed with any sort of server.

Distributed attacks can still be extremely small. The attacks we had the most issue filtering were the ~100-200mbps attacks, they still originate from thousands of addresses but they match legitimate traffic in almost every way, size isn't the only factor when it comes to dealing with attacks.

These current large attacks aren't "hard" to filter from a mitigation standpoint, the issue is the capacity to do so. The current attacks all originate from a single source port, and the attack is reflective meaning the source addresses aren't spoofed, but they're originating from thousands of legitimate servers around the world. But the shear size of the attack would result in a huge amount of overall bandwidth being used during the mitigation. So essentially not implementing nullroutes would be opening the flood gates and allowing 200Gbps to flow freely into the network just to filter 99% of it and allow 30mbps worth of Arma connections through.

Is it possible, yes.

Is it costly, absolutely.

There is mitigation in place at all times to prevent attacks, some attacks require me to personally implement new filters (the application layer attacks) but in general, most attacks are caught without you guys even noticing them.

xlOutsiderlx likes this
Link to comment
Just now, Linden said:

Distributed attacks can still be extremely small. The attacks we had the most issue filtering were the ~100-200mbps attacks, they still originate from thousands of addresses but they match legitimate traffic in almost every way, size isn't the only factor when it comes to dealing with attacks.

These current large attacks aren't "hard" to filter from a mitigation standpoint, the issue is the capacity to do so. The current attacks all originate from a single source port, and the attack is reflective meaning the source addresses aren't spoofed, but they're originating from thousands of legitimate servers around the world. But the shear size of the attack would result in a huge amount of overall bandwidth being used during the mitigation. So essentially not implementing nullroutes would be opening the flood gates and allowing 200Gbps to flow freely into the network just to filter 99% of it and allow 30mbps worth of Arma connections through.

Is it possible, yes.

Is it costly, absolutely.

There is mitigation in place at all times to prevent attacks, some attacks require me to personally implement new filters (the application layer attacks) but in general, most attacks are caught without you guys even noticing them.

Well yeah the smaller spread out attacks we used to refer to them as botnets... and yeah they can be a pain. I don't know if you are versed in the lingo used in the illegal side of things but usually Botnets are comprised of infected computers with a Remote Administration Tool (RAT) and they reroute their internet traffic to the IP being attacked so you can have as few as a couple compromised networks to thousands all attacking one target at the same time. That's what it sounds like you guys are being targeted with but i have no actual degree or anything on the subject so I could very well be wrong.

Edited by Tyler
Link to comment
Just now, Linden said:

Distributed attacks can still be extremely small. The attacks we had the most issue filtering were the ~100-200mbps attacks, they still originate from thousands of addresses but they match legitimate traffic in almost every way, size isn't the only factor when it comes to dealing with attacks.

These current large attacks aren't "hard" to filter from a mitigation standpoint, the issue is the capacity to do so. The current attacks all originate from a single source port, and the attack is reflective meaning the source addresses aren't spoofed, but they're originating from thousands of legitimate servers around the world. But the shear size of the attack would result in a huge amount of overall bandwidth being used during the mitigation. So essentially not implementing nullroutes would be opening the flood gates and allowing 200Gbps to flow freely into the network just to filter 99% of it and allow 30mbps worth of Arma connections through.

Is it possible, yes.

Is it costly, absolutely.

There is mitigation in place at all times to prevent attacks, some attacks require me to personally implement new filters (the application layer attacks) but in general, most attacks are caught without you guys even noticing them.


If they are legitimate then yes it would be a botnet right? Who the fuck has money to blow on a botnet to target a simple gaming server within a game?

Link to comment
Just now, Tyler said:

Well yeah the smaller spread out attacks we used to refer to them as botnets... and yeah they can be a pain. I don't know if you are versed in the lingo used in the illegal side of things but usually Botnets are comprised of infected computers with a Remote Administration Tool (RAT) and they reroute their internet traffic to the IP being attacked so you can have as few as a couple compromised networks to thousands all attacking on target at the same time. That's what it sounds like you guys are being targeted with but i have no actual degree or anything on the subject so I could very well be wrong.

using RATs for botnets is literally so inefficient but ya you get the basic jist today

most software for botnets, ex: qbot, mirai, (others), take advantage of faulty security cameras with default logins, or some sort of public exploit to gain infections.

it is not hard to get 50000+ connections, although it is hard to get anything above 100k nowadays

Tyler likes this
Link to comment
Just now, Criminal said:

using RATs for botnets is literally so inefficient but ya you get the basic jist today

most software for botnets, ex: qbot, mirai, (others), take advantage of faulty security cameras with default logins, or some sort of public exploit to gain infections.

it is not hard to get 50000+ connections, although it is hard to get anything above 100k nowadays

Back in my day people were using Darkcomet and things of the sort lmao.

Link to comment
Just now, Tyler said:

Back in my day people were using Darkcomet and things of the sort lmao.

usually darkcomet was used by 13 year olds to delete system 32 or close minecraft while it was running

i know the people who developed mirai and there's quite a bit of articles on it, if someone is actually using a botnet against asylum (a gaming server wow high profile target) then there is not much you can do

most idiots right now are using stressers which i have no idea if the hosting provider can block those, but most can

Tyler likes this
Link to comment
Just now, Criminal said:

usually darkcomet was used by 13 year olds to delete system 32 or close minecraft while it was running

i know the people who developed mirai and there's quite a bit of articles on it, if someone is actually using a botnet against asylum (a gaming server wow high profile target) then there is not much you can do

most idiots right now are using stressers which i have no idea if the hosting provider can block those, but most can

Most stressers (i have seen) use the same IPs though. I used to use vDos to test my OVH servers and noticed that many of the IPs were the same i think they used like 6-7 different servers. But like I said it has been a long time since i've dabbled in any of that kind of stuff. Very interesting though thanks for the info. Mirai is a very interesting name for an application too... Japanese for "Future"...

Link to comment
Just now, Tyler said:

Well yeah the smaller spread out attacks we used to refer to them as botnets... and yeah they can be a pain. I don't know if you are versed in the lingo used in the illegal side of things but usually Botnets are comprised of infected computers with a Remote Administration Tool (RAT) and they reroute their internet traffic to the IP being attacked so you can have as few as a couple compromised networks to thousands all attacking on target at the same time. That's what it sounds like you guys are being targeted with but i have no actual degree or anything on the subject so I could very well be wrong.

The term botnet is still slung around quite a bit, but the definition has been skewed.

You have a lot of attack vectors that don't require you infect computers to abuse their connection.

Here's a basic list of reflective attacks. (it's not all inclusive)

But the way the reflective DDoS attacks work attackers don't actually need control over the machine. They just abuse a service on the machine.

Here's an example:

  1. Attacker spoofs target game server IP to 1500 NTP servers
  2. All those NTP servers respond to the game server IP with a much larger response.

The potential amplification factor for NTP is 556x what was received by the server. So you could use a shitty VPS and buy an amp list of NTP servers being sold on these shitty "hack forums" sites and launch a decent sized attack.

This doesn't technically fall under the "botnet" definition, but it's the same concept, without the requirement of infecting the hosts. This is why DNS, NTP, SSDP, RIP, LDAP, etc are all common attack vectors on these shitty stresser sites. The attacks are easy to do, the scripts to do the attacks are public, and people are selling amp lists for each protocol for pennies.

Edited by Linden
Tyler, Mitch (IFRIT) and Silver-Spy like this
Link to comment
Just now, Linden said:

The term botnet is still slung around quite a bit, but the definition has been skewed.

You have a lot of attack vectors that don't require you infect computers to abuse their connection.

Here's a basic list of reflective attacks. (it's not all inclusive)

But the way the reflective DDoS attacks work attackers don't actually need control over the machine. They just abuse a service on the machine.

Here's an example:

  1. Attacker spoofs target game server IP to 1500 NTP servers
  2. All those NTP servers respond to the game server IP with a much larger response.

The potential amplification factor for NTP is 556x what was received by the server. So you could use a shitty VPS and buy an amp list of NTP servers being sold on these shitty "hack forums" sites and launch a decent sized attack.

This doesn't technically fall under the "botnet" definition, but it's the same concept, without the requirement of infecting the hosts. This is why DNS, NTP, SSDP, RIP, LDAP, etc are all common attack vectors on these shitty stresser sites. The attacks are easy to do, the scripts to do the attacks are public, and people are selling amp lists for each protocol for pennies.

Very interesting, thanks for the info!

Link to comment

Guys I got the perfect solution :

 

DeaDDOSSER(S)

My name is Wollie, and i like playing on these servers for god knows what reason, and everytime you and ur stupid botnet attack this shitshow, and make the server crash so you can cum over ur little laptop which is probably located at ur mums basement, I probably need to spend roughly 10 minutes and a redgull or 2 running to the nearest garage. 

How about you be fucking nice for once, maybe get some sunlight in your face, and do something you enjoy that isn't at the cost of someone else who is playing fucking arma.

I don't know alot about serverhosting, DDOS and all that shit, I develop, don't manage. 

Greets,

The fuckwit who spend way to much time on this game

PS you guys wanna hear a good joke?: 

Spoiler

Cromptia 

amFJzaz.png

andy7255 likes this
Link to comment
29 minutes ago, Mayhem said:

That’s my face every time I see someone post about the servers expecting different results

At least I was suggesting a solution of which I have very limited access to whats going on behind scenes. I mean seriously, I literally have no logs or anything to look at and suggested something and these toxic cancerous little fucks cant appreciate that I was simply suggesting and not yelling. Everybody across Asylum doesnt know what is going on. I was called a dumbass for thinking its DDoS. I was called a dumbass now for thinking its the host provider. All things have one conclusion... Literally I have NO LOGS WHAT SO EVER TO FUCKING LOOK AT! So... Now that its officially DDoS now people know.

Link to comment
Just now, xlOutsiderlx said:

At least I was suggesting a solution of which I have very limited access to whats going on behind scenes. I mean seriously, I literally have no logs or anything to look at and suggested something and these toxic cancerous little fucks cant appreciate that I was simply suggesting and not yelling. Everybody across Asylum doesnt know what is going on. I was called a dumbass for thinking its DDoS. I was called a dumbass now for thinking its the host provider. All things have one conclusion... Literally I have NO LOGS WHAT SO EVER TO FUCKING LOOK AT! So... Now that its officially DDoS now people know.

Tbh I think ur a dumbass that you didn't realise this type of thread gets made alot, and Linden knows more about it then all us asylum retarded people anyway do just don't make these threads and we're good to go. Sorry but you could expect these reactions from an asylum forum). 

Link to comment
Just now, wollie35 said:

Tbh I think ur a dumbass that you didn't realise this type of thread gets made alot, and Linden knows more about it then all us asylum retarded people anyway do just don't make these threads and we're good to go. Sorry but you could expect these reactions from an asylum forum). 

I understand the toxicity. I am not criticizing Linden at all. He has confirmed what people only speculated. 1) Im not a dumbass when I have limited access on what goes behind scenes. 2) I was simply suggesting and didnt know it has already been posted and done millions of times. 3) At least I was actually discussing and not doing autustic screeching like @massi when I have limited access to anything that the devs do. I was simply suggesting, in the suggestion area, on the fucking forums and not yelling at anyone. Im not a dumbass They are thr toxic autustic screeching dumbasses.

Link to comment
Just now, wollie35 said:

Tbh I think ur a dumbass that you didn't realise this type of thread gets made alot, and Linden knows more about it then all us asylum retarded people anyway do just don't make these threads and we're good to go. Sorry but you could expect these reactions from an asylum forum). 

But to be honest dude. These toxic fucks wont do shit in the real world. They dont have the fucking balls. So... Why should I get mad... At least I aint a pussy. They will fuck with someone they shouldnt have and maybe they wont do it next time.. Or maybe they will be fucking retarded. But either way these toxic fucktards are why we arent a Type 1 civilization yet. Fucking dumbasses.

Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...