Важная информация

Перед тем как создать тему или задать вопрос, ознакомьтесь с данной темой, там собраны наиболее распространенные уязвимости и способы устранения.
Так же не поленитесь воспользоваться поиском, вполне возможно, что ваш вопрос уже поднимался на форуме.
При создании новой темы уделите внимание ее названию, оно должно кратко описывать суть вашего вопроса/проблемы. Все вновь созданные темы с названиями "Помогите", "Объясните", "Подскажите" и т.д. будут удалены, а их авторы наказаны.

Защита Counter Strike Сервера

, Методы защиты от различных уязвимостей игровых серверов

Опции

Predat0r	9.1.2015, 19:45 Сообщение #4461
Стаж: 14 лет Сообщений: 1245 Благодарностей: 375 Полезность: < 0	Ну дык, кто ж виноват, что Вы в первую очередь не о безопасности думаете, а о чем-то другом.
	Поблагодарили 0 раз Поблагодарили 0 раз

S0m3Th1nG_AwFul!	9.1.2015, 19:52 Сообщение #4462
Стаж: 15 лет Сообщений: 454 Благодарностей: 323 Полезность: 961	Predat0r, не совсем понимаю, а как тебя спасёт даже профессиональный маршрутизатор, если на твой домашний интернет-канал начнут лить гигабит трафика с сотен серверов (не несколько тысяч коннектов по 52 байта, которые по дефолту только conntrack забивают), то бишь устроят настоящий DDoS?
	Поблагодарили 0 раз Поблагодарили 0 раз

FIELD LINE	9.1.2015, 19:52 Сообщение #4463
Стаж: 17 лет Сообщений: 126 Благодарностей: 129 Полезность: 517	Цитата(Predat0r @ 9.1.2015, 20:45) Ну дык, кто ж виноват, что Вы в первую очередь не о безопасности думаете, а о чем-то другом. Напиши плиз в ЛС какой именно у тебя.
	Поблагодарили 0 раз Поблагодарили 0 раз

Archangel236	9.1.2015, 19:59 Сообщение #4464
Стаж: 16 лет Город: Белая Церковь Сообщений: 444 Благодарностей: 184 Полезность: 550	Цитата(Predat0r @ 9.1.2015, 19:45) Ну дык, кто ж виноват, что Вы в первую очередь не о безопасности думаете, а о чем-то другом. Скок у тя дома стоек ))) Я подключен напрямую к джуне провайдера, и с легкостью управляю правилами своего стека )
	Поблагодарили 0 раз Поблагодарили 0 раз

Predat0r	9.1.2015, 20:00 Сообщение #4465
Стаж: 14 лет Сообщений: 1245 Благодарностей: 375 Полезность: < 0	Цитата(S0m3Th1nG_AwFul! @ 9.1.2015, 20:52) На месте разберемся©. Аналитика меня спасет. Наверное Цитата(Archangel236 @ 9.1.2015, 20:59) Скок у тя дома стоек ))) "1" - самопал.
	Поблагодарили 0 раз Поблагодарили 0 раз

mittagswind	9.1.2015, 20:05 Сообщение #4466
Стаж: 13 лет Сообщений: 102 Благодарностей: 14 Полезность: 112	Цитата(svgr @ 9.1.2015, 18:25) Я не знаю как в C++ с реализацией такого подхода, но в высокоуровневых языках u mad bro? C++ всегда считался высокоуровневым языком. Цитата(svgr @ 9.1.2015, 18:25) завести сортированный список, куда заносить адреса (или C-сетки) и количество pps от них за единицу времени (чистить, например, раз в 5-10 минут). И когда "в верхних строчках" окажутся слишком активно интересующиеся информацией о нашем сервере (казалось бы, для чего?), давать им банан до очередной очистки списка (или на другой время - тут воля фантазии). Всё. нет, не все. Вы почитайте определение что такое спуфинг. Цитата(svgr @ 9.1.2015, 18:25) Это "лошары", проектировавшие udp просчитались. Не конструктивный подход. Как легко в 2015 году критиковать то, что было придумано в 1980. Цитата(svgr @ 9.1.2015, 18:25) А зачем нам вообще куда-то таскать пакеты? hlds получил их, проанализировал, если счёл нужным, определённые проигнорировал. Это вообще бомба. Про модель OSI слышали? про стек TCP/IP и т.д? или движение мышки одного грока пишется прямо в мозг другому игроку, минуя прикладные приложения, драйвера, физические/канальные уровни и т.д.? Советы от недопрограммистов программистам - cool story, bro
	Поблагодарили 0 раз Поблагодарили 0 раз

wolf1987	9.1.2015, 21:10 Сообщение #4467
Стаж: 11 лет Сообщений: 21 Благодарностей: 4 Полезность: 145	I need help please !!! Use this does not work: iptables -A INPUT -s 37.187.0.0/16 -j DROP iptables -A INPUT -s 46.233.0.0/16 -j DROP iptables -A INPUT -s 87.120.0.0/16 -j DROP iptables -A INPUT -s 87.121.0.0/16 -j DROP iptables -A INPUT -s 88.135.0.0/16 -j DROP iptables -A INPUT -s 94.241.0.0/16 -j DROP iptables -A INPUT -s 94.242.0.0/16 -j DROP iptables -A INPUT -s 130.255.185.0/24 -j DROP iptables -A INPUT -s 176.124.0.0/16 -j DROP iptables -A INPUT -s 178.18.16.0/24 -j DROP iptables -A INPUT -s 193.201.242.0/24 -j DROP iptables -A INPUT -s 194.48.0.0/16 -j DROP iptables -A INPUT -p udp -m udp --dport 27015:28015 -m string --algo kmp --hex-string "\|FF FF FF FF 54\|" -m connlimit --connlimit-above 2 -j DROP if ip´s are banned because they keep coming? log server L 01/09/2015 - 20:06:02: Traffic from 87.120.215.112:23696 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.213.143:25528 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.255.134:20589 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.58.148:57721 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.63.140:55438 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.121.0.224:26974 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.10.208:45419 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.49.110:30377 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.215.87:35452 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.49.235:5400 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.210.71:8539 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.57.104:40505 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.8.217:1951 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.63.210:37007 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.214.164:5259 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.246:20332 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.167:22790 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.185:43646 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.192:31955 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.54:15971 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.212.130:732 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.161:23762 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.209.236:21852 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.219:47711 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.52.143:13699 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.59.52:1840 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.235:56102 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.208.216:41975 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.126:37240 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.238:4802 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.48.58:60447 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.0.127:14149 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.80:22208 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.9.162:2127 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.112:9015 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.57.57:19786 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.1.87:6314 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.237:14430 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.254.177:62687 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.254.97:9582 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.201:46908 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.43:43370 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.232:17529 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.8.154:64492 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.63.123:59113 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.51:65433 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.148:63368 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.109:2247 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.63.39:38697 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.204:36427 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.239:11056 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.95:17885 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.194:2397 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.10.127:45695 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.4:53986 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.86:15077 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.205:30738 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.233:5484 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.214.136:63383 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.53.118:42351 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.209.71:34692 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.60.122:2710 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.9.63:29270 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.214.218:35185 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.149:34856 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.0.16:51393 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.93:31443 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.60.83:55701 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.86:38192 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.239:15779 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.105:40260 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.231:46495 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.254.31:18740 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.99:18729 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.58.49:23894 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.210.124:61993 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.137:61496 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.166:52305 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.129:21321 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.210.126:49528 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.248:20367 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.177:25025 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.10:54495 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.198.128:32153 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.10.56:21008 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.189:36904 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.162:3152 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.8.185:47492 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.57.28:26400 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.24:20840 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.8.113:42754 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.148:47870 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.48.43:11573 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.198.65:27405 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.60.240:51430 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.209.228:47605 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.1.148:460 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.68:1615 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.48.147:43765 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.71:357 was blocked for exceeding rate limits ReHLDS 3.0.0.412, ReGameDLL 5.1.0.176, AMXX 1.8.2, MetaMod 1.21p37, Reunion 0.1.75 Ubuntu 12.04.5LTS, Kernel 3.2.0-lowlatency, CPU i3-2130 3.40GHz, RAM DDR3 8GB, HDD 1TB, Net 100Mbps
	Поблагодарили 0 раз Поблагодарили 0 раз

Vital	9.1.2015, 21:58 Сообщение #4468
Стаж: 12 лет Сообщений: 179 Благодарностей: 58 Полезность: 0	wolf1987,Check out the list in iptables Код iptables -L INPUT --line-numbers Отредактировал: Vital, - 9.1.2015, 22:00
	Поблагодарили 0 раз Поблагодарили 0 раз

Archangel236	9.1.2015, 22:30 Сообщение #4469
Стаж: 16 лет Город: Белая Церковь Сообщений: 444 Благодарностей: 184 Полезность: 550	Цитата(wolf1987 @ 9.1.2015, 21:10) I need help please !!! Use this does not work: iptables -A INPUT -s 37.187.0.0/16 -j DROP iptables -A INPUT -s 46.233.0.0/16 -j DROP iptables -A INPUT -s 87.120.0.0/16 -j DROP iptables -A INPUT -s 87.121.0.0/16 -j DROP iptables -A INPUT -s 88.135.0.0/16 -j DROP iptables -A INPUT -s 94.241.0.0/16 -j DROP iptables -A INPUT -s 94.242.0.0/16 -j DROP iptables -A INPUT -s 130.255.185.0/24 -j DROP iptables -A INPUT -s 176.124.0.0/16 -j DROP iptables -A INPUT -s 178.18.16.0/24 -j DROP iptables -A INPUT -s 193.201.242.0/24 -j DROP iptables -A INPUT -s 194.48.0.0/16 -j DROP iptables -A INPUT -p udp -m udp --dport 27015:28015 -m string --algo kmp --hex-string "\|FF FF FF FF 54\|" -m connlimit --connlimit-above 2 -j DROP if ip´s are banned because they keep coming? log server L 01/09/2015 - 20:06:02: Traffic from 87.120.215.112:23696 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.213.143:25528 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.255.134:20589 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.58.148:57721 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.63.140:55438 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.121.0.224:26974 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.10.208:45419 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.49.110:30377 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.215.87:35452 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.49.235:5400 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.210.71:8539 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.57.104:40505 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.8.217:1951 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 46.233.63.210:37007 was blocked for exceeding rate limits L 01/09/2015 - 20:06:02: Traffic from 87.120.214.164:5259 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.246:20332 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.167:22790 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.185:43646 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.192:31955 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.54:15971 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.212.130:732 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.161:23762 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.209.236:21852 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.219:47711 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.52.143:13699 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.59.52:1840 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.235:56102 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.208.216:41975 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.126:37240 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.238:4802 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.48.58:60447 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.0.127:14149 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.80:22208 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.9.162:2127 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.112:9015 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.57.57:19786 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.1.87:6314 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.237:14430 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.254.177:62687 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.254.97:9582 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.201:46908 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.43:43370 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.232:17529 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.8.154:64492 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.63.123:59113 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.51:65433 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.148:63368 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.109:2247 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.63.39:38697 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.204:36427 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.239:11056 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.95:17885 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.194:2397 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.10.127:45695 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.4:53986 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.86:15077 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.205:30738 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.233:5484 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.214.136:63383 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.53.118:42351 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.209.71:34692 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.60.122:2710 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.9.63:29270 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.214.218:35185 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.149:34856 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.0.16:51393 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.93:31443 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.60.83:55701 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.86:38192 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.239:15779 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.105:40260 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.231:46495 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.254.31:18740 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.99:18729 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.58.49:23894 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.210.124:61993 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.49.137:61496 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.166:52305 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.62.129:21321 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.210.126:49528 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.248:20367 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.56.177:25025 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.213.10:54495 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.198.128:32153 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.10.56:21008 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.189:36904 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.255.162:3152 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.8.185:47492 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.57.28:26400 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.252.24:20840 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.8.113:42754 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.61.148:47870 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.48.43:11573 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.198.65:27405 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.60.240:51430 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.209.228:47605 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.121.1.148:460 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.215.68:1615 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 46.233.48.147:43765 was blocked for exceeding rate limits L 01/09/2015 - 20:06:03: Traffic from 87.120.253.71:357 was blocked for exceeding rate limits If you have more than one server that rule Код iptables -A INPUT -p udp -m udp --dport 27015:28015 -m string --algo kmp --hex-string "\|FF FF FF FF 54\|" -m connlimit --connlimit-above 2 -j DROP is not appropriate
	Поблагодарили 0 раз Поблагодарили 0 раз

wolf1987	9.1.2015, 22:41 Сообщение #4470
Стаж: 11 лет Сообщений: 21 Благодарностей: 4 Полезность: 145	iptables -L INPUT --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 fail2ban-postfix tcp -- anywhere anywhere multiport dports HIDE 2 fail2ban-pure-ftpd tcp -- anywhere anywhere multiport dports HIDE 3 fail2ban-apache-overflows tcp -- anywhere anywhere multiport dports HIDE 4 fail2ban-apache-noscript tcp -- anywhere anywhere multiport dports HIDE 5 fail2ban-apache tcp -- anywhere anywhere multiport dports HIDE 6 fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports HIDE 7 fail2ban-ssh tcp -- anywhere anywhere multiport dports HIDE 8 ufw-before-logging-input all -- anywhere anywhere 9 ufw-before-input all -- anywhere anywhere 10 ufw-after-input all -- anywhere anywhere 11 ufw-after-logging-input all -- anywhere anywhere 12 ufw-reject-input all -- anywhere anywhere 13 ufw-track-input all -- anywhere anywhere 14 DROP all -- 37.187.0.0/16 anywhere 15 DROP all -- 46.233.0.0/16 anywhere 16 DROP all -- 87.120.0.0/16 anywhere 17 DROP all -- 87.121.0.0/16 anywhere 18 DROP all -- 88.135.0.0.tetra-telematik.ru/16 anywhere 19 DROP all -- 94.241.0.0/16 anywhere 20 DROP all -- 94.242.0.0/16 anywhere 21 DROP all -- 130.255.185.0/24 anywhere 22 DROP all -- 176.124.0.0/16 anywhere 23 DROP all -- 178.18.16.0/24 anywhere 24 DROP all -- 193.201.242.0/24 anywhere 25 DROP all -- 194.48.0.0/16 anywhere 26 DROP udp -- anywhere anywhere udp dpts:27015:28015 STRING match "\|ffffffff54\|" ALGO name kmp TO 65535 #conn src/32 > 2 Archangel236, I have several servers, which rule to use? Thank you all for your attention and help! ReHLDS 3.0.0.412, ReGameDLL 5.1.0.176, AMXX 1.8.2, MetaMod 1.21p37, Reunion 0.1.75 Ubuntu 12.04.5LTS, Kernel 3.2.0-lowlatency, CPU i3-2130 3.40GHz, RAM DDR3 8GB, HDD 1TB, Net 100Mbps
	Поблагодарили 0 раз Поблагодарили 0 раз

Archangel236	9.1.2015, 22:47 Сообщение #4471
Стаж: 16 лет Город: Белая Церковь Сообщений: 444 Благодарностей: 184 Полезность: 550	Цитата(wolf1987 @ 9.1.2015, 22:41) iptables -L INPUT --line-numbers Chain INPUT (policy DROP) 21 DROP all -- 130.255.185.0/24 anywhere 22 DROP all -- 176.124.0.0/16 anywhere 23 DROP all -- 178.18.16.0/24 anywhere 24 DROP all -- 193.201.242.0/24 anywhere 25 DROP all -- 194.48.0.0/16 anywhere 26 DROP udp -- anywhere anywhere udp dpts:27015:28015 STRING match "\|ffffffff54\|" ALGO name kmp TO 65535 #conn src/32 > 2 Archangel236, I have several servers, which rule to use? Thank you all for your attention and help! use this rule Код iptables -A INPUT -p udp -m udp -m string --algo kmp --hex-string "\|FF FF FF FF 54\|" -m connlimit --connlimit-above (packets) --connlimit-mask 24 -j DROP before remove 26 DROP udp -- anywhere anywhere udp dpts:27015:28015 STRING match "\|ffffffff54\|" ALGO name kmp TO 65535 #conn src/32 > 2 Отредактировал: Archangel236, - 9.1.2015, 22:47
	Поблагодарили 0 раз Поблагодарили 0 раз

wolf1987	9.1.2015, 23:05 Сообщение #4472
Стаж: 11 лет Сообщений: 21 Благодарностей: 4 Полезность: 145	iptables -L INPUT --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 fail2ban-postfix tcp -- anywhere anywhere multiport dports HIDE 2 fail2ban-pure-ftpd tcp -- anywhere anywhere multiport dports HIDE 3 fail2ban-apache-overflows tcp -- anywhere anywhere multiport dports HIDE 4 fail2ban-apache-noscript tcp -- anywhere anywhere multiport dports HIDE 5 fail2ban-apache tcp -- anywhere anywhere multiport dports HIDE 6 fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports HIDE 7 fail2ban-ssh tcp -- anywhere anywhere multiport dports HIDE 8 ufw-before-logging-input all -- anywhere anywhere 9 ufw-before-input all -- anywhere anywhere 10 ufw-after-input all -- anywhere anywhere 11 ufw-after-logging-input all -- anywhere anywhere 12 ufw-reject-input all -- anywhere anywhere 13 ufw-track-input all -- anywhere anywhere 14 DROP all -- 37.187.0.0/16 anywhere 15 DROP all -- 46.233.0.0/16 anywhere 16 DROP all -- 87.120.0.0/16 anywhere 17 DROP all -- 87.121.0.0/16 anywhere 18 DROP all -- 88.135.0.0.tetra-telematik.ru/16 anywhere 19 DROP all -- 94.241.0.0/16 anywhere 20 DROP all -- 94.242.0.0/16 anywhere 21 DROP all -- 130.255.185.0/24 anywhere 22 DROP all -- 176.124.0.0/16 anywhere 23 DROP all -- 178.18.16.0/24 anywhere 24 DROP all -- 193.201.242.0/24 anywhere 25 DROP all -- 194.48.0.0/16 anywhere 26 DROP udp -- anywhere anywhere udp STRING match "\|ffffffff54\|" ALGO name kmp TO 65535 #conn src/24 > 10 I've changed the rule, but I keep wondering because iptables not block the ips are banned, can someone answer this question? ReHLDS 3.0.0.412, ReGameDLL 5.1.0.176, AMXX 1.8.2, MetaMod 1.21p37, Reunion 0.1.75 Ubuntu 12.04.5LTS, Kernel 3.2.0-lowlatency, CPU i3-2130 3.40GHz, RAM DDR3 8GB, HDD 1TB, Net 100Mbps
	Поблагодарили 0 раз Поблагодарили 0 раз

Archangel236	9.1.2015, 23:10 Сообщение #4473
Стаж: 16 лет Город: Белая Церковь Сообщений: 444 Благодарностей: 184 Полезность: 550	Цитата(wolf1987 @ 9.1.2015, 23:05) iptables -L INPUT --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 fail2ban-postfix tcp -- anywhere anywhere multiport dports HIDE 2 fail2ban-pure-ftpd tcp -- anywhere anywhere multiport dports HIDE 3 fail2ban-apache-overflows tcp -- anywhere anywhere multiport dports HIDE 4 fail2ban-apache-noscript tcp -- anywhere anywhere multiport dports HIDE 5 fail2ban-apache tcp -- anywhere anywhere multiport dports HIDE 6 fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports HIDE 7 fail2ban-ssh tcp -- anywhere anywhere multiport dports HIDE 8 ufw-before-logging-input all -- anywhere anywhere 9 ufw-before-input all -- anywhere anywhere 10 ufw-after-input all -- anywhere anywhere 11 ufw-after-logging-input all -- anywhere anywhere 12 ufw-reject-input all -- anywhere anywhere 13 ufw-track-input all -- anywhere anywhere 14 DROP all -- 37.187.0.0/16 anywhere 15 DROP all -- 46.233.0.0/16 anywhere 16 DROP all -- 87.120.0.0/16 anywhere 17 DROP all -- 87.121.0.0/16 anywhere 18 DROP all -- 88.135.0.0.tetra-telematik.ru/16 anywhere 19 DROP all -- 94.241.0.0/16 anywhere 20 DROP all -- 94.242.0.0/16 anywhere 21 DROP all -- 130.255.185.0/24 anywhere 22 DROP all -- 176.124.0.0/16 anywhere 23 DROP all -- 178.18.16.0/24 anywhere 24 DROP all -- 193.201.242.0/24 anywhere 25 DROP all -- 194.48.0.0/16 anywhere 26 DROP udp -- anywhere anywhere udp STRING match "\|ffffffff54\|" ALGO name kmp TO 65535 #conn src/24 > 10 I've changed the rule, but I keep wondering because iptables not block the ips are banned, can someone answer this question? this rule does not banned ip's, but blocks requests
	Поблагодарили 0 раз Поблагодарили 0 раз

wolf1987	10.1.2015, 0:11 Сообщение #4474
Стаж: 11 лет Сообщений: 21 Благодарностей: 4 Полезность: 145	I mean this: (it is assumed that these ips are banned, no?) iptables -A INPUT -s 37.187.0.0/16 -j DROP iptables -A INPUT -s 46.233.0.0/16 -j DROP iptables -A INPUT -s 87.120.0.0/16 -j DROP iptables -A INPUT -s 87.121.0.0/16 -j DROP iptables -A INPUT -s 88.135.0.0/16 -j DROP iptables -A INPUT -s 94.241.0.0/16 -j DROP iptables -A INPUT -s 94.242.0.0/16 -j DROP iptables -A INPUT -s 130.255.185.0/24 -j DROP iptables -A INPUT -s 176.124.0.0/16 -j DROP iptables -A INPUT -s 178.18.16.0/24 -j DROP iptables -A INPUT -s 193.201.242.0/24 -j DROP iptables -A INPUT -s 194.48.0.0/16 -j DROP several ips managed to connect to server... ReHLDS 3.0.0.412, ReGameDLL 5.1.0.176, AMXX 1.8.2, MetaMod 1.21p37, Reunion 0.1.75 Ubuntu 12.04.5LTS, Kernel 3.2.0-lowlatency, CPU i3-2130 3.40GHz, RAM DDR3 8GB, HDD 1TB, Net 100Mbps
	Поблагодарили 0 раз Поблагодарили 0 раз

Archangel236	10.1.2015, 0:15 Сообщение #4475
Стаж: 16 лет Город: Белая Церковь Сообщений: 444 Благодарностей: 184 Полезность: 550	Цитата(wolf1987 @ 10.1.2015, 0:11) I mean this: (it is assumed that these ips are banned, no?) iptables -A INPUT -s 37.187.0.0/16 -j DROP iptables -A INPUT -s 46.233.0.0/16 -j DROP iptables -A INPUT -s 87.120.0.0/16 -j DROP iptables -A INPUT -s 87.121.0.0/16 -j DROP iptables -A INPUT -s 88.135.0.0/16 -j DROP iptables -A INPUT -s 94.241.0.0/16 -j DROP iptables -A INPUT -s 94.242.0.0/16 -j DROP iptables -A INPUT -s 130.255.185.0/24 -j DROP iptables -A INPUT -s 176.124.0.0/16 -j DROP iptables -A INPUT -s 178.18.16.0/24 -j DROP iptables -A INPUT -s 193.201.242.0/24 -j DROP iptables -A INPUT -s 194.48.0.0/16 -j DROP several ips managed to connect to server... These rules can be removed because you prescribed restrictions that rule Цитата(Archangel236) Код Код iptables -A INPUT -p udp -m udp -m string --algo kmp --hex-string "\|FF FF FF FF 54\|" -m connlimit --connlimit-above (packets) --connlimit-mask 24 -j DROP Отредактировал: Archangel236, - 10.1.2015, 0:15
	Поблагодарили 0 раз Поблагодарили 0 раз

9iky6	10.1.2015, 4:28 Сообщение #4476
Стаж: 14 лет Сообщений: 143 Благодарностей: 47 Полезность: 260	Цитата([WPMG]PRoSToTeM@ @ 9.1.2015, 22:22) Проверку фейков надо либо в отдельную ветку разработки, либо отдельным метаплагом. Ещё бы донес кто-нибудь до него эти слова.
	Поблагодарили 0 раз Поблагодарили 0 раз

iShot	10.1.2015, 8:49 Сообщение #4477
Стаж: 11 лет Сообщений: 1340 Благодарностей: 463 Полезность: 845 Меценат	Очень много drop - что это такое? Dropped BoLwOi from server Reason: Client sent 'drop' Dropped Hugo Chavez from server Reason: Client sent 'drop' улыбнись :)
	Поблагодарили 0 раз Поблагодарили 0 раз

r1nk0	10.1.2015, 8:51 Сообщение #4478
Стаж: 12 лет Сообщений: 1417 Благодарностей: 705 Полезность: 349	коннектится видит что че то качается,отменяет Создание и редактирование карт ($) - vk.com/id476857873 Настройка и техническое обслуживание ваших игровых серверов - vk.com/id476857873
	Поблагодарили 1 раз Поблагодарили 1 раз iShot

mazdan	10.1.2015, 11:10 Сообщение #4479
Стаж: 15 лет Сообщений: 7566 Благодарностей: 5437 Полезность: 1305	Добавил квары: conless_rate24 conless_time24 conless_bantime24 По умолчанию стоит: Цитата conless_bantime : 30 conless_bantime24 : 30 conless_debug : 0 conless_rate : 30 conless_rate24 : 50 conless_time : 10 conless_time24 : 30 Прикрепленные файлы: connectionless04.rar ( 4,69 килобайт ) Кол-во скачиваний: 64 Не пишите мне в ЛС. Пишите на почту. В ЛС я пропускаю сообщения.
	Поблагодарили 3 раз Поблагодарили 3 раз dehost, Kpacava, riva2014

waza123	10.1.2015, 13:52 Сообщение #4480
Стаж: 12 лет Сообщений: 33 Благодарностей: 3 Полезность: 68	Код # # Anti Hlds Amplification Attack # v1.1 (07.01.2015) # by waza123 # http://c-s.net.ua/forum/topic37395.html&st=4300 # # Description: # * When attacker sending a small UDP packet to your server with changed source ip address in IPv4 header (ip spoofing), # your server answers with larger packet, and sending this packet to victims ip, # your server are becoming a zombie/attacker a part of DDoS. # * My script is watching for NEW packets (not UPDATED) and if there is a large amount of packets from same ip, the ip is blocked for some time # and your server will not die from large amount of udp requests. # # System requirements: # * Linux (any linux, ubuntu recommended) # * iptables (by default in linux) # * php (http://php.net) # * conntrack (apt-get install conntrack , or http://conntrack-tools.netfilter.org/) # * crontab (by default in linux) # * glibc 2.9>= (ldd --version) # # Installation: # Put this script in crontab root file /var/spool/cron/crontabs/root , run every 1 minute (recommended) # /1 * * * php /root/anti_hlds_amplif_ddos.php # # Changelog: # 1.0 initial release 07.01.2015 # 1.1 fixed bug with removing old rules 10.01.2015 Отредактировал: waza123, - 10.1.2015, 13:52 Прикрепленные файлы: anti_hlds_amplif_ddos.php.txt ( 3,64 килобайт ) Кол-во скачиваний: 61
	Поблагодарили 0 раз Поблагодарили 0 раз

« Предыдущая тема · Защита Игрового сервера · Следующая тема »

0 пользователей и 9 гостей читают эту тему:

Наши новости:

Важная информация

Защита Counter Strike Сервера