[cod] ddos attack on port 28960

Cheetah cheetah at nm.ru
Mon Aug 18 16:48:32 EDT 2008 

> How did you figure it's a ddos ? did your server go down ?

Go down all Internet in my city (on 1 hour) and higher provider has told to 
me about ddos attack on server on 28960 port, and close server IP.


----- Original Message ----- 
From: "tommii | Mailinglist" <mailinglist at z-grounds.com>
To: <cod at icculus.org>
Sent: Tuesday, August 19, 2008 12:32 AM
Subject: RE: [cod] ddos attack on port 28960


>I think this won't help.
>
> Did you make somebody mad on your server or did you ban somebody after a
> fight ?
>
>
>
> Because this guy is not sending this DDoS from his own pc.
>
> How did you figure it's a ddos ? did your server go down ?
>
>
>
> Tom
>
>
>
>
>
> From: GateKeeperLL [mailto:gatekeeper at linkslobby.com]
> Sent: maandag 18 augustus 2008 22:28
> To: cod at icculus.org
> Subject: Re: [cod] ddos attack on port 28960
>
>
>
> trace what ip it is coming from, or block of ip's, whois and find the isp,
> search your mp logs and see if the offending ip has been on your server...
> if he/she has, document the user name, document when the attacks take 
> place
> and send all this info to the offending ip's ISP for action... cheerz g8
>
> ----- Original Message ----- 
>
> From: Cheetah <mailto:cheetah at nm.ru>
>
> To: cod at icculus.org
>
> Sent: Monday, August 18, 2008 2:09 PM
>
> Subject: [cod] ddos attack on port 28960
>
>
>
> Hey guys, sorry for my english...
> Already second time my servers (server.cod-4.ru) under ddos attacks
> (600mbit). Server are running on linux gentoo and with your linux bin
> (cod4-linux-server-06282008.tar.bz2). Attacks go to only 28960 port.
> Have you any ideas?
>
>
>
> Thanks
> CoD-4.ru
>
>
>
>
>
> Wap-------=_NextPart_000_001C_01C90182.59FD0460
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
> xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
> xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
> xmlns=3D"http://www.w3.org/TR/REC-html40">
>
> <head>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii">
> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
> <style>
> <!--
> /* Font Definitions */
> @font-face
> {font-family:"Cambria Math";
> panose-1:2 4 5 3 5 4 6 3 2 4;}
> @font-face
> {font-family:Calibri;
> panose-1:2 15 5 2 2 2 4 3 2 4;}
> @font-face
> {font-family:Tahoma;
> panose-1:2 11 6 4 3 5 4 4 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> {margin:0cm;
> margin-bottom:.0001pt;
> font-size:11.0pt;
> font-family:"Calibri","sans-serif";}
> a:link, span.MsoHyperlink
> {mso-style-priority:99;
> color:blue;
> text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> {mso-style-priority:99;
> color:purple;
> text-decoration:underline;}
> span.EmailStyle17
> {mso-style-type:personal;
> font-family:"Calibri","sans-serif";
> color:windowtext;}
> span.EmailStyle18
> {mso-style-type:personal-reply;
> font-family:"Calibri","sans-serif";
> color:#1F497D;}
> .MsoChpDefault
> {mso-style-type:export-only;
> font-size:10.0pt;}
> @page Section1
> {size:612.0pt 792.0pt;
> margin:70.85pt 70.85pt 70.85pt 70.85pt;}
> div.Section1
> {page:Section1;}
> -->
> </style>
> <!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
>  <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]-->
> </head>
>
> <body bgcolor=3Dwhite lang=3DNL link=3Dblue vlink=3Dpurple>
>
> <div class=3DSection1>
>
> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>I think =
> this won&#8217;t
> help.<o:p></o:p></span></p>
>
> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>Did you =
> make somebody
> mad on your server or did you ban somebody after a fight =
> ?<o:p></o:p></span></p>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>
>
> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>Because =
> this guy is
> not sending this DDoS from his own pc.<o:p></o:p></span></p>
>
> <p class=3DMsoNormal><span lang=3DEN-US style=3D'color:#1F497D'>How did =
> you figure
> it&#8217;s a ddos ? did your server go down ?<o:p></o:p></span></p>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'color:#1F497D'>Tom<o:p></o:p></span></p>
>
> <p class=3DMsoNormal><span =
> style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>
>
> <p class=3DMsoNormal><span =
> style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>
>
> <div>
>
> <div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
> 0cm 0cm 0cm'>
>
> <p class=3DMsoNormal><b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:
> "Tahoma","sans-serif"'>From:</span></b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;
> font-family:"Tahoma","sans-serif"'> GateKeeperLL
> [mailto:gatekeeper at linkslobby.com] <br>
> <b>Sent:</b> maandag 18 augustus 2008 22:28<br>
> <b>To:</b> cod at icculus.org<br>
> <b>Subject:</b> Re: [cod] ddos attack on port =
> 28960<o:p></o:p></span></p>
>
> </div>
>
> </div>
>
> <p class=3DMsoNormal><o:p>&nbsp;</o:p></p>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>trace
> what ip it is coming from, or block of ip's, whois and find the isp, =
> search
> your mp logs and see if the offending ip has been on your server... if =
> he/she
> has, document the user name, document when the attacks take place and =
> send all
> this info to the offending ip's ISP for action... cheerz g8</span><span
> lang=3DEN-US style=3D'font-size:12.0pt;font-family:"Times New =
> Roman","serif"'><o:p></o:p></span></p>
>
> </div>
>
> <blockquote style=3D'border:none;border-left:solid black =
> 1.5pt;padding:0cm 0cm 0cm 4.0pt;
> margin-left:3.75pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'=
>>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>-----
> Original Message ----- <o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal style=3D'background:#E4E4E4'><b><span lang=3DEN-US
> style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>From:</span><=
> /b><span
> lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'> <a
> href=3D"mailto:cheetah at nm.ru" title=3D"cheetah at nm.ru">Cheetah</a> =
> <o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:
> "Arial","sans-serif"'>To:</span></b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;
> font-family:"Arial","sans-serif"'> <a href=3D"mailto:cod at icculus.org"
> title=3D"cod at icculus.org">cod at icculus.org</a> <o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:
> "Arial","sans-serif"'>Sent:</span></b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;
> font-family:"Arial","sans-serif"'> Monday, August 18, 2008 2:09 =
> PM<o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><b><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:
> "Arial","sans-serif"'>Subject:</span></b><span lang=3DEN-US =
> style=3D'font-size:
> 10.0pt;font-family:"Arial","sans-serif"'> [cod] ddos attack on port =
> 28960<o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:12.0pt;font-family:"Times New =
> Roman","serif"'><o:p>&nbsp;</o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>Hey
> guys, sorry for my english...<br>
> Already second time my servers (server.cod-4.ru) under ddos attacks =
> (600mbit).
> Server are running on linux gentoo and with your linux bin
> (cod4-linux-server-06282008.tar.bz2). Attacks go to only 28960 port.<br>
> Have you any ideas?</span><span lang=3DEN-US =
> style=3D'font-size:12.0pt;font-family:
> "Times New Roman","serif"'><o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:12.0pt;font-family:"Times New =
> Roman","serif"'>&nbsp;<o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>Thanks<br>
> CoD-4.ru</span><span lang=3DEN-US =
> style=3D'font-size:12.0pt;font-family:"Times New =
> Roman","serif"'><o:p></o:p></span></p>
>
> </div>
>
> <div>
>
> <p class=3DMsoNormal><span lang=3DEN-US =
> style=3D'font-size:12.0pt;font-family:"Times New =
> Roman","serif"'>&nbsp;<o:p></o:p></span></p>
>
> </div>
>
> </blockquote>
>
> </div>
>
> </body>
>
> </html>
>
> =0D=0A=0D=0A
>

More information about the Cod mailing list