[cod] ddos attack on port 28960

David B davidb at silva-hosting.com
Mon Aug 18 17:58:16 EDT 2008 

Hey all,
While DDoS's suck, theres not much one can do. DDoS's are from multiple 
IP's and many infected computers/servers.
The best thing is to either null the IP being attack (which looks like 
this is the case) or have the ISP's black it from BGP or from a higher link.
UDP DDoS are hard to stop and may never stop.

I have been attacked on many occasions for no reason on my servers via 
the steam Half-Life UDP port.

Logging IPs on your machine may help catch the people and block them, 
but I wouldn't even bother blocking them on the machine or local 
firewall level as the traffic still gets through.

Just grin and bare it for the time being, when its stopped change your 
IP and change the game port setup some port blocking on a firewall to 
help stop excess listening traffic (you can do this via IP Tables).

Thanks.

Cheetah wrote:
> >How do you know it’s a 600mbit … do you know the guy ?
> Higher provider has told to me.
>
>     ----- Original Message -----
>     *From:* tommii <mailto:mailinglist at z-grounds.com>
>     *To:* cod at icculus.org <mailto:cod at icculus.org>
>     *Sent:* Tuesday, August 19, 2008 12:47 AM
>     *Subject:* RE: [cod] ddos attack on port 28960
>
>     How do you know it’s a 600mbit … do you know the guy ?
>
>     But yeah Gatekeeper is right. Write down the IP, grad the log
>     files and mail your and his ISP.
>
>     *From:* GateKeeperLL [mailto:gatekeeper at linkslobby.com]
>     *Sent:* maandag 18 augustus 2008 22:38
>     *To:* cod at icculus.org <mailto:cod at icculus.org>
>     *Subject:* Re: [cod] ddos attack on port 28960
>
>     if it is ddos, you are right it is probably coming from a shell...
>     but still my method allows the ISP to shut down the connection...
>     again if it is a 600mbit ddos attack... and you are probably
>     correct in the assumption that it is a disgruntled killer that was
>     on the server... i deal with this crap all day lol... cheerz... g8
>
>         ----- Original Message -----
>
>         *From:* tommii | Mailinglist <mailto:mailinglist at z-grounds.com>
>
>         *To:* cod at icculus.org <mailto:cod at icculus.org>
>
>         *Sent:* Monday, August 18, 2008 2:32 PM
>
>         *Subject:* RE: [cod] ddos attack on port 28960
>
>         I think this won’t help.
>
>         Did you make somebody mad on your server or did you ban
>         somebody after a fight ?
>
>         Because this guy is not sending this DDoS from his own pc.
>
>         How did you figure it’s a ddos ? did your server go down ?
>
>         Tom
>
>         *From:* GateKeeperLL [mailto:gatekeeper at linkslobby.com]
>         *Sent:* maandag 18 augustus 2008 22:28
>         *To:* cod at icculus.org
>         *Subject:* Re: [cod] ddos attack on port 28960
>
>         trace what ip it is coming from, or block of ip's, whois and
>         find the isp, search your mp logs and see if the offending ip
>         has been on your server... if he/she has, document the user
>         name, document when the attacks take place and send all this
>         info to the offending ip's ISP for action... cheerz g8
>
>             ----- Original Message -----
>
>             *From:* Cheetah <mailto:cheetah at nm.ru>
>
>             *To:* cod at icculus.org <mailto:cod at icculus.org>
>
>             *Sent:* Monday, August 18, 2008 2:09 PM
>
>             *Subject:* [cod] ddos attack on port 28960
>
>             Hey guys, sorry for my english...
>             Already second time my servers (server.cod-4.ru) under
>             ddos attacks (600mbit). Server are running on linux gentoo
>             and with your linux bin
>             (cod4-linux-server-06282008.tar.bz2). Attacks go to only
>             28960 port.
>             Have you any ideas?
>
>             Thanks
>             CoD-4.ru
>

More information about the Cod mailing list