<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6001.18099" name=GENERATOR>
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page Section1 {size: 612.0pt 792.0pt; margin: 70.85pt 70.85pt 70.85pt 70.85pt; }
P.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
LI.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
DIV.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal
}
SPAN.EmailStyle18 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=NL vLink=purple link=blue bgColor=white>
<DIV><FONT face=Arial size=2>if it is ddos, you are right it is probably coming
from a shell... but still my method allows the ISP to shut down the
connection... again if it is a 600mbit ddos attack... and you are probably
correct in the assumption that it is a disgruntled killer that was on the
server... i deal with this crap all day lol... cheerz... g8</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=mailinglist@z-grounds.com
href="mailto:mailinglist@z-grounds.com">tommii | Mailinglist</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=cod@icculus.org
href="mailto:cod@icculus.org">cod@icculus.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, August 18, 2008 2:32
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [cod] ddos attack on port
28960</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN lang=EN-US style="COLOR: #1f497d">I think this won’t
help.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US style="COLOR: #1f497d">Did you make
somebody mad on your server or did you ban somebody after a fight
?<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US
style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US style="COLOR: #1f497d">Because this guy is
not sending this DDoS from his own pc.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US style="COLOR: #1f497d">How did you figure
it’s a ddos ? did your server go down ?<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US
style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US
style="COLOR: #1f497d">Tom<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
GateKeeperLL [mailto:gatekeeper@linkslobby.com] <BR><B>Sent:</B> maandag 18
augustus 2008 22:28<BR><B>To:</B> cod@icculus.org<BR><B>Subject:</B> Re: [cod]
ddos attack on port 28960<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">trace what ip it is
coming from, or block of ip's, whois and find the isp, search your mp logs and
see if the offending ip has been on your server... if he/she has, document the
user name, document when the attacks take place and send all this info to the
offending ip's ISP for action... cheerz g8</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P></DIV>
<BLOCKQUOTE
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0cm; MARGIN: 5pt 0cm 5pt 3.75pt; BORDER-LEFT: black 1.5pt solid; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none">
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">----- Original
Message ----- <o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal style="BACKGROUND: #e4e4e4"><B><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">From:</SPAN></B><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"> <A
title=cheetah@nm.ru href="mailto:cheetah@nm.ru">Cheetah</A>
<o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><B><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">To:</SPAN></B><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"> <A
title=cod@icculus.org href="mailto:cod@icculus.org">cod@icculus.org</A>
<o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><B><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Sent:</SPAN></B><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">
Monday, August 18, 2008 2:09 PM<o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><B><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Subject:</SPAN></B><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"> [cod]
ddos attack on port 28960<o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p> </o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Hey guys, sorry
for my english...<BR>Already second time my servers (server.cod-4.ru) under
ddos attacks (600mbit). Server are running on linux gentoo and with your
linux bin (cod4-linux-server-06282008.tar.bz2). Attacks go to only 28960
port.<BR>Have you any ideas?</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Thanks<BR>CoD-4.ru</SPAN><SPAN
lang=EN-US
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN lang=EN-US
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV></BLOCKQUOTE></DIV></BLOCKQUOTE></BODY></HTML>