<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Looks like the executable is older than your pcap library.&nbsp; Just
    type the following to build the executable:<br>
    <br>
    gcc -o serverark serverark.c -lpcap<br>
    <br>
    It should compile and link successfully, and then use that
    executable.<br>
    <br>
    &nbsp; <i>Boyd</i><br>
    <div class="moz-signature"><br>
    </div>
    <br>
    On 03/12/2012 10:50 PM, Mavrick wrote:
    <blockquote cite="mid:4F5EC410.4050202@gmail.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      Bump on the rules, however I am trying to use serverark and i'm
      getting this:<br>
      <br>
      # ./serverark -d<br>
      ./serverark: error while loading shared libraries: libpcap.so.0.8:
      cannot open shared object file: No such file or directory<br>
      <br>
      # locate libpcap<br>
      /usr/lib64/libpcap.so.1<br>
      /usr/lib64/libpcap.so.1.0.0<br>
      /usr/share/doc/libpcap-1.0.0<br>
      <br>
      # uname -a<br>
      Linux game1.frag-live.com 2.6.32-220.4.2.el6.x86_64 #1 SMP Tue Feb
      14 04:00:16 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux<br>
      <br>
      <br>
      Best Regards,<br>
      <br>
      Daniel "mavrick" Lang<br>
      <br>
      <br>
      On 23/02/12 6:34 AM, escaped turkey wrote:
      <blockquote cite="mid:3397888066543348818@unknownmsgid"
        type="cite">
        <div>Can you repost those rules please?&nbsp;</div>
        <div><br>
        </div>
        <div>Thank you. :)<br>
          <br>
          <div>EscapedTurkey Billing and Support</div>
          <a moz-do-not-send="true"
            href="https://escapedturkey.com/helpdesk">https://escapedturkey.com/helpdesk</a></div>
        <div><br>
          On Feb 22, 2012, at 3:26 PM, Marco Padovan &lt;<a
            moz-do-not-send="true" href="mailto:evcz@evcz.tk">evcz@evcz.tk</a>&gt;

          wrote:<br>
          <br>
        </div>
        <blockquote type="cite">
          <div>
            <meta content="text/html; charset=ISO-8859-1"
              http-equiv="Content-Type">
            <font size="-1"><font face="Verdana">I still don't know why
                people do not use the rules you posted a few weeks ago
                that should do everything by themself :|</font></font><br>
            <br>
            Il 22/02/2012 19:29, John ha scritto:
            <blockquote cite="mid:4F4533F8.5010909@nuclearfallout.net"
              type="cite">
              <meta content="text/html; charset=ISO-8859-1"
                http-equiv="Content-Type">
              The comments on the tool say this:<br>
              <br>
              &nbsp;* So how does it work?&nbsp; Very simply, it captures one
              second of<br>
              &nbsp;* UDP frames every minute directly from the kernel, via
              the pcap<br>
              &nbsp;* interface (the same one tcpdump uses).&nbsp; It then
              analyzes only those<br>
              &nbsp;* UDP frames targeted to a port on which a game server is
              running.<br>
              &nbsp;* It then tallies all the different IP addresses (one for
              each "player"),<br>
              &nbsp;* and if there are "too many" packets for the IP, it uses
              iptables to<br>
              &nbsp;* tell the kernel to drop those packets, so they never
              make it to the<br>
              &nbsp;* game server itself. This effectively blocks the attack
              from affecting<br>
              &nbsp;* the current players on the server.&nbsp; See the
              serverark.conf file for<br>
              &nbsp;* more information.<br>
              <br>
              This will help with specific types of attacks, but if you
              are the target of a distributed flood, you could see quite
              a few iptables rules created. For performance reasons, the
              author should consider switching to the "ipset" module and
              tools, with a single iptables rule. (By default, I see
              that it limits the number of blocked IPs to 128, so it's
              meant for small attacks.)<br>
              <br>
              The tool will also unfortunately not help against attacks
              involving randomized, spoofed IPs, which are a significant
              percentage of the ones we see. For that type of attack,
              traffic will need to be manually analyzed.<br>
              <br>
              -John<br>
              <br>
              <br>
              On 2/22/2012 9:36 AM, Geoff Goas wrote:
              <blockquote
cite="mid:CAB8_Cq+mDE1qtHOh0dhAE0kYM7ExFOfC2ZDx6CuDH_LPL9XS-A@mail.gmail.com"
                type="cite">Has anyone tried this yet?<br>
                <br>
                I just got hit with a bandwidth overage fee on my dedi,
                further investigation shows my CoD2 servers are being
                used for these reflection attacks... sigh.<br>
                <br>
                <div class="gmail_quote">On Tue, Feb 21, 2012 at 1:25
                  PM, escapedturkey <span dir="ltr">&lt;<a
                      moz-do-not-send="true"
                      href="mailto:escapedturkey@escapedturkey.com">escapedturkey@escapedturkey.com</a>&gt;</span>
                  wrote:<br>
                  <blockquote class="gmail_quote" style="margin:0 0 0
                    .8ex;border-left:1px #ccc solid;padding-left:1ex">I
                    was given permission by the developer to share this
                    program that he has been developing.<br>
                    <br>
                    It supposedly stops spam kind of attacks against
                    servers -- specifically for Jedi Academy. I am
                    curious if it helps for other games too.<br>
                    <br>
                    # ServerArk (C) 2011 Boyd G. Gafford Ph.D.<br>
                    <br>
                    "# A UDP flood attack analyzer and adaptive blocker
                    for gaming servers."<br>
                    <br>
                    <a moz-do-not-send="true"
                      href="http://elitewarriors.net/serverark/serverark_0.93.zip"
                      target="_blank">http://elitewarriors.net/serverark/serverark_0.93.zip</a><br>
                    <br>
                    <br>
                    <br>
                    _______________________________________________<br>
                    cod mailing list<br>
                    <a moz-do-not-send="true"
                      href="mailto:cod@icculus.org">cod@icculus.org</a><br>
                    <a moz-do-not-send="true"
                      href="http://icculus.org/mailman/listinfo/cod"
                      target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
                    <br>
                  </blockquote>
                </div>
                <br>
                <br clear="all">
                <br>
                -- <br>
                <i><b><font size="1"><span
                        style="font-family:tahoma,sans-serif">Geoff Goas</span><br
                        style="font-family:tahoma,sans-serif">
                      <span style="font-family:tahoma,sans-serif">Systems

                        Engineer</span></font></b></i><br>
                <br>
                <br>
                <fieldset class="mimeAttachmentHeader"></fieldset>
                <br>
                <pre>_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
              </blockquote>
              <br>
              <br>
              <fieldset class="mimeAttachmentHeader"></fieldset>
              <br>
              <pre>_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
            </blockquote>
          </div>
        </blockquote>
        <blockquote type="cite">
          <div><span>_______________________________________________</span><br>
            <span>cod mailing list</span><br>
            <span><a moz-do-not-send="true"
                href="mailto:cod@icculus.org">cod@icculus.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a></span><br>
          </div>
        </blockquote>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
cod mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
    </blockquote>
  </body>
</html>