<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Bump on the rules, however I am trying to use serverark and i'm
getting this:<br>
<br>
# ./serverark -d<br>
./serverark: error while loading shared libraries: libpcap.so.0.8:
cannot open shared object file: No such file or directory<br>
<br>
# locate libpcap<br>
/usr/lib64/libpcap.so.1<br>
/usr/lib64/libpcap.so.1.0.0<br>
/usr/share/doc/libpcap-1.0.0<br>
<br>
# uname -a<br>
Linux game1.frag-live.com 2.6.32-220.4.2.el6.x86_64 #1 SMP Tue Feb
14 04:00:16 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux<br>
<br>
<br>
Best Regards,<br>
<br>
Daniel "mavrick" Lang<br>
<br>
<br>
On 23/02/12 6:34 AM, escaped turkey wrote:
<blockquote cite="mid:3397888066543348818@unknownmsgid" type="cite">
<div>Can you repost those rules please? </div>
<div><br>
</div>
<div>Thank you. :)<br>
<br>
<div>EscapedTurkey Billing and Support</div>
<a moz-do-not-send="true"
href="https://escapedturkey.com/helpdesk">https://escapedturkey.com/helpdesk</a></div>
<div><br>
On Feb 22, 2012, at 3:26 PM, Marco Padovan <<a
moz-do-not-send="true" href="mailto:evcz@evcz.tk">evcz@evcz.tk</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<font size="-1"><font face="Verdana">I still don't know why
people do not use the rules you posted a few weeks ago
that should do everything by themself :|</font></font><br>
<br>
Il 22/02/2012 19:29, John ha scritto:
<blockquote cite="mid:4F4533F8.5010909@nuclearfallout.net"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
The comments on the tool say this:<br>
<br>
* So how does it work? Very simply, it captures one second
of<br>
* UDP frames every minute directly from the kernel, via the
pcap<br>
* interface (the same one tcpdump uses). It then analyzes
only those<br>
* UDP frames targeted to a port on which a game server is
running.<br>
* It then tallies all the different IP addresses (one for
each "player"),<br>
* and if there are "too many" packets for the IP, it uses
iptables to<br>
* tell the kernel to drop those packets, so they never make
it to the<br>
* game server itself. This effectively blocks the attack
from affecting<br>
* the current players on the server. See the
serverark.conf file for<br>
* more information.<br>
<br>
This will help with specific types of attacks, but if you
are the target of a distributed flood, you could see quite a
few iptables rules created. For performance reasons, the
author should consider switching to the "ipset" module and
tools, with a single iptables rule. (By default, I see that
it limits the number of blocked IPs to 128, so it's meant
for small attacks.)<br>
<br>
The tool will also unfortunately not help against attacks
involving randomized, spoofed IPs, which are a significant
percentage of the ones we see. For that type of attack,
traffic will need to be manually analyzed.<br>
<br>
-John<br>
<br>
<br>
On 2/22/2012 9:36 AM, Geoff Goas wrote:
<blockquote
cite="mid:CAB8_Cq+mDE1qtHOh0dhAE0kYM7ExFOfC2ZDx6CuDH_LPL9XS-A@mail.gmail.com"
type="cite">Has anyone tried this yet?<br>
<br>
I just got hit with a bandwidth overage fee on my dedi,
further investigation shows my CoD2 servers are being used
for these reflection attacks... sigh.<br>
<br>
<div class="gmail_quote">On Tue, Feb 21, 2012 at 1:25 PM,
escapedturkey <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:escapedturkey@escapedturkey.com">escapedturkey@escapedturkey.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I
was given permission by the developer to share this
program that he has been developing.<br>
<br>
It supposedly stops spam kind of attacks against
servers -- specifically for Jedi Academy. I am curious
if it helps for other games too.<br>
<br>
# ServerArk (C) 2011 Boyd G. Gafford Ph.D.<br>
<br>
"# A UDP flood attack analyzer and adaptive blocker
for gaming servers."<br>
<br>
<a moz-do-not-send="true"
href="http://elitewarriors.net/serverark/serverark_0.93.zip"
target="_blank">http://elitewarriors.net/serverark/serverark_0.93.zip</a><br>
<br>
<br>
<br>
_______________________________________________<br>
cod mailing list<br>
<a moz-do-not-send="true"
href="mailto:cod@icculus.org">cod@icculus.org</a><br>
<a moz-do-not-send="true"
href="http://icculus.org/mailman/listinfo/cod"
target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<i><b><font size="1"><span
style="font-family:tahoma,sans-serif">Geoff Goas</span><br
style="font-family:tahoma,sans-serif">
<span style="font-family:tahoma,sans-serif">Systems
Engineer</span></font></b></i><br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>cod mailing list</span><br>
<span><a moz-do-not-send="true" href="mailto:cod@icculus.org">cod@icculus.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
cod mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
</body>
</html>