[ArchfiendMarmot]

Recently, my TF2 server has been a target of many DDoS attacks, in fact once a day for the past 4 consecutive days as soon as my server starts filling. Before the most recent one I installed the DDoS Attack Fixer Plugin. It must have been properly installed because it shows up when I use the plugin_print command, as well as the daf_status command in console. Despite this, another successful DDoS attack plagued my server today (causing an immense amount of lag for a while before the eventual crash). When my server came back up hours later, I checked the daf_status to see if it at least caught an IP, but not only did it not prevent the attack, it also didn't log any banned IP's.

Is this a common issue? One would assume that due to all of this, it isn't even a DDoS. My service provider, counter-strike.com, informed me and insisted that it was, in fact, a DDoS attack every time (though saying they couldn't do anything about it). It also seems likely due to my new server having broken off from my old server, from which I took many regulars (it could be one of them getting revenge) and the fact that it only occurs when my server starts to fill (it works fine in a 7v7-8v8+ environment for a while, then starts to screw up).

[Drunken F00l]

DAF is not meant to prevent all types of attacks. Perhaps it was something different. Do you know anything about it? Do you have a packet capture?

[ArchfiendMarmot]

Since it is on a remote computer in Chicago, I don't know how to perform a packet capture. Is there a way that I could go about doing this?

[Drunken F00l]

Use something like tcpdump if you have a linux box or wireshark if it's windows.

[ArchfiendMarmot]

I hate to ask for more help considering this isn't a forum for Wireshark, but having gone through the user's manual and inputting what I believe to be the correct information, it returns with, "Can't get list of interfaces: The other host terminated the connection." Is this due to an issue with the server or am I just doing something wrong?

[Drunken F00l]

Wireshark would have to be installed on the server, or at least libpcap. You'll need admin privileges. If you don't have that, then I can't really help, sorry.

[ArchfiendMarmot]

I do have admin privileges, but I didn't know that I had to do that. How exactly would I go about downloading it, through FTP?

[Drunken F00l]

You misunderstand. You'll need a Windows account on that machine you can login to over RDP that is part of the administrator group. You cannot install libpcap or wireshark over FTP.

[ArchfiendMarmot]

Oh okay, I was unsure because I didn't think I could even install Wireshark over FTP.

Are there any further details I can give though to shed some more light on the issue without a packet capture, or is that the extent of the help I can get?

[DataStorm]

finding help for other programs is better find at resources dedicated to those I guess.