[Krueger]

Hey guys.

Im hoping someone here may be able to help me.
I hav just started receiving ddos, or dos attacks on my server recently, The guys a relentless, My servers run 38 slots and the attackers wait till they are full.
Here is my deal I have installed daf. I am luck enough to have a copy of the dos atack programme that they use to attack. (long story on how i got it)
To test, I run an attack on my server and it still lags way up to 300 ping.
I stop the attack and then check daf_status.
I see my IP has been picked up as doing an attack, but nothing stops me from doing another attack.
It shows as IP blocked, but I can still attack.
I dont understand how this is stopping my server from being attacked.
Surely it should ban the ip from any connecting.

Any ideas

F. krueger

[Krueger]

Me again, sorry, and why are the attacks getting through in the first place?

Is there any way to tell what sort of ddos atack this is?

[OmegaZero_Alpha]

Maybe you are being hit with a DoS L2. Are you using any other anti-DoS programs that could compound with DF's and cause a problem?

What program are they using, exactly?

[Drunken F00l]

It's not going to make the attacker's computer explode or anything like that to stop the attack. The plugin just prevents it from affecting your server.

[Krueger]

OmegaZero_Alpha Posted: Wed Feb 10, 2010 10:30 pm Post subject:

--------------------------------------------------------------------------------

Maybe you are being hit with a DoS L2. Are you using any other anti-DoS programs that could compound with DF's and cause a problem?

What program are they using, exactly?

Im using zBlock aswell, only because I was just running Daf and the server was still crashed many times.
What is this DoS L2 your talking about?
I have the prog that they attack with and I can run attacks, for testing.
Is ther any way to find out what type of attack this program does?
I have tried googling its name (Einstellungen) You insert ip and It has an intervall and menge slider.

Drunken_F00l Posted: Thu Feb 11, 2010 3:17 am Post subject:

--------------------------------------------------------------------------------

It's not going to make the attacker's computer explode or anything like that to stop the attack. The plugin just prevents it from affecting your server.

Yea Im not expecting their computer to explode, but I was expecting it to ban their ip and also keep the server playable.
Which its not,
When runninig tyhe combination of the two programms Zblock and Daf, I am now unable to crash the server, yes it lags like and its not playable, but no I can not crash it, So if thats all I shouold be expecting thats great,
But running Daf alone, it is still eaisly crashed.

F. Krueger

[Drunken F00l]

Daf is not the global solution to all attacks. It is specialized for a few different types of attacks inlcuding spamming empty UDP packets and spamming A2C_PRINT messages. Other than that, it will probably not help you.

[OmegaZero_Alpha]

Im using zBlock aswell, only because I was just running Daf and the server was still crashed many times.
What is this DoS L2 your talking about?
I have the prog that they attack with and I can run attacks, for testing.
Is ther any way to find out what type of attack this program does?
I have tried googling its name (Einstellungen) You insert ip and It has an intervall and menge slider.

DoS L2 is when they exploit problems that can be created by causing two firewalls/anti-dos programs to conflict.

The program seems like a german version of Low Orbit Ion Cannon, Einstellungen is german computer-speak for 'prefrences', menge is 'size' referring to the packet-size and intervall is 'interval', or how often it sends packets.

I think that the thing you are forgetting is that no amount of security can stop you from DDoS'ing yourself.

[Fearts]

I am having the same issue as the OP. I have the same program that was given to me by a friend to test if the blocker was working correctly. I had this on my other servers and it would log anyone trying to use the program on the server and block them. Now however I have a new server running and it is logging the IPs but not blocking the attack from the same program (one mentioned by OP).

Any Ideas how to fix this?