I'd like to suggest that server matrix not allow any "clan", "gaming" or other type of servers that create higher network loads and push the boundaries of the network. Too many problems, and too many kids fighting DOSes, and causing all kinds of little issues. It takes away from the professionalism.

Just a thought.

There are a few people that cause problems, but removing "support" for that would never work. These are dedicated servers what people choose to do with them is their business as long as it is legal.

Take Care,
Dave

Sorry ink, but SM would lose about half its business if it were to do something like this. The networks are looking like they aren't even at 60% usage. I was able to push 40mbit for five hours the other day on my media server. I have never hit 2mbit with any of my gaming servers. The fact is web and media servers are a lot more prone to attacks as well as use more bandwidth. Can't go banning web servers now can you?

maybe give the game servers, more protection. Like FloodGaurd and a free basic firewall, I dunno but it sucks when your server goes down and it's not because of you it's because of someone on your network got DDOS.

Forgive me, but I have to say it. This is the stupidest suggestion I've ever heard. (Talking about parent post, about banning game related servers).

My Xeon is pushing minimum 200k/sec 24/7...Sometimes it works itself up to 700k/sec tops. If you have ever played games, or ever used "The All Seeing Eye" (a program for listing game servers) you'd notice about 60% of the servers listed are hosted by SM/TP. I really REALLY doubt they want to stop game server support

theres a great deal of "Us" out there that know what we are doing...

exactly

Thats what happened when DCs made the mistake of not allowing IRC, they lost tons of customers. Hey guess what? Websites are subjected to DOS attacks, I guess SM better make sure that the customers cannot run websites...

Oh wait a minute.. any internet program is subjected to DOS attacks, oh my! There goes SM because it cannot allow any internet programs on any of their servers... oh well, there goes the internet..


See how absurd that is? heh. Its bad enough that most DCs, SM included, have already started on that path... we'll just have to wait and see how far they are willing to go down that path.

<sarcasm>Hey maybe they should require a Linux+ or RHCE in order to rent a server?</sarcasm>

Great suggestion.
Perhaps we should ban download sites as well as they hog network resources.
No more shoutcasts, no high traffic sites.

Oh wait, you were only joking right?

IRC servers are more prone to DDoS than a standard webserver.

Excuse my ignorance, but I'm curious ..

1/ There seems to be a perception that gameservers are targeted for attacks more often than other types of internet-facing servers -- true or false?
2/ If it's true, what are some of the reasons for the "extra" attention that gameservers receive from attackers? If it's false, why does this perception exist?

Thanks

the actual game server does get hacked quite often but there are so many of them and normally its not the actual hacknig of the system its more of the actual game server its self so all they are doing is getting say the Rcon and then turning it into there own server but then all you do is reset server and chaneg the rcon in the config file. No big deal really

That is a known myth, but nice try

Anything that interacts with kids who have more racing hormones than brains is a viable target

I've had more IRC servers attacked than webservers (and I've managed a hell of a lot more webservers then IRC servers )

Get intouch with a datacenter that allows IRC and ask them what is their ratio of IRC servers to webservers is, then ask them which is the main target of DoS they receive

Usually ddos attacks are because you piss some one off. Its not because of something you run or something like that. Randomly someone will ddos something or someone for a laugh, not usually targeted at servers when that happens. Servers usually only when provoked in some way. Except for a irc server. So many users on a irc server may decide to piss another random user off and thats how irc ddos attacks sometimes start, so I can see why ircd servers arent allowed on alot of dedicated providers. Most ddoser's use irc because thats how they control with bots. A very big reason irc is so targeted. Gaming servers are usually only a target by a cheater that gets banned or someone that gets kicked even for a good reason. Most wont even bother or dont even know how to originate a ddos attack when banned or kicked from a game server. This is one of the most rediculous things I have ever heard. Do you realize how many people run gaming servers on their dedicated server besides maybe a website or something. And hugde loss of buisness for really no reason, but some assumption that is false.

I have a feel the thread started was just trolling.

I have run IRC networks for over five years, and there is no myth about it. From irc.msn.com, cyberarmy.com, unernet, dalnet, and the half dozen or so smaller networks that I have either run or been a part of, DDoS is frequent and painful. The pure fact of the matter is that script kiddies like IRC and tend to hang out on it. They then notice that if they wanna test out their l33t skills, taking an IRC network down is a gratifying method to do so. They not only get to have some fun, but they get to see the results in realtime.

Of course, I have personally been DDoS'ed about as many times as my IRC networks have been, which makes me a bit jumpy on this topic.

Oh, and it doesn't help that many of the programs that are installed on compromised boxes report back in an IRC channel, and even receive instructions the same way. bot attack xxx.xxx.xxx.xxx <-- easy as pie.

Question... I'm assuming that you have control over the IRC server side... can't you filter or detect such traffic? If you know where the bots hang out, then you could disrupt their communications and/or (ideally) warn the people whose machines have been compromised.

Oh, I just got an idea... sometimes I a problem I see is that I know a box is compromised, but it's a pain to actually warn those people if I only know the IP. There is this annoying popup method thanks to messaging functions in windows... perhaps it can be used to make some popups like "Your machine is compromised - FIX IT!" ;-)

Sometimes the only way to filter the traffic is have all of the ip's doing an attack dropped before it reaches the machine. Ive seen a ircop on etg network gline about 800 bots.. Problem was when he done that. They repeatedly tried to reconnect to the network and all of them was getting disconnected saying glined. All of them took up so much data/sec the entier network was lagged. This is usually worse then a ping or udp attack is they do it correcly launching multiple connections to a irc server from each bot not just one. Eventually they got it filterd out before it connected to any of their boxes. As to kwowing where they are on irc. If you run the server. It isnt hard to find them depending on the type of services the server uses.

Ok, this is funny., I know for a fact that alot of DOS attacks are done by terrorists who pick a site a random and DOS it to hell, not to mention anything that's related to that site. This can be game servers, IRCs and such. I know in past history IRC servers were more prone to these random DOS attacks due to it being one of the oldest "products" and "method of communication" around. But that's pretty much the only reason.

Now I understand that there are terrorists out there who just attack IRC servers. Either way, these terrorist need to be tortured for a very long time, not to mention skinned alive, then killed. But that's another story...

The ratio of IRC servers to other products may be quite high, even though I've experienced the exact opposite. *shrugs*

ROTF

Heh, that part I was entirely serious about. If there was a way to do so, illegally or legally, U bet I would be more then happy to have that happen.

Wouldn't this be a situation where a firewall would be useful? Just kick out the traffic at the border - don't bother sending a 'gline', etc. It's kind of silly that even if you know the non-spoofed ips of the attacking machines, you'd still be powerless to keep them off your network.

Being the recipient of a DoS attack myself, I can certainly sympathize with you, but isn't what you are proposing going a little far? Don't forget that we - the peaceful/constructive/etc - people shouldn't stoop to the same level or, in this case, below their level.

I am not a operator of the network personally. With a load of them. I whould block them with a firewall before a gline. Gline they still get through and make you transfer data back through irc helping them really. I didnt have any control over what they done or how they handled it.

It's not an easy task, if at all possible. The types of DDoS attacks can be as simple as a few thousand bots connecting to your network, to just a few thousand bots sending traffic to you at high rates. The former is actually harder to deal with in my opinion as there is no easy way to remove/bn hundreds, or thousands, of hosts. This is even more fun when they come onto the network under randomly generated usernames, and are all from different IPs/hosts along with different idents.

I don't like professional websites. Too many consultants and hype-scheisters pushing web cliche b**sh**t onto people with a pricetag attached.

That's where we differ If stooping to the same level gets the job done, then I am all for it. After all, look where the peacful/constructive/etc ideas have done... nothing

My educated guess would be that FloodGuard would be triggered if a machine sends hundreds of connection requests in a short time period, especially if all packets get dropped by the targeted server, which would be a "feedback" signal that either a) the ip got added to the machine's firewall or B) the machine is overloaded and can't handle more connections anyway.

Can anyone from SM confirm if FloodGuard does indeed stop/detect the above mentioned type of attack?

The problem is that in the DDoS scenario, we can use an analogy where everyone has a gun and the chance of getting caught is minimal. Let's say someone shoots at you; you can rightfully go after the one who did the shooting and kill that person, but in the meantime there'll be countless others who have the same capabilities. The key to a good solution is to remove the capabilities so that it'll take more than being a bored kiddie to cause major damage. However, should I meet a script kiddie or spammer in real life, there MIGHT be a chance that I'll get into a non-verbal argument ;-)

Heh, but in the USA, you cannot legally avenge the death of your family and/or friend. However, you can rightfully do so. I agree, take away the tools, but as it stands most attacks are from out of country, as is most SPAM. If the USA gov got a clue and start blocking whole countries (as well as internal ISPs, then you bet we would be seeing a lot less attacks and spam.

If there's anything you don't want it's the ability of the US Government to regulate network traffic. They don't believe in the 1st Amendment, their first action would be to start censoring.

FloodGuard wouldn't need to stop such an attack, as there should not be any IRC servers running here at SM.

That type of attack (i.e. making connections over and over) is not limited to IRC. It can just as well be done against a web server. I've seen a thread in this forum exactly about such an attack, where the target got high traffic simply because of all the bounced connection attempts.

GOD DAMN, has he ever heard of Zline?

I love how we have so many gamers and provide support for game servers. I was told in a meeting by upper management once that "if you can please the gamers then you can please anybody". I've worked for companies before that have told me to not provide any support if gaming is even mentioned. Save your efforts for "real" businesses, right? It's refreshing that there's none of that here.

FWIW I run a few game servers and game related web servers and none have had a hack attempt or DDoS (that I've noticed).

From a gamer to the OP.

I believe you just got pwned by more than a dozen people. Frag on my friends.

And Kevin is dead on. Gamers drive the hardware market, gamers drive the software market. If it wasn't for us wanting to continue to use more and more of what it is we're given, we'd all still be running Windows 3.1 with 16MB of memory. Video Cards, CPU's, Memory. When its needed first, and where it has the most direct impact is gaming.

You think your $80 video card is a $80 video card because thats what its worth. No, its because we damn the $400 cards, which drive the prices of other hardware down to a level that you'd pay. Its all relative to one another.

Do you honestly NEED a P4 2.8Ghz to run MS Office? No. Do you need it to enjoy the latest at greatest games, yes. Thats the dividing line right there.

As far as SM dropping gameservers. Wow, talk about trolling. I'd be 2 servers less they'd be hosting, and I'm small crap in this world my friend.

[/quote]GOD DAMN, has he ever heard of Zline?[/quote]

Heh. I guess not, glines killed the network for about hour - hour 1/2. Eventually they managed to block most of the ip's before they got to the network. I dont think they botherd to try doing it any other way.