Author Topic: PSA: Several servers are being DDoS attacked by a botnet. (Read 28099 times)

Rolfey95 · August 31, 2017, 10:00:36 PM

Quote from: Rolfey95 on August 31, 2017, 09:58:32 PM

Oh wait you ment ports not BLID's.
****
Disregard what I said previously.

Ad Bot · Advertisement

Rolfey95 · August 31, 2017, 10:01:21 PM

I wish drama let you edit messages
:/

Mr Queeba · August 31, 2017, 10:07:13 PM

heh, badspot moved this to drama. i made this thread in general discussion because i noticed the drama thread and the other sources and decided to make a topic in general warning about the attacks for people that dont visit the drama thread and that sort of thing (and it is related to blockland as a whole), because this is pretty bad right now. servers like trogs i believe were hit recently, and only servers with ddos protection (glass hosting, theblackparrot's servers) are able to be hosted

Mr Queeba · August 31, 2017, 10:09:44 PM

noedit: when im talking about how i made this thread for those that didnt visit the drama thread, i mean for people who just generally avoid the drama board as a whole and are wondering what the hell is going on with servers right now.

The Murderous Cop · August 31, 2017, 11:13:55 PM

why is no one doing packet sniffing using wireshark or smth to see who's the primary cause

song bird · August 31, 2017, 11:31:37 PM

Quote from: The Murderous Cop on August 31, 2017, 11:13:55 PM

why is no one doing packet sniffing using wireshark or smth to see who's the primary cause

yeah just smell the packets out maybe you'll eat the IP and their starfishs to the next alien generation and figure out who the man in the mask is

song bird · August 31, 2017, 11:32:15 PM

toxicology was one of the people with satire on this forum that was actually funny

song bird · August 31, 2017, 11:58:11 PM

Quote from: song bird on August 31, 2017, 11:32:15 PM

toxicology was one of the people with satire on this forum that was actually funny

oh stuff lol sorry for the triple post but i must've been tripping out or something i meant to post this in the toxicology RIP thread

Mr Queeba · September 01, 2017, 01:02:32 AM

Quote from: The Murderous Cop on August 31, 2017, 11:13:55 PM

why is no one doing packet sniffing using wireshark or smth to see who's the primary cause

maybe someone thats hosting their server with some players on it can run it, and then when the ddos wave comes we can figure out what exactly is going on

Gytyyhgfffff · September 01, 2017, 01:12:44 AM

Quote from: The Murderous Cop on August 31, 2017, 11:13:55 PM

why is no one doing packet sniffing using wireshark or smth to see who's the primary cause

its a proper ddos so even if you did have those prograns they wouldnt tell you anything useful like who the attacker is

The Murderous Cop · September 01, 2017, 01:13:16 AM

Quote from: Gytyyhgfffff on September 01, 2017, 01:12:44 AM

its a proper ddos so even if you did have those prograns they wouldnt tell you anything useful like who the attacker is

damn :[

AutoBahn · September 01, 2017, 02:09:00 AM

UDP port 111 DDoS attacks are a rudimentary attempt at reflective amplification, since it's the portmapper service port for Linux boxes(in other words, it acts as a 411 for a Linux PC's ports by compiling a list, which takes up CPU).
http://www.securityweek.com/rpc-portmapper-abused-ddos-attack-reflection-amplification

also in relation to passwording your server to attempt to stop DDoS attacks, it's plausible, but unlikely. All anyone has to do to find your IP is to try to connect iirc, so that's how they're getting IPs, but i can't remember if passwording your server hides the actual IP connection dialog behind the password check or not (or if that even matters).

Trogtor · September 01, 2017, 02:11:09 AM

Quote from: AutoBahn on September 01, 2017, 02:09:00 AM

UDP port 111 DDoS attacks are a rudimentary attempt at reflective amplification, since it's the portmapper service port for Linux boxes(in other words, it acts as a 411 for a Linux PC's ports by compiling a list, which takes up CPU).
http://www.securityweek.com/rpc-portmapper-abused-ddos-attack-reflection-amplification

also in relation to passwording your server to attempt to stop DDoS attacks, it's plausible, but unlikely. All anyone has to do to find your IP is to try to connect iirc, so that's how they're getting IPs, but i can't remember if passwording your server hides the actual IP connection dialog behind the password check or not (or if that even matters).

Quote from: Frankie² on August 31, 2017, 09:13:53 PM

http://master2.blockland.us/
its already public information dude

unfortunately, no it doesn't

AutoBahn · September 01, 2017, 02:15:48 AM

Quote from: Trogtor on September 01, 2017, 02:11:09 AM

unfortunately, no it doesn't

yeah i kind of figured. i think connection attempts are also viewable in console which was why I wasn't sure to begin with. I'm fuzzy when it comes to my knowledge on this stuff anyway since I haven't touched the game in a while

Pecon · September 01, 2017, 02:38:25 AM

Quote from: AutoBahn on September 01, 2017, 02:15:48 AM

yeah i kind of figured. i think connection attempts are also viewable in console which was why I wasn't sure to begin with. I'm fuzzy when it comes to my knowledge on this stuff anyway since I haven't touched the game in a while

It wouldn't matter either way. To connect to a server you have to know the IP address, so somewhere along the way the game has to find it from a directory or matchmaking service. It's trivial to find server IP's because those servers literally have to advertise their IP in order to enable anyone connecting to them.