Newbie Spellweaver
- Joined
- Jun 21, 2020
- Messages
- 61
- Reaction score
- 35
Protection against OOG attacks based on iptables:
First of all, we create the firewall script rules, you can name it as you wish.
With this rule, we record all game packages from port 29000 in sizes from 500 to 65535 bytes.
With these rules, we block the user if the server received from him more than 100 packets of size 500 - 65535 bytes in 1 second on the 29000 (game) port.
With these rules, we block users who send more than 3 packets in 15 seconds to port 29000. SIZE - packet size in bytes.
How to track packet size in bytes?
After the first rule, where we log all the game packages, you can see them in the / var / log / syslog file or with the dmesg command in the server console.
When an attack goes on, syslog will have many identical packets in a short time.
In the example above, the packet size is 'LEN = 547'.
With OOG protection sorted out. Let's move on to other ways to compete with NewDestiny.
Brutus accounts. Everything is completely simple here:
#block brute force login
With this rule, we block the user's IP for 30 seconds if he made more than 3 requests to connect to port 29000.
Hacking server protection recommendations:
We prefer fair competition, we do not have time and extra finance for attacks. Do not mess with these people, it can end badly.
Source:
First of all, we create the firewall script rules, you can name it as you wish.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -j LOG --log-prefix "PW"[/COLOR]
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -m recent --name packets --set
[/COLOR][COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -m recent --name packets --update --seconds 1 --hitcount 100 -j REJECT[/COLOR]
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length SIZE -m recent --name packet1 --set[/COLOR]
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length SIZE -m recent --name packet1 --update --seconds 15 --hitcount 3 -j REJECT[/COLOR]
How to track packet size in bytes?
After the first rule, where we log all the game packages, you can see them in the / var / log / syslog file or with the dmesg command in the server console.
When an attack goes on, syslog will have many identical packets in a short time.
Code:
[COLOR=#90959A][68003.357231] PW IN=ipip1 OUT= MAC= SRC=USER IP ADRESS DST=*.*.*.* LEN=547 TOS=0x00 PREC=0x00 TTL=241 ID=13328 DF PROTO=TCP SPT=22511 DPT=63947 WINDOW=254 RES=0x00 ACK PSH URGP=0[/COLOR]
With OOG protection sorted out. Let's move on to other ways to compete with NewDestiny.
Brutus accounts. Everything is completely simple here:
#block brute force login
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m conntrack --ctstate NEW -m recent --name brute --set
[/COLOR][COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m conntrack --ctstate NEW -m recent --name brute --update --seconds 30 --hitcount 3 -j REJECT[/COLOR]
Hacking server protection recommendations:
- Make a complete restriction on ports other than gaming through iptables.
- Make a connection to the server using ssh key (s) with a code word.Use the latest versions of mysql, apache2 and other important packages.
- After loading through OOG, use logrotate, otherwise, when backing up the logs, the RAM of your server will be fully used. This may be a consequence of hacking.
- Do not use third-party software on the game server.
- Use a non-standard player password filter. For several hours on our authorization there were over 50,000 invalid authorization attempts. 30% of our players matched usernames from these username / password pairs.
We prefer fair competition, we do not have time and extra finance for attacks. Do not mess with these people, it can end badly.
Source:
You must be registered to see links