- 0
-
Recently Browsing 0 members
- No registered users viewing this page.
-
Activity
-
7
Viable protections against Layer7 attacks on servers
Such attack is normally too weak to bring any server down. The problem most likely lies elsewhere. Please provide the output of ifconfig and specifically, there's something to consider since you are running off a virtual machine: [Hidden Content] You should also disable pf and see what happens then. Does the attack still bring the channel down? If not, then your problem is with VirtIO. If yes, I suggest you follow this tutorial by Papix which is actually a pretty good idea: Otherwise you can contact me on Discord if you want me to have a look at it myself for a small fee. -
20
-
5
-
7
Viable protections against Layer7 attacks on servers
Running a layer7 attack via a public stresser, using a method called "HTTP-SOCKET", which is spamming GET requests to [Hidden Content] with 30 requests per ip, using around 2k ips with random geolocation. Here's my pf conf: # This is a minimalistic configuration with basic rate limiting # Change the value to reflect your public interface. You can see this with ifconfig. ext_if="vtnet0" # Ports used for services (ssh, http, https) service_ports="{ 22, 3306 }" # Ports game_ports="{20076, 20083, 20081, 20079, 20077 }" auth_ports="{20085}" icmp_types = "{ echoreq, unreach }" # table for abusive_hosts = Block IP´s. table <abusive_hosts> persist file "/usr/home/game/Firewall/abusive_hosts" # IP addresses that should override the firewall rules, such as your web server. table <whitelist> const { 127.0.0.1 } martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 255.255.255.255/32 \ ::/128 ::1/128 ::ffff:0:0/96 ::/96 100::/64 \ 2001:10::/28 2001:db8::/32 fc00::/7 fe80::/10 \ fec0::/10 ff00::/8 }" set block-policy drop set limit { states 100000, frags 20000, src-nodes 100000, table-entries 200000 } set loginterface $ext_if set skip on lo scrub on $ext_if reassemble tcp no-df random-id antispoof quick for { lo0 $ext_if } block in block in quick from <abusive_hosts> # Drop all Non-Routable Addresses block drop in quick on $ext_if from $martians to any block drop out quick on $ext_if from any to $martians pass out all keep state pass out on $ext_if all modulate state # Allow ping pass inet proto icmp all icmp-type $icmp_types keep state # Rate limits pass in on $ext_if proto tcp to any port $service_ports flags S/SA synproxy state \ (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush global) pass in on $ext_if proto tcp to any port $game_ports flags S/SA synproxy state \ (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush global) pass in on $ext_if proto tcp to any port $auth_ports flags S/SA synproxy state \ (max-src-conn 30, max-src-conn-rate 15/3, overload <abusive_hosts> flush global) pass in quick from <whitelist> -
7
Viable protections against Layer7 attacks on servers
What sort of attack are you running and what is your pf.conf? -
7
Viable protections against Layer7 attacks on servers
Sorry, here's the tcpdump using your arguments & the port of the attacked channel. (tcpdump -i vtnet0 -n -vvv port 20085 in my case) [Hidden Content] And here is the tcpdump for every port besides the one of my ssh (in my case is 22 since it's a test server) [Hidden Content]- 1
-
-
7
Viable protections against Layer7 attacks on servers
Please use the -n option and exclude the ssh port. Otherwise the dump isn't useful. tcpdump -i vtnet0 -n -vvv port not <your ssh port number>- 1
-
-
7
Viable protections against Layer7 attacks on servers
I have direct access to the stresser and can always test it, I tried to block it myself but unfortunately failed. I even tried to install nginx & deny all connections but that didn't worked LOL. The attack is simply sending requests to [Hidden Content] where the ip is of course, the server's ip and the port being either a channel or the auth, won't matter as it will completely break the whole auth. Here's a tcpdump (using tcpdump -i vtnet0 tcp) log while attacking for 5 minutes: [Hidden Content] (pastebin alternative cuz the text is way longer then 500kb) -
946
[40250] Reference Serverfile + Client + Src [15 Available Languages]
Thanx for your sharing i`ll try it
-
Question
Tony 1
Hello, I did not find this file.
Can you give me more information. Where is/ + name
Link to comment
Share on other sites
Top Posters For This Question
2
1
1
Popular Days
May 24
3
May 23
1
Top Posters For This Question
Tony 2 posts
Denis 1 post
metin2team 1 post
Popular Days
May 24 2014
3 posts
May 23 2014
1 post
Popular Posts
metin2team
locale/xx/inventorywindow.py find this ## Equipment Slot you will find an image .tga or .dds that image is the one.
3 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now