FireBall
asked on
Advanced DDOS question
Hello ,
We are facing with some kind of an attack as given below also i have attached the pcap file ,
important thing is that ;
how should i block this kind of attack without blocking the real users ?
We are facing with some kind of an attack as given below also i have attached the pcap file ,
important thing is that ;
- IP addresses spoofed with our country's ISP ip addresses
- TTL has been spoofed also and the TTL values are in the range of the ip address owners - you should find and edit the same ddos on github with name VSE
- Data is a copy of real packet used on this protocol for counter strike
- Destination port is also counter's port
- checksums are correctly generated
how should i block this kind of attack without blocking the real users ?
Protokol :17 Source IP :85.104.15.177 Source Port :58061 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :9777 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.13.27.190 Source Port :55271 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :64648 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.238.142.125 Source Port :55150 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :37970 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :85.103.139.224 Source Port :52054 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :49529 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.188.118.200 Source Port :59411 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :42388 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.248.117.168 Source Port :57882 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :40576 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :95.0.160.175 Source Port :55240 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :38559 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.237.63.181 Source Port :51841 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :2804 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.191.134.61 Source Port :51644 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :53086 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.179.55.232 Source Port :50880 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :1489 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :176.41.47.82 Source Port :56764 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :45279 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :195.142.194.68 Source Port :51887 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :7573 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.165.239.64 Source Port :50482 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :20500 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.162.217.90 Source Port :55855 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :27627 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.12.79.90 Source Port :53944 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :60664 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.191.174.247 Source Port :54309 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :39995 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :195.174.176.205 Source Port :57328 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :6571 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.179.8.112 Source Port :50900 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :20512 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.179.200.118 Source Port :58847 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :28942 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.188.135.61 Source Port :57806 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :38771 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.177.102.60 Source Port :50970 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :55076 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :176.232.191.65 Source Port :50249 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :14756 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :81.212.59.161 Source Port :57496 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :58654 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.253.94.162 Source Port :55556 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :56691 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.244.154.119 Source Port :53451 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :35588 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.242.80.172 Source Port :56517 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :59315 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.182.222.35 Source Port :50883 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :31354 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :85.97.244.226 Source Port :54029 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :13787 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.173.101.238 Source Port :59953 Destination IP :213.238.166.2 Destination Port :27015 TTL :109 Paket Boyutu :51 Checksum :45166 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.167.213.65 Source Port :57227 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :19399 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.162.8.6 Source Port :51198 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :20337 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.244.215.53 Source Port :51233 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :23265 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.4.185.61 Source Port :59231 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :20378 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.250.137.216 Source Port :50518 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :43779 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.255.134.163 Source Port :59738 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :42266 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.233.170.94 Source Port :56283 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :28696 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.243.3.33 Source Port :53549 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :8698 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :85.110.45.179 Source Port :51131 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :1119 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.167.168.196 Source Port :50544 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :37471 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :212.175.250.241 Source Port :59729 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :38472 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.191.237.207 Source Port :53920 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :24296 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.244.79.143 Source Port :58745 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :50479 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.183.149.36 Source Port :58313 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :34710 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :85.105.176.44 Source Port :59243 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :33046 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :176.33.121.52 Source Port :53140 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :22097 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.181.237.175 Source Port :55390 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :15977 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :176.42.201.17 Source Port :59976 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :61351 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.250.28.209 Source Port :59484 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :61715 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.242.221.70 Source Port :56461 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :15477 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :85.109.211.66 Source Port :53993 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :29310 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :85.29.63.164 Source Port :55504 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :134 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.4.32.182 Source Port :57087 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :62578 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.6.191.117 Source Port :52748 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :33167 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.225.94.13 Source Port :53663 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :58761 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.13.118.244 Source Port :59512 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :44957 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :85.99.9.34 Source Port :59979 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :9543 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.168.56.171 Source Port :57352 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :1724 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :85.109.12.142 Source Port :56778 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :4967 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.13.120.162 Source Port :54414 Destination IP :213.238.166.2 Destination Port :27015 TTL :109 Paket Boyutu :51 Checksum :41725 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.252.147.202 Source Port :53400 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :37340 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :95.0.69.161 Source Port :58051 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :51158 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :81.214.110.164 Source Port :52470 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :57510 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :92.44.150.204 Source Port :53195 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :43859 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :176.235.12.112 Source Port :56846 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :53933 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.175.34.58 Source Port :57359 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :564 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :85.108.64.57 Source Port :51819 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :3591 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.13.100.85 Source Port :51838 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :49498 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.224.167.26 Source Port :56061 Destination IP :213.238.166.2 Destination Port :27015 TTL :109 Paket Boyutu :51 Checksum :30772 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.13.63.253 Source Port :50254 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :61395 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.15.42.124 Source Port :56585 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :60567 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.161.9.76 Source Port :57466 Destination IP :213.238.166.2 Destination Port :27015 TTL :105 Paket Boyutu :51 Checksum :13744 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.240.246.115 Source Port :53475 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :19920 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :85.96.76.101 Source Port :58238 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :51703 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.191.118.112 Source Port :59906 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :41978 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.9.70.3 Source Port :57656 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :52455 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.234.27.247 Source Port :55341 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :1566 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.184.90.42 Source Port :52987 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :56142 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :81.215.160.132 Source Port :58067 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :32253 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.254.50.217 Source Port :56819 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :59745 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :85.102.89.1 Source Port :57477 Destination IP :213.238.166.2 Destination Port :27015 TTL :110 Paket Boyutu :51 Checksum :57130 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :88.229.254.15 Source Port :54764 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :9803 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :92.44.253.102 Source Port :57267 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :13521 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :195.175.10.236 Source Port :55904 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :43568 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.183.135.181 Source Port :51089 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :53273 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :78.178.141.53 Source Port :55477 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :47482 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.15.216.33 Source Port :57907 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :14792 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.228.25.171 Source Port :51796 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :4696 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.245.149.179 Source Port :51745 Destination IP :213.238.166.2 Destination Port :27015 TTL :111 Paket Boyutu :51 Checksum :38513 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :212.174.26.132 Source Port :51057 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :39063 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.181.223.186 Source Port :53182 Destination IP :213.238.166.2 Destination Port :27015 TTL :112 Paket Boyutu :51 Checksum :20749 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :176.232.35.150 Source Port :53246 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :43710 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :88.237.246.240 Source Port :52654 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :13728 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.3.103.242 Source Port :56871 Destination IP :213.238.166.2 Destination Port :27015 TTL :103 Paket Boyutu :51 Checksum :44559 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :88.247.183.198 Source Port :54781 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :27761 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.13.238.48 Source Port :59735 Destination IP :213.238.166.2 Destination Port :27015 TTL :102 Paket Boyutu :51 Checksum :7319 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :95.4.153.164 Source Port :54517 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :41081 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.0.89.27 Source Port :57708 Destination IP :213.238.166.2 Destination Port :27015 TTL :109 Paket Boyutu :51 Checksum :46515 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.174.135.107 Source Port :52330 Destination IP :213.238.166.2 Destination Port :27015 TTL :108 Paket Boyutu :51 Checksum :45224 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :78.179.50.59 Source Port :55599 Destination IP :213.238.166.2 Destination Port :27015 TTL :107 Paket Boyutu :51 Checksum :5114 Data :FFFFFFFF71636F6E6E6563743078304135423333304500
Protokol :17 Source IP :95.10.16.46 Source Port :58850 Destination IP :213.238.166.2 Destination Port :27015 TTL :106 Paket Boyutu :51 Checksum :65041 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
Protokol :17 Source IP :195.33.213.88 Source Port :53332 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :58988 Data :FFFFFFFF71636F6E6E6563743078303044414236313000
Protokol :17 Source IP :78.187.55.86 Source Port :53874 Destination IP :213.238.166.2 Destination Port :27015 TTL :104 Paket Boyutu :51 Checksum :64168 Data :FFFFFFFF71636F6E6E6563743078304138383935423800
cs.go.pcap
If the length is 23 then pass packet up to a userland compare which rejects this packet data but no other
ASKER
But this packet is used for a connection to the game
Typical of DDoS for UDP packet floods and targeting your Stream server. Your servers is likely having the potential to be used in UDP amplification attacks if it is being exploited and become part of the botnet behind this attack. The vulnerable attack is to exploit on the Server info exchange. Some suggested defence
My quick suggestion is that you likely have to sinkhole it or increase your bandwidth, regardless it will still be flooding despite diversion, blocking etc. Bigger pipe is just a number game, you should consider DDoS Mitigation services like those from Cloudflare, Akamai, F5 Silverline or DOSArrest... see this article
The main idea was to hide the IP address, since this is the bottleneck of this kind of attacks. But you can't do it for a website, otherwise none will be able to reach it anymore. In this case, the solution has been to replace this IP address by one of a machine that is much stronger and harder to DDoS.http://steamcommunity.com/sharedfiles/filedetails/?id=261844712
This is, to keep it simple, how most of the current DDoS protections work, instead of hidding the address, we subtitute it with another one and then route the traffic to the original machine. Even better, we can replace it by several others IP addresses by using the DNS (Domain Name System) to resolve a website domain name to different IP addresses according to the location of the user. This way, a single DDoS attack involving multiple machines will actually be spread over several servers instead of one, this is load balancing.
My quick suggestion is that you likely have to sinkhole it or increase your bandwidth, regardless it will still be flooding despite diversion, blocking etc. Bigger pipe is just a number game, you should consider DDoS Mitigation services like those from Cloudflare, Akamai, F5 Silverline or DOSArrest... see this article
ASKER
Thank you but we are not limited with the Bandwith. Server has 10Gbps uplink and the attack is 300mbps, by the way. The problem is CS server listening this ports and this packets causing the crash the software because it is opening this port as a socket listener. I need to clean this traffic
Looks like more of app aware firewall and nips to do some inspection but agree it is better to check in the server end to throttle such traffic sincr the packet may not be making any sense to the service.
ASKER
we have no chance to change or add to some code to cs:go main server codes. this is a big vulnerability and there is no hand shake like tcp on udp. So we need a trick if anybody experienced some kind of ddos like this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think we need to write a proxy to filter out requests and keep the servers
Indeed. Thanks for sharing.