Link to home
Start Free TrialLog in
Avatar of FireBall
FireBall

asked on

Advanced DDOS question

Hello ,

We are facing with some kind of an attack as given below  also i have attached the pcap file ,

important thing is that  ;
  1. IP addresses spoofed with our country's ISP ip addresses
  2. TTL has been spoofed also and the TTL values are in the range of the ip address owners - you should find and edit the same ddos on github with name VSE
  3. Data is a copy of real packet used on this protocol for counter strike
  4. Destination port is also counter's port
  5. checksums are correctly generated

how should i block this kind of attack without blocking the real users ?



Protokol :17  Source IP :85.104.15.177  Source Port :58061  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :9777  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.13.27.190  Source Port :55271  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :64648  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.238.142.125  Source Port :55150  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :37970  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :85.103.139.224  Source Port :52054  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :49529  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.188.118.200  Source Port :59411  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :42388  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.248.117.168  Source Port :57882  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :40576  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :95.0.160.175  Source Port :55240  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :38559  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.237.63.181  Source Port :51841  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :2804  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.191.134.61  Source Port :51644  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :53086  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.179.55.232  Source Port :50880  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :1489  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :176.41.47.82  Source Port :56764  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :45279  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :195.142.194.68  Source Port :51887  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :7573  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.165.239.64  Source Port :50482  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :20500  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.162.217.90  Source Port :55855  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :27627  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.12.79.90  Source Port :53944  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :60664  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.191.174.247  Source Port :54309  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :39995  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :195.174.176.205  Source Port :57328  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :6571  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.179.8.112  Source Port :50900  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :20512  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.179.200.118  Source Port :58847  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :28942  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.188.135.61  Source Port :57806  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :38771  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.177.102.60  Source Port :50970  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :55076  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :176.232.191.65  Source Port :50249  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :14756  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :81.212.59.161  Source Port :57496  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :58654  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.253.94.162  Source Port :55556  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :56691  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.244.154.119  Source Port :53451  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :35588  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.242.80.172  Source Port :56517  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :59315  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.182.222.35  Source Port :50883  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :31354  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :85.97.244.226  Source Port :54029  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :13787  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.173.101.238  Source Port :59953  Destination IP :213.238.166.2  Destination Port :27015  TTL :109  Paket Boyutu :51  Checksum :45166  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.167.213.65  Source Port :57227  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :19399  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.162.8.6  Source Port :51198  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :20337  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.244.215.53  Source Port :51233  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :23265  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.4.185.61  Source Port :59231  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :20378  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.250.137.216  Source Port :50518  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :43779  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.255.134.163  Source Port :59738  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :42266  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.233.170.94  Source Port :56283  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :28696  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.243.3.33  Source Port :53549  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :8698  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :85.110.45.179  Source Port :51131  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :1119  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.167.168.196  Source Port :50544  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :37471  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :212.175.250.241  Source Port :59729  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :38472  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.191.237.207  Source Port :53920  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :24296  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.244.79.143  Source Port :58745  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :50479  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.183.149.36  Source Port :58313  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :34710  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :85.105.176.44  Source Port :59243  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :33046  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :176.33.121.52  Source Port :53140  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :22097  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.181.237.175  Source Port :55390  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :15977  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :176.42.201.17  Source Port :59976  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :61351  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.250.28.209  Source Port :59484  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :61715  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.242.221.70  Source Port :56461  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :15477  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :85.109.211.66  Source Port :53993  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :29310  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :85.29.63.164  Source Port :55504  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :134  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.4.32.182  Source Port :57087  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :62578  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.6.191.117  Source Port :52748  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :33167  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.225.94.13  Source Port :53663  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :58761  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.13.118.244  Source Port :59512  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :44957  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :85.99.9.34  Source Port :59979  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :9543  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.168.56.171  Source Port :57352  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :1724  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :85.109.12.142  Source Port :56778  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :4967  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.13.120.162  Source Port :54414  Destination IP :213.238.166.2  Destination Port :27015  TTL :109  Paket Boyutu :51  Checksum :41725  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.252.147.202  Source Port :53400  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :37340  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :95.0.69.161  Source Port :58051  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :51158  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :81.214.110.164  Source Port :52470  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :57510  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :92.44.150.204  Source Port :53195  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :43859  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :176.235.12.112  Source Port :56846  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :53933  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.175.34.58  Source Port :57359  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :564  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :85.108.64.57  Source Port :51819  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :3591  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.13.100.85  Source Port :51838  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :49498  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.224.167.26  Source Port :56061  Destination IP :213.238.166.2  Destination Port :27015  TTL :109  Paket Boyutu :51  Checksum :30772  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.13.63.253  Source Port :50254  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :61395  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.15.42.124  Source Port :56585  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :60567  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.161.9.76  Source Port :57466  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :13744  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.240.246.115  Source Port :53475  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :19920  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :85.96.76.101  Source Port :58238  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :51703  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.191.118.112  Source Port :59906  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :41978  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.9.70.3  Source Port :57656  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :52455  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.234.27.247  Source Port :55341  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :1566  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.184.90.42  Source Port :52987  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :56142  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :81.215.160.132  Source Port :58067  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :32253  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.254.50.217  Source Port :56819  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :59745  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :85.102.89.1  Source Port :57477  Destination IP :213.238.166.2  Destination Port :27015  TTL :110  Paket Boyutu :51  Checksum :57130  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :88.229.254.15  Source Port :54764  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :9803  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :92.44.253.102  Source Port :57267  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :13521  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :195.175.10.236  Source Port :55904  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :43568  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.183.135.181  Source Port :51089  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :53273  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :78.178.141.53  Source Port :55477  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :47482  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.15.216.33  Source Port :57907  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :14792  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.228.25.171  Source Port :51796  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :4696  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.245.149.179  Source Port :51745  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :38513  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :212.174.26.132  Source Port :51057  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :39063  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.181.223.186  Source Port :53182  Destination IP :213.238.166.2  Destination Port :27015  TTL :112  Paket Boyutu :51  Checksum :20749  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :176.232.35.150  Source Port :53246  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :43710  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.237.246.240  Source Port :52654  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :13728  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.3.103.242  Source Port :56871  Destination IP :213.238.166.2  Destination Port :27015  TTL :103  Paket Boyutu :51  Checksum :44559  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :88.247.183.198  Source Port :54781  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :27761  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.13.238.48  Source Port :59735  Destination IP :213.238.166.2  Destination Port :27015  TTL :102  Paket Boyutu :51  Checksum :7319  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :95.4.153.164  Source Port :54517  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :41081  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.0.89.27  Source Port :57708  Destination IP :213.238.166.2  Destination Port :27015  TTL :109  Paket Boyutu :51  Checksum :46515  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.174.135.107  Source Port :52330  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :45224  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :78.179.50.59  Source Port :55599  Destination IP :213.238.166.2  Destination Port :27015  TTL :107  Paket Boyutu :51  Checksum :5114  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.10.16.46  Source Port :58850  Destination IP :213.238.166.2  Destination Port :27015  TTL :106  Paket Boyutu :51  Checksum :65041  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :195.33.213.88  Source Port :53332  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :58988  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :78.187.55.86  Source Port :53874  Destination IP :213.238.166.2  Destination Port :27015  TTL :104  Paket Boyutu :51  Checksum :64168  Data :FFFFFFFF71636F6E6E6563743078304138383935423800 

Open in new window

cs.go.pcap
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image

If the length is 23 then pass packet up to a userland compare which rejects this packet data but no other
Avatar of FireBall
FireBall

ASKER

But this packet is used for a connection to the game
Typical of DDoS for UDP packet floods and targeting  your Stream server. Your servers is likely having the potential to be used in UDP amplification attacks if it is being exploited and become part of the botnet behind this attack. The vulnerable attack is to exploit on the Server info exchange. Some suggested defence
The main idea was to hide the IP address, since this is the bottleneck of this kind of attacks. But you can't do it for a website, otherwise none will be able to reach it anymore. In this case, the solution has been to replace this IP address by one of a machine that is much stronger and harder to DDoS.


This is, to keep it simple, how most of the current DDoS protections work, instead of hidding the address, we subtitute it with another one and then route the traffic to the original machine. Even better, we can replace it by several others IP addresses by using the DNS (Domain Name System) to resolve a website domain name to different IP addresses according to the location of the user. This way, a single DDoS attack involving multiple machines will actually be spread over several servers instead of one, this is load balancing.
http://steamcommunity.com/sharedfiles/filedetails/?id=261844712

My quick suggestion is that you likely have to sinkhole it or increase your bandwidth, regardless it will still be flooding despite diversion, blocking etc. Bigger pipe is just a number game, you should consider DDoS Mitigation services like those from Cloudflare, Akamai, F5 Silverline or DOSArrest... see this article
Thank you but we are not limited with the Bandwith. Server has 10Gbps uplink and the attack is 300mbps, by the way. The problem is CS server listening this ports and this packets causing the crash the software because it is opening this port as a socket listener. I need to clean this traffic
Looks like more of app aware firewall and nips to do some inspection but agree it is better to check in the server end to throttle such traffic sincr the packet may not be making any sense to the service.
we have no chance to change or add to some code to cs:go main server codes. this is a big vulnerability and there is no hand shake like tcp on udp. So we need a trick if anybody experienced some kind of ddos like this
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I think we need to write a proxy to filter out requests and keep the servers
Indeed. Thanks for sharing.