DOS / Loggin Attack

[knoppix]

Hi guys,

I ave a gracia final server and i'm being attack, specifically to LoginServer, they are trying to flood it with incorrects logins attemps.

Here is an example of the log of the loginserver:

Code: Select all

account missing for user swsmochiaccount missing for user winninjashaneaccount missing for user winninjashaneaccount missing for user fatladanceraccount missing for user fataldanceraccount missing for user bailapramiaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user icarosaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user icarodaccount missing for user acarrasaccount missing for user acarrasaccount missing for user batukoaccount missing for user infiernoaccount missing for user pichi04account missing for user pichi04account missing for user pichi04account missing for user infiernoaccount missing for user pichi04account missing for user pichi04account missing for user pichi04account missing for user pichi04account missing for user dineroaccount missing for user nayhid1account missing for user nayhid2account missing for user pichi04account missing for user pichi04account missing for user pichi04account missing for user chipi02 

The problem is that i've set that is an account has 3 error password given, the IP is banned for 24Hs, but the issue here is that they are trying with account that doesn't exist in the DB so the loginserver don't ban those IP.-

Do you know how can i stop those attacks?

And .. the flood proteccion, with is the correct value, i have it this way:

Code: Select all

# Flood Protection. All values are in MILISECONDS.# Default: TrueEnableFloodProtection = True # Default: 15FastConnectionLimit = 15 # Default: 700NormalConnectionTime = 700 # Default: 350FastConnectionTime = 350 # Default: 50MaxConnectionPerIP = 5 

Do i have to set "FastConnectionLimit" to a higher number? (Milliseconds)

Thanks in advance!

[issle88]

If you are using linux set new rules in your firewall ( apf or iptables ) and limmit the connection attempts for each IP in the loginserver port. For example you can set to 1 connection per 10 secs for each IP.

[neo25]

Yup, I use Linux and iptables is the best IMO. Here's an example of a couple entries in my firewall that I have added to limit flooding done to my server. Of course you will want to change the port number, the time limit, and amount of hits needed to enable the rule.

Code: Select all

#Limit IP Connections/sbin/iptables -I INPUT -p tcp --dport 21 -i eth1 -m state --state NEW -m recent --set/sbin/iptables -I INPUT -p tcp --dport 21 -i eth1 -m state --state NEW -m recent --update --seconds 600 --hitcount 12 -j DROP /sbin/iptables -I INPUT -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --set/sbin/iptables -I INPUT -p tcp --dport 25 -i eth1 -m state --state NEW -m recent --update --seconds 600 --hitcount 12 -j DROP /sbin/iptables -I INPUT -p tcp --dport 110 -i eth1 -m state --state NEW -m recent --set/sbin/iptables -I INPUT -p tcp --dport 110 -i eth1 -m state --state NEW -m recent --update --seconds 600 --hitcount 12 -j DROP /sbin/iptables -I INPUT -p tcp --dport 993 -i eth1 -m state --state NEW -m recent --set/sbin/iptables -I INPUT -p tcp --dport 993 -i eth1 -m state --state NEW -m recent --update --seconds 600 --hitcount 12 -j DROP

[MELERIX]

Fixed in L2J GE

[momo61]

Fixed in L2J GE

omg I cant wait ^_^